Edit C:\Users\All Users\CheckPoint\Logs\NGAV.log
[01-11-19 11:19:46.334] [fbc:5] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( ProtectionTypeByConfidence: <protectionTypesByConfidence> <low> <protectionTypes> <protectionType name="General"> <confidence lowerBound = "0" upperBound = "2"/> </protectionType> <protectionType name="Goal"> <confidence lowerBound = "0" upperBound = "2"/> </protectionType> <protectionType name="Paranoia"> <confidence lowerBound = "0" upperBound = "2"/> </protectionType> <protectionType name="Classifier"> <confidence lowerBound = "0" upperBound = "2"/> </protectionType> <protectionType name="shared"> <confidence lowerBound = "0" upperBound = "2"/> </protectionType> </protectionTypes> </low> <medium> <protectionTypes> <protectionType name="General"> <confidence lowerBound = "3" upperBound = "3"/> </protectionType> <protectionType name="Goal"> <confidence lowerBound = "3" upperBound = "3"/> </protectionType> <protectionType name="Paranoia"> <confidence lowerBound = "3" upperBound = "3"/> </protectionType> </protectionTypes> </medium> <high> <protectionTypes> <protectionType name="General"> <confidence lowerBound = "4" upperBound = "5"/> </protectionType> <protectionType name="Goal"> <confidence lowerBound = "4" upperBound = "5"/> </protectionType> <protectionType name="Paranoia"> <confidence lowerBound = "4" upperBound = "5"/> </protectionType> <protectionType name="Classifier"> <confidence lowerBound = "3" upperBound = "5"/> </protectionType> <protectionType name="shared"> <confidence lowerBound = "3" upperBound = "5"/> </protectionType> </protectionTypes> </high> </protectionTypesByConfidence> ) [01-11-19 11:19:48.459] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( policyFromServer: <EFRPolicy xmlns="http://schema.checkpoint.com/policy/v1/"> <UepmPolicyInfo policyName="ATP_Forensics_Default_Policy" policyDescription="" enforcementType="120" securityLevel="-1" policyVersion="0" installedOn="1479630910236"/> <DiskSpace> <DiskSpaceUsage>1.0</DiskSpaceUsage> <DiskSpaceUsageUnits>GB</DiskSpaceUsageUnits> <WarnUser>false</WarnUser> <WarnUserFreeSpace>5</WarnUserFreeSpace> <WarnUserUnits>GB</WarnUserUnits> <DeactivateEfr>false</DeactivateEfr> <DeactivateEfrFreeSpace>1</DeactivateEfrFreeSpace> <DeactivateEfrUnits>GB</DeactivateEfrUnits> </DiskSpace> <enable_efr>true</enable_efr> <PreventEventsDetection> <gwAntiMalware>false</gwAntiMalware> <gwThreatEmulation>false</gwThreatEmulation> <gwUrlf>false</gwUrlf> <gwDlp>false</gwDlp> </PreventEventsDetection> <ProcessExclusion> <ProcessList> <Process md5="" fileName="procexp.exe" originalFileName=""/> <Process md5="" fileName="procexp64.exe" originalFileName=""/> <Process md5="" fileName="taskmgr.exe" originalFileName=""/> <Process signer="Symantec Corporation" fileName="" originalFileName="" md5=""/> <Process signer="Trend Micro" fileName="" originalFileName="" md5=""/> <Process signer="Trend Micro, Inc." fileName="" originalFileName="" md5=""/> <Process signer="McAfee" fileName="" originalFileName="" md5=""/> <Process signer="Microsoft Corporation" fileName="devenv.exe" originalFileName="" md5=""/> <Process signer="McAfee ePO Development (SPC)" fileName="" originalFileName="" md5=""/> </ProcessList> </ProcessExclusion> <log> <logAll>true</logAll> </log> <EnableEventsDetectionByConfidence> <epFileReputation>Low</epFileReputation> <epStaticAnalysis>Low</epStaticAnalysis> <epAntiBot>Low</epAntiBot> <epAntiMalware>Low</epAntiMalware> <epThreatEmulation>Low</epThreatEmulation> <epCommandLine>Low</epCommandLine> <epOrgShare>Low</epOrgShare> <gwAntiMalware>Never</gwAntiMalware> <gwAntiBot>Low</gwAntiBot> <gwThreatEmulation>Never</gwThreatEmulation> <gwUrlf>Never</gwUrlf> </EnableEventsDetectionByConfidence> <QuarantineMachineByConfidence> <epFileReputation>Never</epFileReputation> <epStaticAnalysis>Never</epStaticAnalysis> <epAntiBot>Never</epAntiBot> <epAntiMalware>Never</epAntiMalware> <epThreatEmulation>Never</epThreatEmulation> <epOrgShare>Never</epOrgShare> <gwAntiMalware>Never</gwAntiMalware> <gwAntiBot>Never</gwAntiBot> <gwThreatEmulation>Never</gwThreatEmulation> <gwUrlf>Never</gwUrlf> </QuarantineMachineByConfidence> <AttackRemediationByConfidence> <epFileReputation>Never</epFileReputation> <epStaticAnalysis>Never</epStaticAnalysis> <epAntiBot>Never</epAntiBot> <epAntiMalware>Never</epAntiMalware> <epThreatEmulation>Never</epThreatEmulation> <epOrgShare>Never</epOrgShare> <gwAntiMalware>Never</gwAntiMalware> <gwAntiBot>Never</gwAntiBot> <gwThreatEmulation>Never</gwThreatEmulation> <gwUrlf>Never</gwUrlf> </AttackRemediationByConfidence> <EnabledSal> <User>true</User> <File>true</File> <Injection>true</Injection> <Network>true</Network> <Process>true</Process> <Registry>true</Registry> </EnabledSal> <Remediation