- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello,
I see following behaviour:
any ideas?
That is on 81.10 IPS/AV/antibot.
kind regards,
Can you confirm HTTPS Inspection was done on the entire communication?
Also, is Mobile Access Blade involved with Exchange?
Hello,
I tested the less complex scenario via Client/Browser accessing the outlook web app, so only one destination fqdn and ip address (the VIP) is involved.
mobile aacess blade not involved.
kind regards,
mp2012
Please confirm yes or no that you are using Mobile Access Blade because your answer is unclear on this fact.
Also, you say the VIP is used, does that mean you are using NAT to expose your Exchange server via the Cluster IP?
In the past, we've had EICAR not flagged in specific circumstances:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
It might be worth a TAC case.
Hello,
sorry misunderstood. So yes, Mobile Access Blade is enabled and active on this gateway.
Complete communication path that is:
external client --> perimeter gw with https inspection rule --> Load Balancer VIP rev.proxy --> reverse proxy servers --> Load Balancer VIP exchange --> exchange servers
maybe goin to remove the rev.proxy setup if we're satisfied withe the https decryption setup.
Same setup works on sharepoint, but surprisingly its blocked as "Trojan.Win32.Mitaka.TC.a"
kind regards,
mp2012
If you're using Mobile Access Blade, HTTPS Inspection isn't relevant as the connection is terminating on the gateway anyway.
It also change the inspection flow a bit and what blades are supported.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
AV should be supported, though, which means EICAR should be flagged.
What version/JHF is the gateway?
Hi,
I mean Mobile Access Blade is enabled on this gateway, but not used in this scenario (thats why i mentioned ist as "not involved" in my initial post).
GW running 81.10 Take66.
Ok.
I think your best bet here is to involve the TAC.
Under certain conditions that may not be relevant anymore, EICAR was not flagged as malicious.
I don't think these conditions apply anymore, though, as they are for older versions running Traditional AV.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY