This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
misj2
Explorer
yesterday
Jump to solution

How to prevent users from downloading specific files from Internet using Harmony

Hi All,

How can I configure the threat emulation policy to  prevent users from downloading specific files via Internet ?

I think its the Threat Emulation advanced options from looking at Admin guide but not sure how and need some help to point me in right direction.   We are still using the on-prem Infinity Portal on server and not migrated to cloud as yet.   

 

0 Kudos
1 Solution

Accepted Solutions
_joel
Employee
Employee
yesterday
In response to misj2
Jump to solution

Normally you have two options. Supported files and unsupported files. If you edit unsupported files, you are able to put a custom extension. 

Regarding DLP, yes this is true. Available only on cloud management and not planned on-prem as far as I know. The DLP feature requires an add-on license or its included on the ELITE package. 

View solution in original post

0 Kudos
(1)
10 Replies
AkosBakos
Leader Leader
Leader
yesterday
Jump to solution

Hi @misj2 

The solution only with Harmony feasible?

If on CP gateway -> the Content Awareness is for this!

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
misj2
Explorer
yesterday
In response to AkosBakos
Jump to solution

Hi Akos,

We dont have content awareness enabled on gateways.

I think Harmony endpoint can do this just need to know how ?

0 Kudos
AkosBakos
Leader Leader
Leader
yesterday
In response to misj2
Jump to solution

Hi,

I'm not good at Harmony, so I would wait the experts in this topic.

Why I wrote this tip: this kind of demand arose at on of my customers, and this was the solution for them.

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
misj2
Explorer
yesterday
In response to AkosBakos
Jump to solution

Hi Akos,

Thanks will await response from Experts to see if there is a solution.   Cheers !

0 Kudos
PhoneBoy
Admin
Admin
yesterday
Jump to solution

That's not the function of Threat Emulation, to the best of my knowledge.
Are the files on a specific website? URL Filtering might be useful.

0 Kudos
misj2
Explorer
yesterday
In response to PhoneBoy
Jump to solution

There is a request to block files with .XPS extenstion outright.

0 Kudos
_joel
Employee
Employee
yesterday
Jump to solution

Hello, 

You can configure that under : Threat Prevention > Policy Capabilities > Web & Files Protection > Advanced Settings > Download Protection > Override default file actions (download)

 
Select the File Extension and configure File Action with Block Download (see screenshot)
 
 
You can achieve the same using the DLP and configure a new data type with File attribute and maybe using regex if you have a specific file extension. 
 
 
 
 

 

Preview file
59 KB
0 Kudos
misj2
Explorer
yesterday
In response to _joel
Jump to solution

I had a look at that but no option to add a new extension to the list , it looks like a predefined list ? Is there can we add to the list ?   

Not had a look at DLP which is on EPMaas  does that need a license ?

0 Kudos
_joel
Employee
Employee
yesterday
In response to misj2
Jump to solution

Normally you have two options. Supported files and unsupported files. If you edit unsupported files, you are able to put a custom extension. 

Regarding DLP, yes this is true. Available only on cloud management and not planned on-prem as far as I know. The DLP feature requires an add-on license or its included on the ELITE package. 

0 Kudos
(1)
misj2
Explorer
14 hours ago
In response to _joel
Jump to solution

Thank you I think I will give that a go !

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events