Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Yarat
Participant

Checkpoint Detects "clientservices.googleapis.com" as virus

I obversed traffic generated from Chrome to "clientservices.googleapis.com" via port 80 and Checkpoint detects it nas virus. Is it a false positive?

0 Kudos
9 Replies
_Val_
Admin
Admin

From the log, it seems someone is trying to send you a zip file through this link. Can you provide some more details about the actual case? What product version is in use, what is the user experience?

0 Kudos
_Val_
Admin
Admin

Also, quoting from here: https://www.pcrisk.com/removal-guides/14315-googleapis-com-virus

googleapis.com is a legitimate service (API) provided by Google, however, many cyber criminals (scammers) use it to promote various 'tech' (technical) support scams.

0 Kudos
Yarat
Participant

We detects this traffic from thousands of end points in our organization. This traffic is initiated by Google Chrome installed on all those end points. However, there is one end point we don't allow access to internet and we still detect this traffic. We are facing alert fatigue right now. Our smart console version R81.10.

0 Kudos
PhoneBoy
Admin
Admin

If you don't allow this particular client to access the Internet, why is the Access Policy not blocking the connection?

0 Kudos
Yarat
Participant

I think ACL review is needed.

0 Kudos
the_rock
Legend
Legend

Maybe worth confirming with TAC, but to me personally, that does not look like false positive.

Yarat
Participant

Now I also got Virus Detect events when endpoint initiate connection to Microsoft.

 
 

 

0 Kudos
Wolfgang
Authority
Authority

@Yarat I think ther's a problem with the AntiVirus engine or maybee

Password protected archive, Maximum number of extracted files reached, Maximum nesting level reached, Maximum unpacked size reached, Maximum decompression ratio reached, Gzip max decompressed file size or something similar.

"failed to process the file" means the engine was not able to scan these files. 

And additional as @PhoneBoy mentioned, you don't allow acces to internet for these clients but these logs states you allow. Check your rulebase.

Yarat
Participant

I think I will need to review ACL with my network administrator team. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events