Create a Post
Showing results for 
Search instead for 
Did you mean: 

confused about anti-bot's log ?

Hi Sir:

          when i used smartview to view anti-bot's log, there are two actions: prevent and detect.which one i should fix if there are security risk?acorrding the logs, in users browser record cant find any url match the how can i fix the situation to cause security issue?below is part of smartview anti-bot's log:


TimeBladeActionTypeSeverityConfidence LevelSuppressed LogsSourceSource User NameMachine NameDestinationProtection TypeSent BytesReceived BytesMalware FamilyMalware ActionProtection NameResource
2023/1/31 23:34Anti-BotPreventLogLowHigh2ip_192.168.2.229 ( ( Trap00 Communication with C&C


checkpoint version: R80.40

any help will be appreciate, thanks.

0 Kudos
1 Reply
Employee Employee

Potentially both depending on severity since Anti-bot is a post infection mitigation i.e. we are preventing communication with C2 implying something is already occuring on the machine.

Also note:

1. The user didn't necessarily browse to this address themselves so expecting it in the browser history is not fool proof.

2. In R81 and higher we altered/improved the logging for Anti-bot DNS malware trap events to ensure clarity around events previously shown as "detect".

3. Have you reviewed other forensics from the machine or your endpoint solution?

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events