PDA

View Full Version : Virus incident alert



unraveller
2017-07-10, 01:10
Dear all,

I have a 4600 fw and every now and then we receive virus incident alert.

however, we realised that our anti virus, symantec end point does not detect it.

as such, i am unable to determine if the alert is false positive.

can anyone advise what is the best way to proceed when getting alerts as such?

varera
2017-07-10, 04:57
First, you need ti extract file / URL that caused it. If the file is in your possession, try scanning it with virus total. If no matches found there, open a support request with Check Point

unraveller
2017-07-10, 05:23
Thanks for the reply. However in my email alert, i do not see any file name or url...

is it normal? if not, what can be done to configure the file name to show?

varera
2017-07-10, 05:24
start from checking the logs