> <Malicious> <Action>Never</Action> </Malicious> <Suspicious> <Action>Never</Action> </Suspicious> <Unknown> <Action>Never</Action> </Unknown> <Trusted> <Action>Never</Action> </Trusted> </Remediation> <FileOps> <SystemFileOps> <ModificationOnly>true</ModificationOnly> </SystemFileOps> <RegularFileOps> <ModificationOnly>false</ModificationOnly> </RegularFileOps> </FileOps> <RegistryOps> <ModificationOnly>true</ModificationOnly> </RegistryOps> <ThreatEmulation> <EnforcementActions> <Low>Ignore</Low> <Medium>Ignore</Medium> <High>Ignore</High> </EnforcementActions> </ThreatEmulation> <AntiBot> <EnforcementActions> <Low>Ignore</Low> <Medium>Ignore</Medium> <High>Ignore</High> </EnforcementActions> </AntiBot> <RemediationPolicy> <ExclusionPolicy> <CheckReputationByDefault>true</CheckReputationByDefault> <OverridePredefineExclusionList>false</OverridePredefineExclusionList> </ExclusionPolicy> <ExclusionList/> <QuarantinePolicy> <FolderToRestoreImportedFiles>%ProgramData%\CheckPoint\Endpoint Security\Remediation\InfectionsFarm\</FolderToRestoreImportedFiles> <MaxQuarantineSizeMB>2048</MaxQuarantineSizeMB> <QuarantineCopyDestination/> <QuarantineExpirationDays>90</QuarantineExpirationDays> <QuarantineFolder>%ProgramData%\CheckPoint\Endpoint Security\Remediation\Quarantine\</QuarantineFolder> <AllowUsersToRestore>true</AllowUsersToRestore> <AllowUsersToDelete>true</AllowUsersToDelete> </QuarantinePolicy> </RemediationPolicy> <AntiRansomeWare> <AntiRansomewareEnabled>false</AntiRansomewareEnabled> <BackupAndRestore> <BackupDiskSpaceUsageGB>1024</BackupDiskSpaceUsageGB> <BackupTimeIntervalMinutes>60</BackupTimeIntervalMinutes> <ConsistencyBetweenFileToDBMinutes>2880</ConsistencyBetweenFileToDBMinutes> <PurgeOldFilesInDBMinutes>60</PurgeOldFilesInDBMinutes> <BackupFileTypeExtensions> <ExtensionsTypeList> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">doc</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">png</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">jpg</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">bmp</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">docx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">gif</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">rtf</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">txt</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dot</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">docm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dotx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dotm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">docb</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xls</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlt</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlsx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlsb</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlsm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xltx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xltm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ppt</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pot</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pps</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pptx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pptm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">potx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ppsx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">sldx</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ps</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">eps</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">prn</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">emf</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">rle</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dib</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wpd</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">csv</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">tif</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">jpeg</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">jfif</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">tiff</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dibl</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ppm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pgm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pbm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pnm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">webp</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">hdr</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">heif</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">bpg</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pdf</