This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
misj2
Explorer
‎2025-01-10 02:27 AM
Jump to solution

How to prevent users from downloading specific files from Internet using Harmony

Hi All,

How can I configure the threat emulation policy to  prevent users from downloading specific files via Internet ?

I think its the Threat Emulation advanced options from looking at Admin guide but not sure how and need some help to point me in right direction.   We are still using the on-prem Infinity Portal on server and not migrated to cloud as yet.   

 

0 Kudos
2 Solutions

Accepted Solutions
_joel
Employee
Employee
‎2025-01-10 03:43 PM
In response to misj2
Jump to solution

Normally you have two options. Supported files and unsupported files. If you edit unsupported files, you are able to put a custom extension. 

Regarding DLP, yes this is true. Available only on cloud management and not planned on-prem as far as I know. The DLP feature requires an add-on license or its included on the ELITE package. 

View solution in original post

0 Kudos
_joel
Employee
Employee
‎2025-01-13 03:11 AM
In response to misj2
Jump to solution

I've checked and I think the only way to block upload of specific files is by using DLP. Didn't find on threat prevention policy. 

 

block_upload.png

View solution in original post

0 Kudos
13 Replies
AkosBakos
Mentor Mentor
Mentor
‎2025-01-10 03:54 AM
Jump to solution

Hi @misj2 

The solution only with Harmony feasible?

If on CP gateway -> the Content Awareness is for this!

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
misj2
Explorer
‎2025-01-10 04:07 AM
In response to AkosBakos
Jump to solution

Hi Akos,

We dont have content awareness enabled on gateways.

I think Harmony endpoint can do this just need to know how ?

0 Kudos
AkosBakos
Mentor Mentor
Mentor
‎2025-01-10 04:17 AM
In response to misj2
Jump to solution

Hi,

I'm not good at Harmony, so I would wait the experts in this topic.

Why I wrote this tip: this kind of demand arose at on of my customers, and this was the solution for them.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
misj2
Explorer
‎2025-01-10 04:26 AM
In response to AkosBakos
Jump to solution

Hi Akos,

Thanks will await response from Experts to see if there is a solution.   Cheers !

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-10 08:19 AM
Jump to solution

That's not the function of Threat Emulation, to the best of my knowledge.
Are the files on a specific website? URL Filtering might be useful.

0 Kudos
misj2
Explorer
‎2025-01-10 02:36 PM
In response to PhoneBoy
Jump to solution

There is a request to block files with .XPS extenstion outright.

0 Kudos
_joel
Employee
Employee
‎2025-01-10 01:25 PM
Jump to solution

Hello, 

You can configure that under : Threat Prevention > Policy Capabilities > Web & Files Protection > Advanced Settings > Download Protection > Override default file actions (download)

 
Select the File Extension and configure File Action with Block Download (see screenshot)
 
 
You can achieve the same using the DLP and configure a new data type with File attribute and maybe using regex if you have a specific file extension. 
 
 
 
 

 

block_download.png
Preview file
59 KB
0 Kudos
misj2
Explorer
‎2025-01-10 02:35 PM
In response to _joel
Jump to solution

I had a look at that but no option to add a new extension to the list , it looks like a predefined list ? Is there can we add to the list ?   

Not had a look at DLP which is on EPMaas  does that need a license ?

0 Kudos
_joel
Employee
Employee
‎2025-01-10 03:43 PM
In response to misj2
Jump to solution

Normally you have two options. Supported files and unsupported files. If you edit unsupported files, you are able to put a custom extension. 

Regarding DLP, yes this is true. Available only on cloud management and not planned on-prem as far as I know. The DLP feature requires an add-on license or its included on the ELITE package. 

0 Kudos
misj2
Explorer
‎2025-01-11 05:59 AM
In response to _joel
Jump to solution

Thank you I think I will give that a go !

0 Kudos
misj2
Explorer
‎2025-01-13 12:54 AM
In response to _joel
Jump to solution

Sorry last question the Threat Prevention only blocks downloads, how can you prevent access outright of specific files ?

 

 

0 Kudos
_joel
Employee
Employee
‎2025-01-13 03:11 AM
In response to misj2
Jump to solution

I've checked and I think the only way to block upload of specific files is by using DLP. Didn't find on threat prevention policy. 

 

block_upload.png

0 Kudos
misj2
Explorer
‎2025-01-13 04:07 AM
In response to _joel
Jump to solution

Ok Thanks !

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top