This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Tomer_Sole
Mentor
Mentor
‎2016-07-27 02:54 AM
Jump to solution

Which file types does Threat Emulation support? How can I make sure that I inspect them all?

In R77 SmartDashboard there was a notification for "new file types supported" and a link to configure. What is the alternative to this in R80?

0 Kudos
1 Solution

Accepted Solutions
Tomer_Sole
Mentor
Mentor
‎2016-07-27 03:08 AM
Jump to solution

R80 does not notify on newly supported file types for the Threat Emulation engine. A best practice would be to check the list of supported file types following every update to the blade.

To view all supported file types, click on Manage & Settings --> Blades --> Threat Prevention. Then select the Threat Emulation page and click on "file types". Check the file types that you wish to inspect in all of your profiles by default.

file-types.png

file-types2.png

The next step will be to check whether you would like your threat prevention profiles inspect all selected file types, or only a subset of them. By default they inspect all the selected file types from the previous step.

You can configure your threat prevention profile settings when navigating to Security Policies-->Threat Prevention-->Policy. Then the bottom part changes to "Threat Tools" with a link to the Profiles page.

navigation1.png   navigation2.png  navigation3.png

The profile settings have a Threat Emulation page. In this page, you can choose whether to inspect all supported file types (from the blade settings page) or to bypass some of them. To bypass, change the file types configuration from "all" to "specific", and then inside the configuration page, right click specific file types and change their action from "Inspect" to "Bypass".

profile0.png profile1.png   profile2.png

View solution in original post

0 Kudos
1 Reply
Tomer_Sole
Mentor
Mentor
‎2016-07-27 03:08 AM
Jump to solution

R80 does not notify on newly supported file types for the Threat Emulation engine. A best practice would be to check the list of supported file types following every update to the blade.

To view all supported file types, click on Manage & Settings --> Blades --> Threat Prevention. Then select the Threat Emulation page and click on "file types". Check the file types that you wish to inspect in all of your profiles by default.

file-types.png

file-types2.png

The next step will be to check whether you would like your threat prevention profiles inspect all selected file types, or only a subset of them. By default they inspect all the selected file types from the previous step.

You can configure your threat prevention profile settings when navigating to Security Policies-->Threat Prevention-->Policy. Then the bottom part changes to "Threat Tools" with a link to the Profiles page.

navigation1.png   navigation2.png  navigation3.png

The profile settings have a Threat Emulation page. In this page, you can choose whether to inspect all supported file types (from the blade settings page) or to bypass some of them. To bypass, change the file types configuration from "all" to "specific", and then inside the configuration page, right click specific file types and change their action from "Inspect" to "Bypass".

profile0.png profile1.png   profile2.png

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events