cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Odd behaviour of profile

Hi, Even with R80.30 EA there is an odd issue with the profile. I want IPS only. Byt if I disable ThreathExtraction it barfs on me with something I considere a silly error. As you can see on the 3 attached screenshots.    
Admin

How do I test if Anti-Bot and/or Anti-Virus is Working?

We offer a couple of test links you can access from behind your Security Gateway where Anti-Bot and Anti-Virus is working: Anti-Virus Test -- Downloads the standard EICAR AV test file Anti-Bot Test -- Accesses a link that is flagged by ...

Https inspection for ips incoming traffic with thrid party CA

Hi All I have a deployment of cloudguard on aws and the requirement is to perform HTTPs inspection on incoming IPS traffic.There is a web server behind the cloudguard and using third party sign cert. Here comes my question, in order...

Sandblast on-premise emulation, file size

We have an on-premise Sandblast. 'Tecli s s' shows that 'scanned files' and 'scanned files remotely' is the same, 6215. However, when I run the same command on the Sandblast it shows a different number, 172. Shouldn't those two be the same - 6215 ...

Inspection Settings

Hi Check MateI am pretty confused about the difference between core protections and protections listed in Inspection settings.What is the difference between them ?In Inspection Settings there are two profiles "Recommended Inspection" and "Default ...

Can we block exe download for specific networks only without using HTTPS inspection in CP R80.20?

Hi Everybody,We just tried to block exe download for specific user/network by enabling content awareness and through using it in the access policy as shown in screenshot attached herewith. But it is not working.Is HTTPS Inspection mandatory for th...

Logic for RDP Brute Force detection?

As Check Point does not publish its rules/logic for signatures, I am looking for help understanding the RDP brute force login signature.Endpoint logs would be the source of truth (audit logs). How is this being detected on the wire? Edit: Her...
Adrian_Bawn
Adrian_Bawn inside IPS, Anti-Virus, and Anti-Bot a week ago
views 6175 10 3

MTA configuration examples

Hi all, I have been looking around and I don't seem to be able to find a direct answer to my issue so I figure I will need to post the question.Is there a suggested configuration for how to setup mail-flow through checkpoint gateways including TLS...
Omer_Shliva
inside IPS, Anti-Virus, and Anti-Bot 2 weeks ago
views 6449 8 16
Employee

IPS Analyzer Tool - How to analyze IPS performance efficiently

(1) IntroductionThe IPS Analyzer Tool collects information about the IPS Protections usage. The IPS statistics information indicates which patterns out of all IPS protections were called into action (but not necessarily matched) and how ...
Shreyas_Markapu
Shreyas_Markapu inside IPS, Anti-Virus, and Anti-Bot 2 weeks ago
views 120 3 1

Automatic Reaction E-mail Query

Hi,We monitor customer checkpoint for every 4 hours to check for unblocked IPS blade alerts.I got to know that we can automate  this through E-mail alerts through smart event E-mail automation few questions regarding it.It's for R77.30.031) D...

Detect Client's App or Service Request To Malicious Website

Dear All,I have one concern from my client as they tracked on SmartTracker and SmartEvent and see some traffics from client to malicious URL in the network. And we want to know which application or which service are performing this action? So any ...

VPN Mitigation

Yuval Raban‌sandblast mobile‌ vpn traffic vpn tunnel# vpn proxy Pamela LeeHey there, I am keen to start a community conversation about the new VPN mitigation features that SandBlast Mobile has!For those not familiar, if you are...
102ac7c9-fa30-4
102ac7c9-fa30-4 inside IPS, Anti-Virus, and Anti-Bot 3 weeks ago
views 173 5 1

receiving a lots of email antimalware alert email

hi, we are receiving lots of email antimalware , i applied fix describe her sk89160 but still sending emailsthis is the alert3Jan2019 11:51:21 ctl    fw1 >daemon mail descriptionM Compile error for request resource cl.ly(+)R...

cp_file_convert always coredump

Hi all,We're using Threat Prevention on a R80.10 VSX virtual system configured with MTA support.The Threat Extraction is configured to convert to pdf in the policy, file types like docx, pps, xls etc. are according to profile converted to pdf then...
ED
ED inside IPS, Anti-Virus, and Anti-Bot 3 weeks ago
views 179 5 1

Deactivate category threat year in IPS

Hi,In IPS profile you can deactivate protections based on the category threat year. Here is an example of a protection:Tags:Vendor: MicrosoftProduct: OfficeThreat Year: 2010Protection Type: VulnerabilityProtocol: HTTP...