https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21706#M4051 <HTML><HEAD></HEAD><BODY><P>it is not the purpose of threat extraction to be honest , you can achieve that with the antibot blade but this is post infection , threat extraction extract active code execution or similar from a file</P></BODY></HTML> Tue, 09 Jan 2018 11:29:36 GMT Marco_Valenti 2018-01-09T11:29:36Z https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21705#M4050 <HTML><HEAD></HEAD><BODY><P>Hi, Can someone confirm if SandBlast Threat Extraction can help dropping attacker's specific active connection? or we need to create a SAM rulebase by looking at active log connection that we want to block</P></BODY></HTML> Tue, 09 Jan 2018 05:00:20 GMT https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21705#M4050 Masood_ahmad 2018-01-09T05:00:20Z https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21706#M4051 <HTML><HEAD></HEAD><BODY><P>it is not the purpose of threat extraction to be honest , you can achieve that with the antibot blade but this is post infection , threat extraction extract active code execution or similar from a file</P></BODY></HTML> Tue, 09 Jan 2018 11:29:36 GMT https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21706#M4051 Marco_Valenti 2018-01-09T11:29:36Z https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21707#M4052 <HTML><HEAD></HEAD><BODY><P>If you want to block a specific active connection, you need to use SAM or fw samp.</P></BODY></HTML> Mon, 15 Jan 2018 03:09:46 GMT https://community.checkpoint.com/t5/General-Topics/Dropping-intruders-specific-active-connection/m-p/21707#M4052 PhoneBoy 2018-01-15T03:09:46Z