Dameon Welch Abernathy

Legitimate URLs Blocked with Recent AV Update

Discussion created by Dameon Welch Abernathy Employee on Jun 4, 2017
Latest reply on Jul 5, 2017 by Thomas Allen

An Anti-Virus signature was recently published that caused a number of legitimate sites to be blocked, impacting gateways worldwide.

Specifically, you will see the following symptoms:

 

  • Anti-Virus blocks legitimate traffic with DNS trap or DNS reputation logs.
  • Many logs of Anti-Virus are getting created on DNS trap and DNS reputation with the protections "REP.ikjuju" and "REP.ikktgp".

 

Check Point has removed the relevant signature from the database. Perform the steps in the following SK to ensure the AV database is updated: Anti-Virus blocks legitimate traffic with DNS trap or DNS reputation logs 

Outcomes