Skip navigation
All Places > Threat Prevention

SandBlast Network

Log in to follow, share, and participate in this community.

Recent Activity

Libin Thomas
The customer has one MTA configured for a domain on the TE2000X appliance. For MTA load balancing we have followed sk110369 and used the config script. Now we would like to configure a 2nd MTA for a new domain. Can we follow the same procedure for this ?  Are multiple MTA^s supported for Threat Emulation/Extraction on TE2000x? can we add another… (Show more)
in SandBlast Network
Andrey Ganichev
Hello, I have the question about TE logs. There is a such configuration (sk102309 section 10) : TE Appliance R77.30 JHF Take 338 engine 57.990004002 is managed MGMT-TE R80.20. GWS that send files for emulation to TE Appliance are manager anothers MGMT. In SmartLog on MGMT-TE R80.20 I don't see Threat Emulation logs. Is it by design or something… (Show more)
in SandBlast Network
1fb431d2-d804-449a-bccd-5f3f95de6259
Click to view contentWhen a file is sent for remote emulation to our Sandblast Appliance (100X), one file is emulated twice on the same Platform, but one of the VM with the status description "HPS emulation must be exclusive".   For example below the same file on same platform Win7, Office 2013, Adobe 11:   The only mention of HPS I can find in all documentation… (Show more)
in SandBlast Network
Pamela S. Lee
Hello CheckMates Community! Check Point needs your help.   We are trying to understand whether Check Point customers leverage the MITRE ATT&CK framework.   Would you, as a user of Check Point solutions, find it helpful to have our entire product portfolio mapped to the MITRE ATT&CK matrices for protecting, detecting, and handling the tactics and… (Show more)
Kalyan Addenki
We have R77.30 management with TE250X appliances and recently purchased new TE1000X Sandblast Appliances.   I am not planning to migrate anything from TE250X to TE1000 appliances but build the TE1000 from scratch and swap the TE devices on the gateways. But these new TE1000 appliances shipped with R77.30, so not sure if they can be upgraded to… (Show more)
in SandBlast Network
Thomas Werner
Click to view contentICAP Server   The official ICAP Server SK mentions requirements, release notes and general information regarding the new ICAP server functionality.   Check Point support for Internet Content Adaptation Protocol (ICAP) server https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk111306  …
in SandBlast Network
Thomas Werner
Click to view contentHi,   so with the following MTA takes you got AV blade support INSIDE MTA for R80.10 and R80.20:   24.10.18 R80_10_mta Take 21 8010.991003028  Alignment to R80.20 MTA engine update Anti-Virus over MTA support   10.10.18 R80_20_mta Take 7 8020.991002075 The following are available in R80.20 Gateway & Management: Anti-Virus over…
in SandBlast Network
Shahar Grober
Hi,    Can it be that Check Point Threat Prevention and Sandblast in MTA doesn't scan "*.msg" attachments inside an email?   I did the following tests:   First Test (Baseline) I sent a malicious .doc file attached to an email via the MTA  Result: email is scanned and find malicious by the Gateway AV which is great!   Second Test  I took the… (Show more)
in SandBlast Network
Charris Lappas
Dear community,   It was published that with the release of R80.20 it should be a better way to monitor the MTA email processed and so on. Can you assist on an SK or provide some instructions?   Thanks,   Charris Lappas
in SandBlast Network
Thomas Werner
Click to view contentThis is available with R80.20 Mgmt & MTA running on R80.20 GW   1) MTA Logs Within your logs you now get Postfix logs in the GUI - just filter for blade:MTA     You can see mail queue ID and even the E-Mail headers in the log. Also it is possible to see all logs tied to an email by setting the "Original Queue ID" as a filter:   In the…
in SandBlast Network
Load more items