This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sagar_Manandhar
Advisor
‎2017-08-02 04:18 PM
Jump to solution

Block .exe file download

I got the queries, if it is possible to implement a policy which block the client from downloading the executable(exe) files in  checkpoint.

Our client were using fortinet 200D where we found such policy. So, we need to make that same policy to checkpoint.

Regards,

Sagar Manandhar

1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2017-08-02 07:23 PM
Jump to solution

Refer to the following SK: How to block any File Type Family to Anti-Virus scan in R77.XX 

These instructions should also apply for R80.x as well.

View solution in original post

13 Replies
PhoneBoy
Admin
Admin
‎2017-08-02 07:23 PM
Jump to solution

Refer to the following SK: How to block any File Type Family to Anti-Virus scan in R77.XX 

These instructions should also apply for R80.x as well.

dorj_erdeneochi
Explorer
‎2018-03-26 02:09 AM
In response to PhoneBoy
Jump to solution

i did it. but it is not working. ?

0 Kudos
Dor_Marcovitch
Advisor
‎2018-03-26 04:01 AM
In response to PhoneBoy
Jump to solution

from what i know AV blade check only file extension and not the MimeType of the file

0 Kudos
dorj_erdeneochi
Explorer
‎2018-03-29 12:18 AM
In response to PhoneBoy
Jump to solution

How does customers add this specific the file type families. is it possible for customer

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2018-03-29 02:03 AM
In response to dorj_erdeneochi
Jump to solution

yes.

Norbert_Bohusch
Advisor
‎2017-08-02 11:43 PM
Jump to solution

Starting with R80.10 this could also be achieved by using the new Content Awareness features. So there would be no need for an Anti-Virus license (NGTP bundle), but an NGFW bundle would be sufficient.

0 Kudos
Tomer_Sole
Mentor
Mentor
‎2017-08-03 01:31 AM
Jump to solution

simply create this rule:

How to enable Content Awareness:

1. Make sure you have an R80.10 Gateway

2. Edit the gateway and enable the Content Awareness blade.

3. Edit the current security policy layer and enable the Content Awareness blade.

4. The new "Content" column will show up in the rulebase.

PhoneBoy
Admin
Admin
‎2017-08-03 08:05 AM
In response to Tomer_Sole
Jump to solution

I wish I could mark both our solutions as correct in Jive Smiley Happy

Kevin_Vargo
Collaborator
‎2019-01-22 06:28 AM
In response to Tomer_Sole
Jump to solution

For my own clarity, this seems to work with both HTTP and HTTPS in my lab.  I am not doing HTTPS inspection, can I ask how this works with HTTPS?  My assumption was that I'd still be able to download an EXE, but I was wrong.  I don't know too much about Content Awareness possibilities, but it is intriguing.

Gaurav_Pandya
Advisor
‎2017-11-30 04:05 AM
Jump to solution

Yeah. So if you have lower version than R80.10. You can achieve it by  Antivirus blade as well as DLP blade.

0 Kudos
Martin_Raska
Advisor
Advisor
‎2018-03-27 11:51 PM
In response to Gaurav_Pandya
Jump to solution

Guys,

correct me If I am wrong, for activation Content Awareness blade, I need DLP license which is not part of NGFW nor NGTP/TX bundle.

0 Kudos
Pedro_Silva
Contributor
‎2019-03-05 10:25 PM
Jump to solution

Trying to configure a Content Awareness rule for this scenario.

I have an inline rule configured for web browsing (rule 17):

I have more detailed inline rules below this (rule 17.x)

I wish to create content awareness checks at the lower levels of the inline rule but the Content column is greyed out?

R80.20 SM Admin Guide shows that this should be possible.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events