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">html</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">htm</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">avi</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mp4</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mp3</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">flv</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mov</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">m4v</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mpeg</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mpg</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">swf</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wmv</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">asf</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">3gp</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ram</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wav</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">aif</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">aiff</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mpa</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">m4a</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wma</Extension> <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">oef</Extension> </ExtensionsTypeList> </BackupFileTypeExtensions> <AutomaticRestorationAndRemediation>true</AutomaticRestorationAndRemediation> <RestorationLocation/> <BackupFolderExclusion> <FolderList/> </BackupFolderExclusion> <BackupProcessExclusion> <BackupProcessList> <Process md5="" fileName="C:\Windows\explorer.exe" originalFileName="" signer=""/> <Process signer="Symantec Corporation"/> <Process signer="Trend Micro"/> <Process signer="McAfee"/> <Process signer="McAfee ePO Development (SPC)"/> <Process signer="Check Point Software Technologies Ltd."/> </BackupProcessList> </BackupProcessExclusion> </BackupAndRestore> <FileActivityDetection> <DefaultAction>off</DefaultAction> <DefaultNumberOfDetections>4</DefaultNumberOfDetections> <DefaultMinimumTimeSpanInMinutes>60</DefaultMinimumTimeSpanInMinutes> <DetectionParametersList> </DetectionParametersList> </FileActivityDetection> <ProcessDetection> <!-- Not in GUI ???? --> <DetectionList PreventAskAlternative="Note" PreventAskTimeoutSeconds="120"> <Detection Type="ShadowCopyDeletion" Action="off"> <ParametersList1/> <ParametersList2/> </Detection> <Detection Type="UnsignedAbnormalLaunch" Action="off"> <ParametersList1> <Parameters>WINWORD.EXE</Parameters> <Parameters>EXCEL.EXE</Parameters> <Parameters>ONENOTE.EXE</Parameters> <Parameters>POWERPNT.EXE</Parameters> <Parameters>MSPUB.EXE</Parameters> </ParametersList1> <ParametersList2/> </Detection> <Detection Type="SignedAbnormalLaunch" Action="off"> <ParametersList1> <Parameters>WINWORD.EXE</Parameters> <Parameters>EXCEL.EXE</Parameters> <Parameters>ONENOTE.EXE</Parameters> <Parameters>POWERPNT.EXE</Parameters> <Parameters>MSPUB.EXE</Parameters> <Parameters>AcroRd32.exe</Parameters> <Parameters>MSACCESS.EXE</Parameters> <Parameters>VISIO.EXE</Parameters> </ParametersList1> <ParametersList2> <Parameters>WSCRIPT.EXE</Parameters> <Parameters>CMD.EXE</Parameters> <Parameters>CSCRIPT.EXE</Parameters> <Parameters>POWERSHELL.EXE</Parameters> <Parameters>MSHTA.EXE</Parameters> </ParametersList2> </Detection> <Detection Type="AbnormalSvchostLaunch" Action="off"> <ParametersList1/> <ParametersList2/> </Detection> <Detection Type="ModifiedFilesPerMinute" Action="off"> <ParametersList1> <Parameters>50</Parameters> </ParametersList1> <ParametersList2/> </Detection> <Detection Type="TotalModifiedFiles" Action="off"> <ParametersList1> <Parameters>100</Parameters> </ParametersList1> <ParametersList2/> </Detection> <Detection Type="ModifiedDifferentFileTypes" Action="off"> <ParametersList1> <Parameters>10</Parameters> </ParametersList1> <ParametersList2/> </Detection> <Detection Type="ModifiedSpecificFileType" Action="off"> <ParametersList1> <Parameters>8</Parameters> </ParametersList1> <ParametersList2> <Parameters>FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt]</Parameters> </ParametersList2> </Detection> <Detection Type="Ranking" Action="off"> <ParametersList1> <Parameters>30</Parameters> </ParametersList1> <ParametersList2/> </Detection> <Detection Type="DummyPotFilesModified" Action="off"> <ParametersList1> <Parameters>3</Parameters> </ParametersList1> <!