[01-11-19 11:19:46.334] [fbc:5] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( ProtectionTypeByConfidence: <protectionTypesByConfidence>

  <low>
    <protectionTypes>
      <protectionType name="General">
        <confidence lowerBound = "0" upperBound = "2"/>
      </protectionType>
      <protectionType name="Goal">
        <confidence lowerBound = "0" upperBound = "2"/>
      </protectionType>
	  <protectionType name="Paranoia">
        <confidence lowerBound = "0" upperBound = "2"/>
      </protectionType>
      <protectionType name="Classifier">
        <confidence lowerBound = "0" upperBound = "2"/>
      </protectionType>
	 <protectionType name="shared">
        <confidence lowerBound = "0" upperBound = "2"/>
      </protectionType>  
    </protectionTypes>
  </low>

  <medium>
    <protectionTypes>
      <protectionType name="General">
        <confidence lowerBound = "3" upperBound = "3"/>
      </protectionType>
      <protectionType name="Goal">
        <confidence lowerBound = "3" upperBound = "3"/>
      </protectionType>
	  <protectionType name="Paranoia">
        <confidence lowerBound = "3" upperBound = "3"/>
      </protectionType>
    </protectionTypes>
  </medium>

  <high>
    <protectionTypes>
      <protectionType name="General">
        <confidence lowerBound = "4" upperBound = "5"/>
      </protectionType>
      <protectionType name="Goal">
        <confidence lowerBound = "4" upperBound = "5"/>
      </protectionType>
	  <protectionType name="Paranoia">
        <confidence lowerBound = "4" upperBound = "5"/>
      </protectionType>
      <protectionType name="Classifier">
        <confidence lowerBound = "3" upperBound = "5"/>
      </protectionType>
	  <protectionType name="shared">
        <confidence lowerBound = "3" upperBound = "5"/>
      </protectionType>
    </protectionTypes>
  </high>

</protectionTypesByConfidence> )
[01-11-19 11:19:48.459] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( policyFromServer: <EFRPolicy xmlns="http://schema.checkpoint.com/policy/v1/">
  <UepmPolicyInfo policyName="ATP_Forensics_Default_Policy" policyDescription="" enforcementType="120" securityLevel="-1" policyVersion="0" installedOn="1479630910236"/>
  <DiskSpace>
    <DiskSpaceUsage>1.0</DiskSpaceUsage>
    <DiskSpaceUsageUnits>GB</DiskSpaceUsageUnits>
    <WarnUser>false</WarnUser>
    <WarnUserFreeSpace>5</WarnUserFreeSpace>
    <WarnUserUnits>GB</WarnUserUnits>
    <DeactivateEfr>false</DeactivateEfr>
    <DeactivateEfrFreeSpace>1</DeactivateEfrFreeSpace>
    <DeactivateEfrUnits>GB</DeactivateEfrUnits>
  </DiskSpace>
  <enable_efr>true</enable_efr>
  <PreventEventsDetection>
    <gwAntiMalware>false</gwAntiMalware>
    <gwThreatEmulation>false</gwThreatEmulation>
    <gwUrlf>false</gwUrlf>
    <gwDlp>false</gwDlp>
  </PreventEventsDetection>
  <ProcessExclusion>
    <ProcessList>
      <Process md5="" fileName="procexp.exe" originalFileName=""/>
      <Process md5="" fileName="procexp64.exe" originalFileName=""/>
      <Process md5="" fileName="taskmgr.exe" originalFileName=""/>
      <Process signer="Symantec Corporation" fileName="" originalFileName="" md5=""/>
      <Process signer="Trend Micro" fileName="" originalFileName="" md5=""/>
      <Process signer="Trend Micro, Inc." fileName="" originalFileName="" md5=""/>
      <Process signer="McAfee" fileName="" originalFileName="" md5=""/>
      <Process signer="Microsoft Corporation" fileName="devenv.exe" originalFileName="" md5=""/>
      <Process signer="McAfee ePO Development (SPC)" fileName="" originalFileName="" md5=""/>
    </ProcessList>
  </ProcessExclusion>
  <log>
    <logAll>true</logAll>
  </log>
  <EnableEventsDetectionByConfidence>
    <epFileReputation>Low</epFileReputation>
    <epStaticAnalysis>Low</epStaticAnalysis>
    <epAntiBot>Low</epAntiBot>
    <epAntiMalware>Low</epAntiMalware>
    <epThreatEmulation>Low</epThreatEmulation>
    <epCommandLine>Low</epCommandLine>
    <epOrgShare>Low</epOrgShare>
    <gwAntiMalware>Never</gwAntiMalware>
    <gwAntiBot>Low</gwAntiBot>
    <gwThreatEmulation>Never</gwThreatEmulation>
    <gwUrlf>Never</gwUrlf>
  </EnableEventsDetectionByConfidence>
  <QuarantineMachineByConfidence>
    <epFileReputation>Never</epFileReputation>
    <epStaticAnalysis>Never</epStaticAnalysis>
    <epAntiBot>Never</epAntiBot>
    <epAntiMalware>Never</epAntiMalware>
    <epThreatEmulation>Never</epThreatEmulation>
