This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_Munoz
Participant
‎2017-08-25 09:08 AM

SandBlast Chrome plug-in setup

Hi everyone, I don't find where to setup the options of sandblast chrome plugin, in smartendpoint console. The management server is a R77.30.03. The client has some issues with the pop-up windows of the plug-in when scanning PDF files, they have an internal site that has many previews of PDF's files, and when they get in, the sandblast plug-in pop-up windows, start to pop in one after another for each file preview. They want to turn off the pop-up windows, but I don't find where to setup this.

In advance, thanks for your help.

6 Replies
Lior_Arzi
Employee Alumnus
Employee Alumnus
‎2017-08-25 10:32 AM

The web extension plugin settings are under the “SandBlast Agent Threat Extraction and Emulation” policy section in SmartEndpoint.

 

The setting for it is under the first action of “Protect web downloads …”.

But in the scenario you describe, I think that what you want is to exclude this internal site from inspection, as the documents there are probably trusted.

To do this, go to the 4th action. In your case it is probably “Inspect all domains and files” and add this internal domain to the exclusion list.

0 Kudos
David_Munoz
Participant
‎2017-08-25 12:11 PM
In response to Lior_Arzi

Thank you for your answer.
Exactly, the documents are trusted, but in case the files became infected, when the user downloads it, the SBA will prevent the computer to get infected, right?

additionally, If the option of Protect web downloads is disable, the browser extension doesn't scan files being downloaded, but the browser extension zero phishing it's still active?

0 Kudos
Ziv_Sahar
Employee Alumnus
Employee Alumnus
‎2017-08-28 10:35 PM
In response to David_Munoz

Hi David,

If the customer has SBA with TE blade running, then once the file will be downloaded and stored on the drive, the TE will emulate it and block if it is malicious.

as for the second question:
1. if web downloads is disable, Zero Phishing will still work  

2. if a domain is excluded for emulation\extractin, it will also be excluded from zero phishing

0 Kudos
David_Munoz
Participant
‎2017-08-29 07:59 AM
In response to Ziv_Sahar

Thank you very much, that's all I needed to understand.

0 Kudos
Ted_Serreyn
Collaborator
‎2018-09-11 06:59 AM
In response to Ziv_Sahar

I have a client with SBA with TE blade running and Anti-phising is still blocking even though we have added the site in question to the exclusions for inspect all domain and sites, but anti-phish is still happening and blocking.

0 Kudos
Olga_Kuts
Advisor
‎2018-09-11 07:22 AM
In response to Ted_Serreyn

Hello!

You must sign in / sign out on the computer after policy install.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events