Threat Prevention

Nicolas Daems in Threat Prevention9 hours ago (Show more)

How-To - Customize UserCheck Page to send email and report issue

Hi, Few months ago we developped a small hack in UserCheck in order to send an email and report wrongly categorized website to Helpdesk team. Please find the way if you're looking for such feature (Compatible in R77.30 & R80.x) UserCheck portal relies on a javascript library stored on the Gateway. Edit this files on the Gateways vi… (Show more)

Ed Eades in Threat Prevention1 day ago (Show more)

antibot usercheck redirect

I have been doing some testing with the usercheck feature with antibot. I have antibot enabled and setup with just a few test IPs for the scope and that is working well. We would like to present the users with a block page if a device attempts to go to a known bot controlled site. I tested some with using the usercheck on the firewall and also… (Show more)

Neil Davey in Threat Prevention2 days ago (Show more)

R80.10 IPS By Protocol

When using R77.30 I use to have an IPS Profile that only protected the following IPS settings: Protections, By Protocol, Application Intelligence, Peer to Peer & Malware Traffic Categories. On a regular basis I would check both of these categories and if any new protections were downloaded, then I would manually enable these protections. … (Show more)

2 repliesShow more activity

Neil Davey (to Tomer Sole) 21 hours ago (Show more Show less)

Thanks for the link Tomer Sole. I have tried to create an IPS Profile but get a load of protections enabled that I do not want. Have you any steps on how to prevent only the specific protections that I used to use under R77.30?

Actions

Dameon Welch Abernathy

in Threat Prevention2 days ago (Show more)

This Week in Threats: Week of 18th September 2017

The video streaming service Vevo has been breached, there's a .Net 0day in the wild, and beware of Bashware. All that and more in our latest Threat Intelligence Report. Download: Threat Intelligence News 18 September 2017

Dameon Welch Abernathy

in Threat Prevention2 weeks ago (Show more)

This Week in Threats: Week of 4th September 2017

6 million Instagram accounts were leaked and offered for sale, Turia APT is being used to spy on embassies, Hurricane Harvey and the IRS are being used to scam people, Real Madrid's Twitter account was hacked, and "Roboto Condensed" isn't font. Find about this and more in this week's threat intelligence report! Download: Threat Intelligence… (Show more)

Mike Painter in Threat Prevention3 weeks ago (Show more)

Automating IPS

In short, it would be great if Check Point could interface with a vulnerability scanner to automatically configure IPS rules based off various parameters. Wishful thinking, perhaps? For example, lets say anything with a CVSS of 1-4 is inactive, 5-7 is in detect, and 8-10 is protect. You could then run this against the Confidence and Performance… (Show more)

5 repliesShow more activity

Mike Painter (to Tomer Sole) 2 weeks ago (Show more Show less)

I'd like to point out there are roughly 1700 tags, but I receive an error when adding more than 32. So if you chose to automatically disable CVSS score of 1.0 - 2.9, that is 20 of the 32 available used up.

Actions

Bobby Meador in Threat Prevention1 month ago (Show more)

has MTA enabled, but it is not in the scope of any of the Threat Prevention policy rules

Keep getting this on R80.10 gateways Azure and 5900 cluster same issue. Is this a BUG!!! I have tried this and it does not work "<Name of Security Gateway> has MTA enabled, but it is not in the scope of any of the Threat Prevention policy rul…

6 repliesShow more activity

Thomas Werner

(to Bobby Meador) 2 weeks ago (Show more Show less)

Hi Bobby, so you enabled MTA without having a non-bridge interface ? Using MTA in bridge mode deplyments requires a dedicated non-bridge interface for the MTA .... Regards Thomas

Actions

Deven Amode in Threat Prevention2 weeks ago (Show more)

Anti-bot logs not shown in logs for external gateway cluster, but only on internal cluster.

We have two gateway clusters, Edge and Internal cluster, installed and have enabled anti-bot/virus features enabled on both, however, only the internal cluster policy shows the logs for anti-bot/virus. No logs are shown in edge cluster policy. I have made sure that the features are both properly enabled, right policy is installed on the right… (Show more)

2 repliesShow more activity

Deven Amode (to Dameon Welch Abernathy) 2 weeks ago (Show more Show less)

Hi Dameon, Thanks for your prompt reply. What you said is correct. I think that's the reason why the traffic didn't get detected in the edge cluster. I also checked and can confirm that the https inspection is not enabled. We have tried the test pages but that was from internal cluster. I am yet to test it from a host not from the internal…

Actions

Dameon Welch Abernathy

in Threat Prevention3 weeks ago (Show more)

This Week in Threats: Week of 28 August 2017

Game of Thrones is the lure of a new phishing campaign, telnet credentials for thousands of Internet of Things devices have leaked, "defray" is a new ransomware being used in targeted attacks, and yet more CIA-developed tools made public thanks to Wikileaks. Details on these items and more can be found in this week's Threat Intelligence report. … (Show more)

Dameon Welch Abernathy

in Threat Prevention1 month ago (Show more)

This Week in Threats: Week of 21st August 2017

More than 4,000 corporates were attacked, with at least 14 known successful infections, Chicago's entire voter database was left in the cloud and exposed to everyone for months, yet more malicious apps found in Google Play, and WannaCry appears to have impacted multiple service centers of LG Electronics. Details on these items and more can be… (Show more)

Manage

Recent Activity