    <epOrgShare>Never</epOrgShare>
    <gwAntiMalware>Never</gwAntiMalware>
    <gwAntiBot>Never</gwAntiBot>
    <gwThreatEmulation>Never</gwThreatEmulation>
    <gwUrlf>Never</gwUrlf>
  </QuarantineMachineByConfidence>
  <AttackRemediationByConfidence>
    <epFileReputation>Never</epFileReputation>
    <epStaticAnalysis>Never</epStaticAnalysis>
    <epAntiBot>Never</epAntiBot>
    <epAntiMalware>Never</epAntiMalware>
    <epThreatEmulation>Never</epThreatEmulation>
    <epOrgShare>Never</epOrgShare>
    <gwAntiMalware>Never</gwAntiMalware>
    <gwAntiBot>Never</gwAntiBot>
    <gwThreatEmulation>Never</gwThreatEmulation>
    <gwUrlf>Never</gwUrlf>
  </AttackRemediationByConfidence>
  <EnabledSal>
    <User>true</User>
    <File>true</File>
    <Injection>true</Injection>
    <Network>true</Network>
    <Process>true</Process>
    <Registry>true</Registry>
  </EnabledSal>
  <Remediation>
    <Malicious>
      <Action>Never</Action>
    </Malicious>
    <Suspicious>
      <Action>Never</Action>
    </Suspicious>
    <Unknown>
      <Action>Never</Action>
    </Unknown>
    <Trusted>
      <Action>Never</Action>
    </Trusted>
  </Remediation>
  <FileOps>
    <SystemFileOps>
      <ModificationOnly>true</ModificationOnly>
    </SystemFileOps>
    <RegularFileOps>
      <ModificationOnly>false</ModificationOnly>
    </RegularFileOps>
  </FileOps>
  <RegistryOps>
    <ModificationOnly>true</ModificationOnly>
  </RegistryOps>
  <ThreatEmulation>
    <EnforcementActions>
      <Low>Ignore</Low>
      <Medium>Ignore</Medium>
      <High>Ignore</High>
    </EnforcementActions>
  </ThreatEmulation>
  <AntiBot>
    <EnforcementActions>
      <Low>Ignore</Low>
      <Medium>Ignore</Medium>
      <High>Ignore</High>
    </EnforcementActions>
  </AntiBot>
  <RemediationPolicy>
    <ExclusionPolicy>
      <CheckReputationByDefault>true</CheckReputationByDefault>
      <OverridePredefineExclusionList>false</OverridePredefineExclusionList>
    </ExclusionPolicy>
    <ExclusionList/>
    <QuarantinePolicy>
      <FolderToRestoreImportedFiles>%ProgramData%\CheckPoint\Endpoint Security\Remediation\InfectionsFarm\</FolderToRestoreImportedFiles>
      <MaxQuarantineSizeMB>2048</MaxQuarantineSizeMB>
      <QuarantineCopyDestination/>
      <QuarantineExpirationDays>90</QuarantineExpirationDays>
      <QuarantineFolder>%ProgramData%\CheckPoint\Endpoint Security\Remediation\Quarantine\</QuarantineFolder>
      <AllowUsersToRestore>true</AllowUsersToRestore>
      <AllowUsersToDelete>true</AllowUsersToDelete>
    </QuarantinePolicy>
  </RemediationPolicy>
  <AntiRansomeWare>
    <AntiRansomewareEnabled>false</AntiRansomewareEnabled>
    <BackupAndRestore>
      <BackupDiskSpaceUsageGB>1024</BackupDiskSpaceUsageGB>
      <BackupTimeIntervalMinutes>60</BackupTimeIntervalMinutes>
      <ConsistencyBetweenFileToDBMinutes>2880</ConsistencyBetweenFileToDBMinutes>
      <PurgeOldFilesInDBMinutes>60</PurgeOldFilesInDBMinutes>
      <BackupFileTypeExtensions>
        <ExtensionsTypeList>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">doc</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">png</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">jpg</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">bmp</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">docx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">gif</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">rtf</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">txt</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dot</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">docm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dotx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dotm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">docb</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xls</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlt</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlsx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlsb</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xlsm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xltx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">xltm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ppt</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pot</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pps</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