cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Ashish_Shah2
Ashish_Shah2 inside IPS, Anti-Virus, and Anti-Bot 3 hours ago
views 119 6

Geo Policy Blacklist

Hi,I have Geo protection configured in my setup and we are blocking traffic to & from certain countries in policy. Still I can observe traffic from those countries are getting permitted (ingress or egress). I have observed this behavior mainly...

CVE-2019-11358

Any idea if CVE-2019-11358 has an IPS protection? The CVE was released 4 days agohttps://securityaffairs.co/wordpress/84340/hacking/jquery-javascript-library-flaw.html

Licensing difference - CPLIC Print and smartmonitor expiration date

Hello i recently noticed sometihng that had never noticed before, my IPS blade via CLI , shows (cplic print) that expiration date is : NEVER but from smartmonitor it shows october 2019. Is the first part only for the license in general and th...

R80.20 and ICAP client and read-only

Not sure if this is the right board or not.  If not, kindly let me know and I can move. My question is concerning R80.20 and ICAP client.  Have a customer that we got this working but during the setup we noticed that they had an iss...

URL Filtering - Internal system error in RAD process

Hi guys,I'm currently facing with this error "URL Filtering  -  Internal system error in RAD process (91)" in my installation.I'm using a Checkpoint 3100 in R80.20 version, latest take available.When a user is matching a rule with URL fi...

IPS, Follow Up & Staging

Hello,I have read a couple of discussions but could not find something completely related to my question. The (long) introduction:In R77.30 SmartDashboard there was the flag Follow Up option for IPS which I found very useful and new IPS signatures...

IOC time checking

How are you all? Lets say If I run the following command: ioc_feeds add --feed_name ip_list --transport http --resource "https://QradarIPaddress/quarantine-ips.txt" --format [value:1,type:ip]What is the frequency that the file will be fe...
ED
ED inside IPS, Anti-Virus, and Anti-Bot a week ago
views 316 16 1

IPS exception not working

Hi,IPS is preventing a protection even if I have an exception for that under Threat Prevention layer:Under protected Scope is the server initiating the backup job. Action is set to inactive but still it's getting prevented. I don't get a hit on th...
G_W_Albrecht
G_W_Albrecht inside IPS, Anti-Virus, and Anti-Bot a week ago
views 629 5 1

IPS updates on R77.30 & R77.20.80 GWs not reflected in Dashboard

The R80.20 Dashboard has a valuable interface to confirm that the latest IPS update version is installed on the managed Gateways. It can happen that the SMS has already updated to the current IPS version, but some Gateways not; a policy install wi...
Yonghao_Gao
Yonghao_Gao inside IPS, Anti-Virus, and Anti-Bot a week ago
views 186 5 1

Anti-Virus log prompt: "background classification mode was set"

Dear FW:23500     Version:R80.10       Hotfix:R80_10_JUMBO_HF_Bundle_T56_sk11638I have set hold mode,refer to screenshots below:TP configuration as follow:But the log shows as follow:Description:  &nbsp...

Threat Prevention did not prevent first time e-mail with mailware file. Bridge GW+TE100X

Hello there! I have the situation here and need your advise.We assume that CheckPoint does not use “Gradual hold” 1 byte delay of the SMTP traffic for some reason until the end of the Threat Emulation in Sandblast.The attached screenshot shows tha...

Preboot Auth after hibernation

Is it possible to enable CP EPS to ask again user to enter credential in Preboot when computer is resumed from hibernation? At this moment when computer is resumed from hibernation, it boots directly to Windows. In this situation we have one ...
Jin_Zhou
Jin_Zhou inside IPS, Anti-Virus, and Anti-Bot 2 weeks ago
views 34 1

Will IPS inspect decrypted traffic on a gateway with site-to-site VPN?

I am trying to figure out IPS workflow on an R80.10 gateway with site-to-site VPN. Does it inspect the traffic after it is decrypted or just the encrypted traffic which probably won't have much to be inspected. Thanks.
Karlis_Erglis
Karlis_Erglis inside IPS, Anti-Virus, and Anti-Bot 2 weeks ago
views 40 2 1

Anti-Malware False Positive to Office vba

We came across following problem with Office vba.Some of our vba macros for out analytics contains CommandBarControl object. Theses files been classified by CP as infected with malware - HEUR:Trojan-Downloader.Script.Generic.  Is th...

Creating new Interfaces in Azure Cloud Guard

Hi,I have deployed CloudGuard IaaS in Azure. I have added frontend and backend vnets. My requirement is to add 3 or more interfaces (Management, DMZ and Intranet- to connect On-Prem servers and so on). Any suggestion that this is feasible and...