Threat Prevention | CheckMates

Conor Mulcahy in Threat Prevention3 days ago (Show more)

Having an issue with google maps not launching the street view with https inspection set to inspect. Was wondering has anyone out there got the URLs so i can setup a Custom/Site to bypass https inspection. Or if there is any other/better way to get this working.

6 repliesShow more activity

Huseyin Rencber (to Conor Mulcahy) 21 hours ago (Show more Show less)

Hi , I've tried to access through ssl decrypted web content gateway. You can find the log details below, maybe it will helpful.

Actions

Robert Mueller in Threat Prevention2 days ago (Show more)

Unable to update TE Engine

Hi, Both of the TE-1000X Applainces are connected to the internet - but they don't update the TE Enigne.. The "tecli a e v" command show the 56.990002329 and when I try to initialize a manual update with the tecli command nothing happens.. is there an other command to Update the TE Enigne? Br

1 replyShow more activity

Heiko Ankenbrand (to Robert Mueller) 2 days ago (Show more Show less)

Check for general connection to Threat Cloud Update servers: # ping te.checkpoint.com # curl –vk https://te.checkpoint.com Start update: # tecli a d u a If you have any issues with olf files. You can delete all existing images and start again: Delete old images: # rm –rf /var/log/files_repository/images Kill Threat Emulation daemon and…

Actions

Richard Jackson in Threat Prevention2 days ago (Show more)

Anyone seen Sandblast TE causing high load average in top?

We are seeing multiple 'teCleanupOldFil' processes in top on Standby member of ClusterXL pair. Active member not seeing this. Any idea of the cause? [Expert@DF-FW-11:0]# top top - 18:34:55 up 2:23, 1 user, load average: 11.79, 11.52, 10.73 Tasks: 280 total, 14 running, 265 sleeping, 0 stopped, 1 zombie Cpu(s): 25.4%us,… (Show more)

Tomer Sole

in Threat Prevention2 days ago (Show more)

IPS Analyzer Tool - are you running it?

The IPS Analyzer Tool runs on your gateway for a short amount of time, and issues an HTML report of which individual IPS protections took the most CPU and RAM on the gateway during the runtime of the tool. Supported Gateways are R77 and above. For more information go to IPS Analyzer Tool - How to analyze IPS performance efficiently I… (Show more)

2 repliesShow more activity

Gomboragchaa Jamganjav (to Tomer Sole) 2 days ago (Show more Show less)

Thank you, It is a little bit complicated to get by an e-mail. ============================================== For getting the latest version of Analyzer tool please contact: IPS_Analyzer_Tool@checkpoint.com ==============================================

Actions

Tal Eisner

in Threat Prevention2 days ago (Show more)

Forrester Research Names Check Point a Leader in Endpoint Security Suites

Forrester Research, Inc. conducted an extensive in-depth analysis of endpoint security features amongst 15 different vendors, scoring on 21 criteria, including malware prevention, data security, product support, and more. In the 2018 Forrester Report, Check Point earned the highest possible scores in the Malware Prevention,… (Show more)

1 replyShow more activity

Moti Sagey

(to Tal Eisner) 2 days ago (Show more Show less)

Impressive!!

Actions

alexaa933fd5c-c5cf-4502-9ce0-965c56f7964b in Threat Prevention8 months ago (Show more)

IPS packet capture

In R77.30 and earlier IPS packet capture was stored on the gateways as .pcap files and we could retrieve them using "fwm getpcap" over SSH. In R80+, IPS has been moved to Threat Prevention and it seems that packet capture is now being stored as .EML files. Looking at the logs from "fw log", the "packet_capture_unique_id" is now a name, where on… (Show more)

9 repliesShow more activity

Pablo Munoz

(to Brian Olesen) 3 days ago (Show more Show less)

It's my understanding that these settings are configured from 'Disk Space Management' (GW Properties -> Logs -> Local Storage). Here you can also define how much disk space will be allocated for packet capturing. Files should be stored until we start running out of space (then log rotation starts working as per the settings)

Actions

Vinicius Oliveira in Threat Prevention2 weeks ago (Show more)

Maximum file size to scan and action taken in R80.10

Hi guys, in R77.30 we had the option to configure the maximum file size to be scanned and what action to be taken if file size exceeded by Threat Prevention Blade. Now in R80.10 I know we can still set the file size using DBEdit (sk93616). But what about the action to be taken if the file size exceeds? Is it still possible to set in R80.10?… (Show more)

3 repliesShow more activity

Thomas Werner

(to Vinicius Oliveira) 5 days ago (Show more Show less)

So we need to be more specific here: 1) AV Signature check This is a file hash check against our big Threat Cloud database. The hash is calculated "on the fly" on a file without the need to reassemble the packets. Afaik this AV scanning engine does not have any file size limit. Most AV catches come from this engine 2) AV deep scan and…

Actions

SDE License Account in Threat Prevention1 week ago (Show more)

IPS questions

Hi every one. I am putting together some documentation to train the new starters on checkpoint IPS just an over view and some tasty in depth details sort of thing. I have a couple of questions that I am trying to find answers to. The first one is a generic question over load on the firewall. Obviously switching on IPS will increase load on the… (Show more)

5 repliesShow more activity

Tomer Sole

(to Huseyin Rencber) 7 days ago (Show more Show less)

Pages 17-18 discuss performance tuning, did you find that information useful?

Actions

tom barat in Threat Prevention2 weeks ago (Show more)

GAIA R80.10 IPS only blocks URL-based attacks

Hi, It is my first time configuring checkpoint products and i am still having some issues with the IPS. I have a R80.10 firewall module with IPS enabled ( and configured in a rather strict profile) and a vulnerable web server behind it. When I attack the web server, the IPS properly detects URL-based attack ( for instance a SQLi where the… (Show more)

6 repliesShow more activity

Dameon Welch Abernathy

(to tom barat) 2 weeks ago (Show more Show less)

It is two different issues, correct, but along the same lines The protection should cover all parts of the HTTP request, but it's possible something was missed. I'm going to have R&D reach out to you privately to get the details of what you're doing so we can improve the protection.

Actions

andrea clerici in Threat Prevention3 weeks ago (Show more)

Threat prevention exclusion not working

our antivirus threat prevention policy drop exe files. we need to create an exception in order to let our microsoft system to download windows update files. we configured a threat prevention exception rule with destination a domain object .windowsupdate.com. but the updates are still blocked (see attached screenshot log). any idea how to avoid… (Show more)

1 replyShow more activity

Dameon Welch Abernathy

(to andrea clerici) 2 weeks ago (Show more Show less)

See the following thread: Exclude Windows updates from Threat Emulation

Actions