pptx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pptm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">potx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ppsx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">sldx</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ps</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">eps</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">prn</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">emf</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">rle</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dib</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wpd</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">csv</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">tif</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">jpeg</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">jfif</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">tiff</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">dibl</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ppm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pgm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pbm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pnm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">webp</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">hdr</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">heif</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">bpg</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">pdf</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">html</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">htm</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">avi</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mp4</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mp3</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">flv</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mov</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">m4v</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mpeg</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mpg</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">swf</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wmv</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">asf</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">3gp</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">ram</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wav</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">aif</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">aiff</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">mpa</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">m4a</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">wma</Extension>
          <Extension MaxSizeMB="25" IgnoreAssociatedApps="true">oef</Extension>

        </ExtensionsTypeList>
      </BackupFileTypeExtensions>
      <AutomaticRestorationAndRemediation>true</AutomaticRestorationAndRemediation>
      <RestorationLocation/>
      <BackupFolderExclusion>
        <FolderList/>
      </BackupFolderExclusion>
      <BackupProcessExclusion>
        <BackupProcessList>
          <Process md5="" fileName="C:\Windows\explorer.exe" originalFileName="" signer=""/>
          <Process signer="Symantec Corporation"/>
          <Process signer="Trend Micro"/>
          <Process signer="McAfee"/>
          <Process signer="McAfee ePO Development (SPC)"/>
          <Process signer="Check Point Software Technologies Ltd."/>
        </BackupProcessList>
      </BackupProcessExclusion>
    </BackupAndRestore>
    <FileActivityDetection>
      <DefaultAction>off</DefaultAction>
      <DefaultNumberOfDetections>4</DefaultNumberOfDetections>
      <DefaultMinimumTimeSpanInMinutes>60</DefaultMinimumTimeSpanInMinutes>
      <DetectionParametersList>
      </DetectionParametersList>
    </FileActivityDetection>
    <ProcessDetection>
      <!-- Not in GUI ???? -->
      <DetectionList PreventAskAlternative="Note" PreventAskTimeoutSeconds="120">
        <Detection Type="ShadowCopyDeletion" Action="off">
          <ParametersList1/>
          <ParametersList2/>
        </Detection>
        <Detection Type="UnsignedAbnormalLaunch" Action="off">
          <ParametersList1>
            <Parameters>WINWORD.EXE</Parameters>
            <Parameters>EXCEL.EXE</Parameters>
