An Anti-Virus signature was recently published that caused a number of legitimate sites to be blocked, impacting gateways worldwide.
Specifically, you will see the following symptoms:
- Anti-Virus blocks legitimate traffic with DNS trap or DNS reputation logs.
- Many logs of Anti-Virus are getting created on DNS trap and DNS reputation with the protections "REP.ikjuju" and "REP.ikktgp".
Check Point has removed the relevant signature from the database. Perform the steps in the following SK to ensure the AV database is updated: Anti-Virus blocks legitimate traffic with DNS trap or DNS reputation logs