https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/54197#M13378 <P>Hi,</P><P>&nbsp;</P><P>I'm able to create reaction but I don't know how to filter by critical severity and SMTP protocole.</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P> Thu, 23 May 2019 07:50:38 GMT chico 2019-05-23T07:50:38Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/53583#M13374 <P>Hello everybody,<BR />I'm new in the checkpoint devices and I have a question about the SandBlast for smtp.<BR />Recently checkpoint blocked an attachment to a customer document. It was a word (.doc) document and after looking the logs I can see that the document was bloqued to protection name "Exploited doc document"</P><P>If I look the forensic details I can see that the vulnerable operating systems was for (as shown on the attachement file)<BR />-Win7<BR />-WinXP</P><P>So if I use a Windows 10 operating syseme, can I dowload the document serently ?</P><P>Regards,</P> Thu, 16 May 2019 09:00:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/53583#M13374 chico 2019-05-16T09:00:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/53628#M13375 Hi chico,<BR />Welcome!<BR /><BR />No, usually when a file is malicious on one OS it is also malicious on others. The reason we use these images (XP &amp; 7) is that they are the most common and therefore attackers usually make their malware run on them. In the sandbox we want to entice the malware to run. But it doesn't mean that Windows 10 is secured against this file. Thu, 16 May 2019 20:14:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/53628#M13375 TP_Master 2019-05-16T20:14:08Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/53998#M13376 <P>Hello,</P><P>Thank you for your answer.</P><P><BR />Do you know how to create an alert by mail or syslog when an critical smtp Emulation event arrive ? I don't find anything about that in the smartEvent.</P><P><BR />Regards,</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 21 May 2019 08:57:09 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/53998#M13376 chico 2019-05-21T08:57:09Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/54125#M13377 Are you able to create SME reaction / e-mail alert on Threat Emulation events in general? just don't know how to filter by Critical severity &amp; SMTP? Wed, 22 May 2019 15:20:42 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/54125#M13377 TP_Master 2019-05-22T15:20:42Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/54197#M13378 <P>Hi,</P><P>&nbsp;</P><P>I'm able to create reaction but I don't know how to filter by critical severity and SMTP protocole.</P><P>&nbsp;</P><P>Regards,</P><P>&nbsp;</P> Thu, 23 May 2019 07:50:38 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SMTP-Emulation/m-p/54197#M13378 chico 2019-05-23T07:50:38Z