            <Parameters>ONENOTE.EXE</Parameters>
            <Parameters>POWERPNT.EXE</Parameters>
            <Parameters>MSPUB.EXE</Parameters>
          </ParametersList1>
          <ParametersList2/>
        </Detection>
        <Detection Type="SignedAbnormalLaunch" Action="off">
          <ParametersList1>
			<Parameters>WINWORD.EXE</Parameters>
			<Parameters>EXCEL.EXE</Parameters>
			<Parameters>ONENOTE.EXE</Parameters>
			<Parameters>POWERPNT.EXE</Parameters>
			<Parameters>MSPUB.EXE</Parameters>
			<Parameters>AcroRd32.exe</Parameters>
			<Parameters>MSACCESS.EXE</Parameters>
			<Parameters>VISIO.EXE</Parameters>
          </ParametersList1>
          <ParametersList2>
			<Parameters>WSCRIPT.EXE</Parameters>
			<Parameters>CMD.EXE</Parameters>
			<Parameters>CSCRIPT.EXE</Parameters>
			<Parameters>POWERSHELL.EXE</Parameters>
			<Parameters>MSHTA.EXE</Parameters>
          </ParametersList2>
        </Detection>
        <Detection Type="AbnormalSvchostLaunch" Action="off">
          <ParametersList1/>
          <ParametersList2/>
        </Detection>
        <Detection Type="ModifiedFilesPerMinute" Action="off">
          <ParametersList1>
            <Parameters>50</Parameters>
          </ParametersList1>
          <ParametersList2/>
        </Detection>
        <Detection Type="TotalModifiedFiles" Action="off">
          <ParametersList1>
            <Parameters>100</Parameters>
          </ParametersList1>
          <ParametersList2/>
        </Detection>
        <Detection Type="ModifiedDifferentFileTypes" Action="off">
          <ParametersList1>
            <Parameters>10</Parameters>
          </ParametersList1>
          <ParametersList2/>
        </Detection>
        <Detection Type="ModifiedSpecificFileType" Action="off">
          <ParametersList1>
            <Parameters>8</Parameters>
          </ParametersList1>
          <ParametersList2>
            <Parameters>FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt]</Parameters>
          </ParametersList2>
        </Detection>
        <Detection Type="Ranking" Action="off">
          <ParametersList1>
            <Parameters>30</Parameters>
          </ParametersList1>
          <ParametersList2/>
        </Detection>
        <Detection Type="DummyPotFilesModified" Action="off">
          <ParametersList1>
            <Parameters>3</Parameters>
          </ParametersList1>
          <!-- 
						The path can be any direct path or value from the ShellFoldersGroup enum 
				   -->
          <ParametersList2>
            <Parameters>Music\00CpSystemFolderDonotRemove\mp4</Parameters>
            <Parameters>Music\00CpSystemFolderDonotRemove\mp4</Parameters>
            <Parameters>Music\00CpSystemFolderDonotRemove\avi</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\docx</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\doc</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\xlsx</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\xls</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\pptx</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\pdf</Parameters>
            <Parameters>Documents\00CpSystemFolderDonotRemove\txt</Parameters>
            <Parameters>Videos\00CpSystemFolderDonotRemove\wmv</Parameters>
            <Parameters>Videos\00CpSystemFolderDonotRemove\wmv</Parameters>
            <Parameters>Videos\00CpSystemFolderDonotRemove\mp4</Parameters>
            <Parameters>Videos\00CpSystemFolderDonotRemove\avi</Parameters>
            <Parameters>Pictures\00CpSystemFolderDonotRemove\jpg</Parameters>
            <Parameters>Pictures\00CpSystemFolderDonotRemove\png</Parameters>
            <Parameters>Pictures\00CpSystemFolderDonotRemove\gif</Parameters>
          </ParametersList2>
        </Detection>
        <Detection Type="MBRDetection" Action="off">
          <ParametersList1 />
          <ParametersList2 />
        </Detection>
      </DetectionList>
      <SilentDetectionList>
        <Detection Type="TotalModifiedFiles" Action="off">
          <ParametersList1>
            <Parameters>100</Parameters>
          </ParametersList1>
          <ParametersList2>
            <!-- Ranking range (from-to:points)-->
            <Parameters>RankingRange[0-9:1,10-14:7,15-19:8,20-24:9,25-2147483647:10]</Parameters>
          </ParametersList2>
        </Detection>
        <Detection Type="Ranking" Action="off" ValidateDetection="true">
