topic Exception on Download File Type Prevention in Browse

Exception on Download File Type Prevention

sifislaz — Fri, 23 Jan 2026 10:39:48 GMT

Hello Mates,

A customer has (and ) and posed the following requirements for its infrastructure:

Users cannot download archive file types
Except downloading .zip, .rar, .7z from specific domains

The first requirement is achieved from: Policy -> Threat Prevention -> Policy Capabilities -> Web & Files Protection -> Advanced Settings -> Download Protection -> Override Default Files Actions.

When I tried to create an exception for the specific functionality, I hit a dead end.

Any ideas on how to achieve that?

Re: Exception on Download File Type Prevention

PhoneBoy — Fri, 23 Jan 2026 21:27:44 GMT

Endpoint, which client version, managed on-prem or with Infinity Portal?
Where exactly did you try to add the exception?

Re: Exception on Download File Type Prevention

sifislaz — Sat, 24 Jan 2026 07:56:27 GMT

Client version E88.72, managed on Infinity Portal.

Exception methodology:

1. I reviewed the logs and spotted Threat Extraction blade as the “active” blade during download blocking.

2. I went to Global Exclusions center and tried to create a Single method exception with the Domain that they wanted to be excluded, for Threat Extraction blade.

3. I have noticed that Threat Extraction blade is not included on the available blades for exceptions, so I tried Threat Emulation, without success.

Re: Exception on Download File Type Prevention

PhoneBoy — Mon, 26 Jan 2026 15:46:46 GMT

Not sure it's Threat Extraction (or Threat Emulation) that's doing the blocking in this case, I would try Anti-Virus.
Tagging @AdiGH

Re: Exception on Download File Type Prevention

the_rock — Mon, 26 Jan 2026 16:00:16 GMT

Might be worth trying E89.10

Re: Exception on Download File Type Prevention

jcortez — Mon, 26 Jan 2026 17:16:04 GMT

Hi @sifislaz

For issues like this, it is best to open a Case/SR with our Technical Support so our Endpoint Team can get logs from you and the Forensics Report to understand why the exclusions are not working. The issue may look simple from the top level, but it could be a slightly more complicated issue that is not clear enough.

Re: Exception on Download File Type Prevention

jcortez — Wed, 28 Jan 2026 16:54:42 GMT

Hi @sifislaz

Based on the email thread that we have going internally by your Check Point Sales Engineer, Fanis Tsomis, our R&D team has confirmed that what is being asked for will require an RFE since this is not something we currently support in the product today.

Re: Exception on Download File Type Prevention

sifislaz — Thu, 29 Jan 2026 04:26:42 GMT

Hi @jcortez,

thank you very much for your answer.