-- The path can be any direct path or value from the ShellFoldersGroup enum --> <ParametersList2> <Parameters>Music\00CpSystemFolderDonotRemove\mp4</Parameters> <Parameters>Music\00CpSystemFolderDonotRemove\mp4</Parameters> <Parameters>Music\00CpSystemFolderDonotRemove\avi</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\docx</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\doc</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\xlsx</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\xls</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\pptx</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\pdf</Parameters> <Parameters>Documents\00CpSystemFolderDonotRemove\txt</Parameters> <Parameters>Videos\00CpSystemFolderDonotRemove\wmv</Parameters> <Parameters>Videos\00CpSystemFolderDonotRemove\wmv</Parameters> <Parameters>Videos\00CpSystemFolderDonotRemove\mp4</Parameters> <Parameters>Videos\00CpSystemFolderDonotRemove\avi</Parameters> <Parameters>Pictures\00CpSystemFolderDonotRemove\jpg</Parameters> <Parameters>Pictures\00CpSystemFolderDonotRemove\png</Parameters> <Parameters>Pictures\00CpSystemFolderDonotRemove\gif</Parameters> </ParametersList2> </Detection> <Detection Type="MBRDetection" Action="off"> <ParametersList1 /> <ParametersList2 /> </Detection> </DetectionList> <SilentDetectionList> <Detection Type="TotalModifiedFiles" Action="off"> <ParametersList1> <Parameters>100</Parameters> </ParametersList1> <ParametersList2> <!-- Ranking range (from-to:points)--> <Parameters>RankingRange[0-9:1,10-14:7,15-19:8,20-24:9,25-2147483647:10]</Parameters> </ParametersList2> </Detection> <Detection Type="Ranking" Action="off" ValidateDetection="true"> <ParametersList1> <Parameters>30</Parameters> </ParametersList1> <ParametersList2> <Parameters>0.5</Parameters> <!--The ratio (Files read) / (Files modifies) by the same exectution tree.--> </ParametersList2> </Detection> <Detection Type="ModifiedSpecificFileType" Action="off" ValidateDetection="true"> <ParametersList1> <Parameters>8</Parameters> </ParametersList1> <ParametersList2> <Parameters>FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt]</Parameters> <!-- Ranking range (from-to:points)--> <Parameters>RankingRange[1-1:3,2-2:4,3-3:5,4-4:11,5-5:12,6-6:13,7-2147483647:14]</Parameters> </ParametersList2> </Detection> <Detection Type="ModifiedSpecificFolders" Action="off"> <ParametersList1> <Parameters></Parameters> </ParametersList1> <ParametersList2> <!-- Ranking Groups (Group:points)--> <Parameters>RankingGroups[Desktop:13,Documents:13,Downloads:8,Pictures:8,Videos:8,Others:1]</Parameters> </ParametersList2> </Detection> </SilentDetectionList> </ProcessDetection> </AntiRansomeWare> </EFRPolicy> ) [01-11-19 11:19:48.491] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( policyViaExclusions: <ngavPolicy> <experimentalSignatures>false</experimentalSignatures> <machineLearningValidation>false</machineLearningValidation> <enforcementActions> <low>Silent</low> <medium>Silent</medium> <high>Silent</high> </enforcementActions> </ngavPolicy> ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: c:\windows\explorer.exe FileName: MD5: Signer: ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: symantec corporation ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: trend micro ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: mcafee ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: mcafee epo development (spc) ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: c:\windows\explorer.exe FileName: MD5: Signer: ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: symantec corporation ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: trend micro ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: mcafee ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: FileName: MD5: Signer: mcafee epo development (spc) ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.EDR.FeedHandler) message: ( Data streaming Stop called ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.EDR.FeedHandler) message: ( Stop was already done, will not call stop again ) [01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Seting enforcement for ExperimentalSignatures: False MachineLearningValidation: False High: Silent Medium:Silent Low: Silent ) [01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Connectors.AntiRansomware.AntiRansomwareConnector) message: ( Anti-Ransomware policy applied ) [01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( NGAVPolicy initialized ) [01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Core.Engine) message: ( ##### Engine started #### ) [01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Core.Engine) message: ( Telemetry initialized ) [01-11-19 11:19:48.772] [fbc:1] [Info] source: (NGAV.Connectors.AntiRansomware.AntiRansomwareConnector) message: ( Anti-Ransomware started ) [01-11-19 11:19:48.788] [fbc:1] [Error] source: (NGAV.Connectors.UserInterface.UserInterfaceBridge) message: ( System.TypeInitializationException: Se produjo una excepción en el inicializador de tipo de 'EPNetUtils.EndpointUI.ZdxUiNegotiator'. ---> System.IO.FileNotFoundException: The path to ZDxNet.dll cannot be located: no registry key en EPNetUtils.EndpointUI.ZdxUiNegotiator..cctor() --- Fin del seguimiento de la pila de la excepción interna --- en EPNetUtils.EndpointUI.ZdxUiNegotiator..ctor() en NGAV.Connectors.UserInterface.UserInterfaceEP..ctor() en NGAV.Connectors.UserInterface.UserInterfaceBridge.Configure() ) [01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Core.Enforcement.Remediation) message: ( Remediation initialized ) [01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Helpers.HelperDirectory) message: ( Will not delete directory, Path: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\indicators not exist ) [01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Helpers.HelperDirectory) message: ( Will not delete directory, Path: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\sentree\protections not exist ) [01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Helpers.HelperDirectory) message: ( Will not delete directory, Path: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\shared\protections not exist ) [01-11-19 11:19:51.715] [fbc:1] [Info] source: (NGAV.Core.Signatures.ParserUnsharedFormat.ParserManager) message: ( Signatures zip file extracted: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\Signatures.zip ) [01-11-19 11:19:51.762] [fbc:1] [Info] source: (NGAV.Core.Signatures.ParserUnsharedFormat.ParserManager) message: ( mldata zip file extracted: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\indicators\mldata.zip ) [01-11-19 11:19:53.872] [fbc:1] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu started ) [01-11-19 11:19:54.872] [fbc:1] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu started ) [01-11-19 11:19:54.887] [fbc:1] [Info] source: (NGAV.Core.SuspiciousEvent.SuspiciousEvents) message: ( Suspicious events initialized ) [01-11-19 11:19:54.934] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( Loaded model Camouflage ) [01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( Loaded model HashCopy ) [01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( ML matrix Initialized successfuly ) [01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( Starting ML ) [01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.Reputation.ReputationConnector) message: ( Reputation initialized ) [01-11-19 11:19:55.965] [fbc:1] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Core.Reporting.Information.DetectedTrees]) message: ( queueu started ) [01-11-19 11:19:55.965] [fbc:1] [Info] source: (NGAV.Core.Signatures.Validation.ValidationFP) message: ( Validation FP initialized ) [01-11-19 11:19:56.200] [fbc:1b] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Ignoring Indicators for process Path: C:\Windows\Explorer.EXE MD5: 38ae1b3c38faef56fe4907922f0385ba Signer: Microsoft Windows, due to exclusion ) [01-11-19 11:19:56.965] [fbc:16] [Warn] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Enforcement type for DetectionConfidence: Low is: Silent ) [01-11-19 11:19:56.965] [fbc:16] [Warn] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Enforcement type for DetectionConfidence: Medium is: Silent ) [01-11-19 11:19:56.965] [fbc:16] [Warn] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Enforcement type for DetectionConfidence: High is: Silent ) [01-11-19 11:20:56.231] [fbc:17] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu disposed ) [01-11-19 11:21:01.231] [fbc:22] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu stopped ) [01-11-19 11:21:01.231] [fbc:1b] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu disposed ) [01-11-19 11:21:06.231] [fbc:22] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu stopped ) [01-11-19 11:21:06.231] [fbc:22] [Info] source: (NGAV.ML.MLMatrix) message: ( ML stopped ) [01-11-19 11:21:06.231] [fbc:22] [Info] source: (NGAV.Reputation.ReputationConnector) message: ( Reputation deinitialized ) [01-11-19 11:21:06.231] [fbc:19] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Core.Reporting.Information.DetectedTrees]) message: ( queueu disposed ) [01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Core.Reporting.Information.DetectedTrees]) message: ( queueu stopped ) [01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Core.Signatures.Validation.ValidationFP) message: ( Validation FP deinitialized ) [01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Connectors.AntiRansomware.AntiRansomwareConnector) message: ( Anti-Ransomware stopped ) [01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Core.Enforcement.Remediation) message: ( Remediation deinitialized ) [01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Core.Engine) message: ( ##### Engine stopped ##### )
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de