          <ParametersList1>
            <Parameters>30</Parameters>
          </ParametersList1>
          <ParametersList2>
            <Parameters>0.5</Parameters>
            <!--The ratio (Files read) / (Files modifies) by the same exectution tree.-->
          </ParametersList2>
        </Detection>
        <Detection Type="ModifiedSpecificFileType" Action="off" ValidateDetection="true">
          <ParametersList1>
            <Parameters>8</Parameters>
          </ParametersList1>
          <ParametersList2>
            <Parameters>FileTypeExtenssions[doc,docx,xls,xlsx,pdf,png,rtf,zip,svg,wmv,mp3,rar,bmp,7z,gif,docm,dotm,xlm,xlsm,xlam,ppt,pptx,pptm,ppom,ppam,ppsm,contact,jpeg,txt]</Parameters>
            <!-- Ranking range (from-to:points)-->
            <Parameters>RankingRange[1-1:3,2-2:4,3-3:5,4-4:11,5-5:12,6-6:13,7-2147483647:14]</Parameters>
          </ParametersList2>
        </Detection>
        <Detection Type="ModifiedSpecificFolders" Action="off">
          <ParametersList1>
            <Parameters></Parameters>
          </ParametersList1>
          <ParametersList2>
            <!-- Ranking Groups (Group:points)-->
            <Parameters>RankingGroups[Desktop:13,Documents:13,Downloads:8,Pictures:8,Videos:8,Others:1]</Parameters>
          </ParametersList2>
        </Detection>
      </SilentDetectionList>
    </ProcessDetection>
  </AntiRansomeWare>

</EFRPolicy> )
[01-11-19 11:19:48.491] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( policyViaExclusions: <ngavPolicy>  <experimentalSignatures>false</experimentalSignatures>  <machineLearningValidation>false</machineLearningValidation>    <enforcementActions>    <low>Silent</low>    <medium>Silent</medium>    <high>Silent</high>  </enforcementActions>  </ngavPolicy> )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: c:\windows\explorer.exe FileName:  MD5:  Signer:  )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: symantec corporation )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: trend micro )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: mcafee )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: mcafee epo development (spc) )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path: c:\windows\explorer.exe FileName:  MD5:  Signer:  )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: symantec corporation )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: trend micro )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: mcafee )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Adding process exclusion: Path:  FileName:  MD5:  Signer: mcafee epo development (spc) )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.EDR.FeedHandler) message: ( Data streaming Stop called )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.EDR.FeedHandler) message: ( Stop was already done, will not call stop again )
[01-11-19 11:19:48.506] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Seting enforcement for ExperimentalSignatures: False MachineLearningValidation: False High: Silent Medium:Silent Low: Silent )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Connectors.AntiRansomware.AntiRansomwareConnector) message: ( Anti-Ransomware policy applied )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( NGAVPolicy initialized )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Core.Engine) message: ( ##### Engine started #### )
[01-11-19 11:19:48.569] [fbc:1] [Info] source: (NGAV.Core.Engine) message: ( Telemetry initialized )
[01-11-19 11:19:48.772] [fbc:1] [Info] source: (NGAV.Connectors.AntiRansomware.AntiRansomwareConnector) message: ( Anti-Ransomware started )
[01-11-19 11:19:48.788] [fbc:1] [Error] source: (NGAV.Connectors.UserInterface.UserInterfaceBridge) message: ( System.TypeInitializationException: Se produjo una excepción en el inicializador de tipo de 'EPNetUtils.EndpointUI.ZdxUiNegotiator'. ---> System.IO.FileNotFoundException: The path to ZDxNet.dll cannot be located: no registry key
   en EPNetUtils.EndpointUI.ZdxUiNegotiator..cctor()
   --- Fin del seguimiento de la pila de la excepción interna ---
   en EPNetUtils.EndpointUI.ZdxUiNegotiator..ctor()
   en NGAV.Connectors.UserInterface.UserInterfaceEP..ctor()
   en NGAV.Connectors.UserInterface.UserInterfaceBridge.Configure() )
[01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Core.Enforcement.Remediation) message: ( Remediation initialized )
