cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Olga_Kuts
Silver

Anti-Virus deep scanning reccomendation

Hello!

Are there any Check Point recommendations for Anti-Virus deep scanning enabling? In terms of performance we understand that performance impact is increasing, but what about security side? Are there some best practices about this?

Thanks!

0 Kudos
2 Replies

Re: Anti-Virus deep scanning reccomendation

Please refer the sk100633  (Best Practices - threats investigation using Threat Prevention Software Blades).
Following  Presentation: Investigative Best Practices with Threat Prevention in the sk will help you in better utilization of the threat prevention blades as per your environment.

Regards

Kiran Naidu

0 Kudos

Re: Anti-Virus deep scanning reccomendation

First off, AV Deep Scanning invokes components that were created by Kaspersky Labs:

sk118539: How to disable and remove Kaspersky Labs components from Check Point Security Gateway

From a performance perspective, deep scanning invokes additional inspection that takes place outside the kernel of the firewall in process space.  Any trip between the firewall's kernel and process space will cause a fair amount of extra overhead, I refer to these trips as the firewall's "fourth path" (in addition to SXL, PXL, F2F).

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com