This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Denis_Wahome_9A
Participant
‎2024-02-06 06:03 PM

Exempting downloads from particular domains from scanning

Hi,

We have a scenario where files that have MS excel macros are needed for day to day running of the business.

We are using Harmony Endpoint Client on all our machines, the files that we download are from legitimate sites that are familiar with, would like to exempt them from both Browse protection and Emulation, these two protections identify the legitimate files as malicious.

How can we exempt using the source as the domain? 

0 Kudos
12 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-02-06 07:40 PM

I will check tomorrow for you, but though I dont do much endpoint myself, I believe this can be done in the policy.

Best,

Andy

Best,
Andy
PhoneBoy
Admin
Admin
‎2024-02-07 05:38 AM

See: https://support.checkpoint.com/results/sk/sk128472 

0 Kudos
Denis_Wahome_9A
Participant
‎2024-02-07 09:37 AM
In response to PhoneBoy

Thank you for this. Will follow the steps and give feedback.

the_rock
MVP Platinum
MVP Platinum
‎2024-02-07 05:44 AM

As promised, this is it. But, what Phoneboy sent appears to be the right sk.

Best,

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos
Denis_Wahome_9A
Participant
‎2024-02-07 09:37 AM
In response to the_rock

Thank you for getting back to me. I will try the solution and give feedback.

0 Kudos
Denis_Wahome_9A
Participant
‎2024-02-08 05:18 PM
In response to Denis_Wahome_9A

We were able to get the files from the site (there are multiple xls with macros from the same site) however, when the users try to open them, the files are Quarantined by Threat Emulation and Anti-Exploit. I still need assistance with this.

Preview file
58 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-02-08 05:20 PM
In response to Denis_Wahome_9A

Did you make an exceptions as we discussed?

Andy

Best,
Andy
0 Kudos
Denis_Wahome_9A
Participant
‎2024-02-08 05:55 PM
In response to the_rock

Yes i did. 

Preview file
18 KB
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-02-08 06:02 PM
In response to Denis_Wahome_9A

If that did not work, I would see if you can do remote with TAC, not sure what else could be missing.

Best,

Andy

Best,
Andy
0 Kudos
Denis_Wahome_9A
Participant
‎2024-02-08 06:07 PM
In response to the_rock

Will open case later in the day. 

Thank you for your time.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-02-08 06:09 PM
In response to Denis_Wahome_9A

Sounds like a plan. Keep us posted how it gets solved.

Best,

Andy

Best,
Andy
0 Kudos
AdiGH
Employee
Employee
‎2024-02-13 09:38 AM
In response to Denis_Wahome_9A

Hey, 

According to the screenshot, you've excluded it from web downloads but not from other blades. 

I would also suggest to move to smart exclusions where creating exclusions provides many more capabilities and is also more user friendly. If you want to join the EA provide me with your tenant ID via a private msg or alternatively reach out to us via the feedback button in the portal. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events