[01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Helpers.HelperDirectory) message: ( Will not delete directory, Path: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\indicators not exist )
[01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Helpers.HelperDirectory) message: ( Will not delete directory, Path: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\sentree\protections not exist )
[01-11-19 11:19:48.788] [fbc:1] [Info] source: (NGAV.Helpers.HelperDirectory) message: ( Will not delete directory, Path: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\shared\protections not exist )
[01-11-19 11:19:51.715] [fbc:1] [Info] source: (NGAV.Core.Signatures.ParserUnsharedFormat.ParserManager) message: ( Signatures zip file extracted: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\Signatures.zip )
[01-11-19 11:19:51.762] [fbc:1] [Info] source: (NGAV.Core.Signatures.ParserUnsharedFormat.ParserManager) message: ( mldata zip file extracted: C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\indicators\mldata.zip )
[01-11-19 11:19:53.872] [fbc:1] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu started )
[01-11-19 11:19:54.872] [fbc:1] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu started )
[01-11-19 11:19:54.887] [fbc:1] [Info] source: (NGAV.Core.SuspiciousEvent.SuspiciousEvents) message: ( Suspicious events initialized )
[01-11-19 11:19:54.934] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( Loaded model Camouflage )
[01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( Loaded model HashCopy )
[01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( ML matrix Initialized successfuly )
[01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.ML.MLMatrix) message: ( Starting ML )
[01-11-19 11:19:54.965] [fbc:1] [Info] source: (NGAV.Reputation.ReputationConnector) message: ( Reputation initialized )
[01-11-19 11:19:55.965] [fbc:1] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Core.Reporting.Information.DetectedTrees]) message: ( queueu started )
[01-11-19 11:19:55.965] [fbc:1] [Info] source: (NGAV.Core.Signatures.Validation.ValidationFP) message: ( Validation FP initialized )
[01-11-19 11:19:56.200] [fbc:1b] [Info] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Ignoring Indicators for process Path: C:\Windows\Explorer.EXE MD5: 38ae1b3c38faef56fe4907922f0385ba Signer: Microsoft Windows, due to exclusion )
[01-11-19 11:19:56.965] [fbc:16] [Warn] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Enforcement type for DetectionConfidence: Low is: Silent )
[01-11-19 11:19:56.965] [fbc:16] [Warn] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Enforcement type for DetectionConfidence: Medium is: Silent )
[01-11-19 11:19:56.965] [fbc:16] [Warn] source: (NGAV.Core.Configuration.NGAVPolicy) message: ( Enforcement type for DetectionConfidence: High is: Silent )
[01-11-19 11:20:56.231] [fbc:17] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu disposed )
[01-11-19 11:21:01.231] [fbc:22] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu stopped )
[01-11-19 11:21:01.231] [fbc:1b] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu disposed )
[01-11-19 11:21:06.231] [fbc:22] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Engine.DataAggregation.Records.RecordBase]) message: ( queueu stopped )
[01-11-19 11:21:06.231] [fbc:22] [Info] source: (NGAV.ML.MLMatrix) message: ( ML stopped )
[01-11-19 11:21:06.231] [fbc:22] [Info] source: (NGAV.Reputation.ReputationConnector) message: ( Reputation deinitialized )
[01-11-19 11:21:06.231] [fbc:19] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Core.Reporting.Information.DetectedTrees]) message: ( queueu disposed )
[01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.FeedManager.RecordsBlockingQueue`1[NGAV.Core.Reporting.Information.DetectedTrees]) message: ( queueu stopped )
[01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Core.Signatures.Validation.ValidationFP) message: ( Validation FP deinitialized )
[01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Connectors.AntiRansomware.AntiRansomwareConnector) message: ( Anti-Ransomware stopped )
[01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Core.Enforcement.Remediation) message: ( Remediation deinitialized )
[01-11-19 11:21:11.231] [fbc:22] [Info] source: (NGAV.Core.Engine) message: ( ##### Engine stopped ##### )