Showing results for 
Search instead for 
Did you mean: 
Post a Question
s_milidrag inside IPS, Anti-Virus, and Anti-Bot 6 hours ago
views 41 6

Inspection Settings

Hi Check MateI am pretty confused about the difference between core protections and protections listed in Inspection settings.What is the difference between them ?In Inspection Settings there are two profiles "Recommended Inspection" and "Default ...

Can we block exe download for specific networks only without using HTTPS inspection in CP R80.20?

Hi Everybody,We just tried to block exe download for specific user/network by enabling content awareness and through using it in the access policy as shown in screenshot attached herewith. But it is not working.Is HTTPS Inspection mandatory for th...
goh_wei_ming inside IPS, Anti-Virus, and Anti-Bot 12 hours ago
views 17 2

Https inspection for ips incoming traffic with thrid party CA

Hi All I have a deployment of cloudguard on aws and the requirement is to perform HTTPs inspection on incoming IPS traffic.There is a web server behind the cloudguard and using third party sign cert. Here comes my question, in order...

Logic for RDP Brute Force detection?

As Check Point does not publish its rules/logic for signatures, I am looking for help understanding the RDP brute force login signature.Endpoint logs would be the source of truth (audit logs). How is this being detected on the wire? Edit: Her...

Sandblast on-premise emulation, file size

We have an on-premise Sandblast. 'Tecli s s' shows that 'scanned files' and 'scanned files remotely' is the same, 6215. However, when I run the same command on the Sandblast it shows a different number, 172. Shouldn't those two be the same - 6215 ...
Adrian_Bawn inside IPS, Anti-Virus, and Anti-Bot Friday
views 6086 10 3

MTA configuration examples

Hi all, I have been looking around and I don't seem to be able to find a direct answer to my issue so I figure I will need to post the question.Is there a suggested configuration for how to setup mail-flow through checkpoint gateways including TLS...
inside IPS, Anti-Virus, and Anti-Bot Friday
views 6383 8 15

IPS Analyzer Tool - How to analyze IPS performance efficiently

(1) IntroductionThe IPS Analyzer Tool collects information about the IPS Protections usage. The IPS statistics information indicates which patterns out of all IPS protections were called into action (but not necessarily matched) and how ...

Automatic Reaction E-mail Query

Hi,We monitor customer checkpoint for every 4 hours to check for unblocked IPS blade alerts.I got to know that we can automate  this through E-mail alerts through smart event E-mail automation few questions regarding it.It's for R77.30.031) D...

Detect Client's App or Service Request To Malicious Website

Dear All,I have one concern from my client as they tracked on SmartTracker and SmartEvent and see some traffics from client to malicious URL in the network. And we want to know which application or which service are performing this action? So any ...

VPN Mitigation

Yuval Raban‌sandblast mobile‌ vpn traffic vpn tunnel# vpn proxy Pamela LeeHey there, I am keen to start a community conversation about the new VPN mitigation features that SandBlast Mobile has!For those not familiar, if you are...
102ac7c9-fa30-4 inside IPS, Anti-Virus, and Anti-Bot 2 weeks ago
views 151 5 1

receiving a lots of email antimalware alert email

hi, we are receiving lots of email antimalware , i applied fix describe her sk89160 but still sending emailsthis is the alert3Jan2019 11:51:21 ctl    fw1 >daemon mail descriptionM Compile error for request resource

cp_file_convert always coredump

Hi all,We're using Threat Prevention on a R80.10 VSX virtual system configured with MTA support.The Threat Extraction is configured to convert to pdf in the policy, file types like docx, pps, xls etc. are according to profile converted to pdf then...
ED inside IPS, Anti-Virus, and Anti-Bot 3 weeks ago
views 130 5 1

Deactivate category threat year in IPS

Hi,In IPS profile you can deactivate protections based on the category threat year. Here is an example of a protection:Tags:Vendor: MicrosoftProduct: OfficeThreat Year: 2010Protection Type: VulnerabilityProtocol: HTTP...

MTA Email status "new"

On the MTA overview of SmartView it is possible to see the email status.I see 3 possible status:DeliveredBouncedNewThe status delivered is quite obvious, the status bounced is emails not delivered, but the status new I do not what is the meaning.C...
Blason_R inside IPS, Anti-Virus, and Anti-Bot 3 weeks ago
views 47 4 1

Can we export DNS domains or hostnames from Threat prevention report to sinkhole?

Hi There,I am seeing lot of DNS requests are being detected hence wondering if we can export those domain names or hostnames in CSV format so that those can be sinkhole or how can I put those queries in Prevent mode since I am not seeing any Polic...