topic Re: Block .exe file download in Firewall and Security Management

Block .exe file download

Sagar_Manandhar — Wed, 02 Aug 2017 23:18:20 GMT

I got the queries, if it is possible to implement a policy which block the client from downloading the executable(exe) files in checkpoint.

Our client were using fortinet 200D where we found such policy. So, we need to make that same policy to checkpoint.

Regards,

Sagar Manandhar

Re: Block .exe file download

PhoneBoy — Thu, 03 Aug 2017 02:23:28 GMT

Refer to the following SK: How to block any File Type Family to Anti-Virus scan in R77.XX

These instructions should also apply for R80.x as well.

Re: Block .exe file download

Norbert_Bohusch — Thu, 03 Aug 2017 06:43:47 GMT

Starting with R80.10 this could also be achieved by using the new Content Awareness features. So there would be no need for an Anti-Virus license (NGTP bundle), but an NGFW bundle would be sufficient.

Re: Block .exe file download

Tomer_Sole — Thu, 03 Aug 2017 08:31:36 GMT

simply create this rule:

How to enable Content Awareness:

1. Make sure you have an R80.10 Gateway

2. Edit the gateway and enable the Content Awareness blade.

3. Edit the current security policy layer and enable the Content Awareness blade.

4. The new "Content" column will show up in the rulebase.

Re: Block .exe file download

PhoneBoy — Thu, 03 Aug 2017 15:05:39 GMT

I wish I could mark both our solutions as correct in Jive

Re: Block .exe file download

Gaurav_Pandya — Thu, 30 Nov 2017 12:05:09 GMT

Yeah. So if you have lower version than R80.10. You can achieve it by Antivirus blade as well as DLP blade.

Re: Block .exe file download

dorj_erdeneochi — Mon, 26 Mar 2018 09:09:38 GMT

i did it. but it is not working. ?

Re: Block .exe file download

Dor_Marcovitch — Mon, 26 Mar 2018 11:01:16 GMT

from what i know AV blade check only file extension and not the MimeType of the file

Re: Block .exe file download

Martin_Raska — Wed, 28 Mar 2018 06:51:13 GMT

Guys,

correct me If I am wrong, for activation Content Awareness blade, I need DLP license which is not part of NGFW nor NGTP/TX bundle.

Re: Block .exe file download

Norbert_Bohusch — Wed, 28 Mar 2018 06:58:20 GMT

Wrong! NGFW is enough, see here:

https://community.checkpoint.com/docs/DOC-2052-infinity-r8010-cool-feature-of-the-day-content-awareness

Re: Block .exe file download

dorj_erdeneochi — Thu, 29 Mar 2018 07:18:01 GMT

How does customers add this specific the file type families. is it possible for customer

Re: Block .exe file download

Tomer_Sole — Thu, 29 Mar 2018 09:03:52 GMT

yes.

Re: Block .exe file download

Kevin_Vargo — Tue, 22 Jan 2019 14:28:35 GMT

For my own clarity, this seems to work with both HTTP and HTTPS in my lab. I am not doing HTTPS inspection, can I ask how this works with HTTPS? My assumption was that I'd still be able to download an EXE, but I was wrong. I don't know too much about Content Awareness possibilities, but it is intriguing.

Re: Block .exe file download

Pedro_Silva — Wed, 06 Mar 2019 06:25:34 GMT

Trying to configure a Content Awareness rule for this scenario.

I have an inline rule configured for web browsing (rule 17):

I have more detailed inline rules below this (rule 17.x)

I wish to create content awareness checks at the lower levels of the inline rule but the Content column is greyed out?

R80.20 SM Admin Guide shows that this should be possible.