Support Center > Search Results > SecureKnowledge Details
SmartEvent shows "Severity = <4GB" in Anti-Virus / Anti-Bot event
Symptoms
  • SmartEvent shows "Severity = <4GB" in Anti-Virus / Anti-Bot event.

    Example:

    Event Name = Virus Incident
    Service = domain [udp/53]
    Category = Threat Prevention
    Product Name = Check Point Anti-Virus
    Malware Activity = Communication with C&C site
    Event Definition Name = Virus Incident
    Confidence Level = High
    Protection Name = Virut.a
    Action = Detect
    Protection ID = 0030C3515
    Severity = High
    
    RAW Log:
    Type = Log
    Action = Detect
    Service = domain-udp (53)
    Product = Anti-Virus
    Protection ID = 0030C3515
    Protection Name = Virut.a
    Severity = <4GB
    Confidence Level = High
    Product Family = Network
    Protection Type = DNS Trap
    Malware Activity = Communication with C&C site
    
  • Problematic log exported from SmartView Tracker ("File" menu – click on "Save As..." - enter a name - "Select Records" - enter the relevant record number) shows value "-1" in the "severity" field.

    Example:

    ==> LUUID: {...} Origin: ... Time: ... Flags: ... Interface: "..." Direction: ... Action: ... ['product': "New Anti Virus"] ['src': ...] ['s_port': ...] ['dst': ...] ['service': 53] ['proto': 17] ['Chassis Bladed System': "..."] ['session_id': {...}] ['Protection name': "Virut.a"] ['malware_family': ""] ['description': "Connections to IP associated by DNS trap with malicious domain. See sk74060 for more information."] ['information': ""] ['Source OS': ""] ['dst_country': "..."] ['Confidence Level': 5] ['severity': -1] ['malware_action': "Communication with C&C site"] ['rule_uid': ...] ['rule_name': ...] ['Protection Type': "DNS Trap"] ['malware_rule_id': "{...}"] ['malware_rule_name': "..."] ['Destination DNS Hostname': ""] ['protection_id': "0030C3515"] ['scope': ...] ['refid': ...] ['action_details': ""] ['log_id': ...] ['__policy_id_tag': "product=VPN-1 & FireWall-1[db_tag={...};mgmt=fwmgmt1;date=...;policy_name=...]"]
Solution
Note: To view this solution you need to Sign In .