This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
sifislaz
Explorer
2 weeks ago
Jump to solution

Exception on Download File Type Prevention

Hello Mates,

A customer has Harmony Endpoint (and Harmony Browse) and posed the following requirements for its infrastructure:

  • Users cannot download archive file types
  • Except downloading .zip, .rar, .7z from specific domains

The first requirement is achieved from: Policy -> Threat Prevention -> Policy Capabilities -> Web & Files Protection -> Advanced Settings -> Download Protection -> Override Default Files Actions.

When I tried to create an exception for the specific functionality, I hit a dead end.

Any ideas on how to achieve that?

Harmony Endpoint
Harmony Endpoint
Harmony
Harmony Browse
Harmony Browse
Harmony
0 Kudos
1 Solution

Accepted Solutions
jcortez
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
a week ago
Jump to solution

Hi @sifislaz 

Based on the email thread that we have going internally by your Check Point Sales Engineer, Fanis Tsomis, our R&D team has confirmed that what is being asked for will require an RFE since this is not something we currently support in the product today.

Exception on Download File Type Prevention 1.png

Exception on Download File Type Prevention 2.png


Justin Cortez
Technology Leader | Workspace Cyber Security Products | Americas Workspace Security Team

View solution in original post

7 Replies
PhoneBoy
Admin
Admin
2 weeks ago
Jump to solution

Endpoint, which client version, managed on-prem or with Infinity Portal?
Where exactly did you try to add the exception?

0 Kudos
sifislaz
Explorer
2 weeks ago
In response to PhoneBoy
Jump to solution

Client version E88.72, managed on Infinity Portal.

Exception methodology:

1. I reviewed the logs and spotted Threat Extraction blade as the “active” blade during download blocking.

2. I went to Global Exclusions center and tried to create a Single method exception with the Domain that they wanted to be excluded, for Threat Extraction blade.

3. I have noticed that Threat Extraction blade is not included on the available blades for exceptions, so I tried Threat Emulation, without success.

0 Kudos
PhoneBoy
Admin
Admin
a week ago
In response to sifislaz
Jump to solution

Not sure it's Threat Extraction (or Threat Emulation) that's doing the blocking in this case, I would try Anti-Virus.
Tagging @AdiGH 

the_rock
MVP Diamond
MVP Diamond
a week ago
Jump to solution

Might be worth trying E89.10

Best,
Andy
0 Kudos
jcortez
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
a week ago
Jump to solution

Hi @sifislaz 

For issues like this, it is best to open a Case/SR with our Technical Support so our Endpoint Team can get logs from you and the Forensics Report to understand why the exclusions are not working. The issue may look simple from the top level, but it could be a slightly more complicated issue that is not clear enough.


Justin Cortez
Technology Leader | Workspace Cyber Security Products | Americas Workspace Security Team
0 Kudos
jcortez
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
a week ago
Jump to solution

Hi @sifislaz 

Based on the email thread that we have going internally by your Check Point Sales Engineer, Fanis Tsomis, our R&D team has confirmed that what is being asked for will require an RFE since this is not something we currently support in the product today.

Exception on Download File Type Prevention 1.png

Exception on Download File Type Prevention 2.png


Justin Cortez
Technology Leader | Workspace Cyber Security Products | Americas Workspace Security Team
sifislaz
Explorer
Wednesday
In response to jcortez
Jump to solution

Hi @jcortez,

thank you very much for your answer.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events