Create a Post
Showing results for 
Search instead for 
Did you mean: 

"Last update" in protection

Hello Team!

The “Last update” column in protection in SmartConsole has incorrect last update dates. All protections have been successfully updated, and we have recently seen fresh dates there.

This occurs on ALL of our management servers, so it seems to be a massive problem.
Do you have the same problem ?
Have you received any comments from TAC ?
Our management servers are versions 81.10 and 81.20
Also, the actions from sk171644 do not help.



0 Kudos
5 Replies
Employee Employee

"Massive" problem might be exaggerating a touch for something that sounds cosmetic.

What is the uptime of both machines, how do they reach the internet and which Jumbo take is applied?

0 Kudos

After rebooting, the problem persists.
Problem on R81.10 with JH 139 and R 81.20 with JH 24
Internet access without proxy server.

0 Kudos

Do you refer to this column (see image)? If so the value refers to an update in an existing protection and not to the overall IPS version update.

This allows you to know which older protections were updated recently with new signatures or definitions etc.

Details on the IPS Package version is available in several locations in SmartConsole and directly on the machines (see second image)


IPS Protections.png




IPS Version.png

0 Kudos


Thanks for your explanation, but no I mean this: protections.png

0 Kudos
Legend Legend

For the AV/ABOT blades, the "Last Update" does not mean what you think it means when compared to something like the IPS blade.  Check Point seems to be a bit cagey about what is going on with AV/ABOT updates and there is little documentation, but allow me to explain my understanding of this which granted may not be 100%:

The IPS feature exclusively uses a traditional set of patterns/signatures that are downloaded in their entirety as one big database file, and once the database is downloaded and slipstreamed into the existing Threat Prevention policy on the gateway, the IPS blade operates 100% autonomously with no live interaction with the ThreatCloud needed for enforcement.  However Anti-Virus and Anti-Bot use a combination of memory-based caches and constant interactions with the Check Point ThreatCloud via the rad process to help keep the caches populated.

Normally Check Point gateways will interact with the Check Point ThreatCloud servers with no consideration given to which countries those servers are actually located in. But interestingly it is possible to configure the gateway to only obtain ThreatCloud updates from Check Point servers located in certain countries and avoid undesirable countries; here are some interesting examples: sk168057: Restricting Threat Prevention Gateways to China (Geo-Restriction) & sk97877: Restricting Gateways to Send Files for Emulation only in a Specific Country (Threat Emulati...

There really isn’t a big "database download" for all AV/ABOT-based protections like there is for IPS, but AV/ABOT do have a big signature database they download for a portion of their inspection duties,  I believe this is the "Update Number" shown in cpview on the Software-blades...Overview screen and the Gateways & Servers tab of SmartConsole, but NOT on the "Protections" screen shown in your last post.  While not clearly documented, the actual scanning engines employed by AV/ABOT can also be modified or enhanced by Check Point via these updates "on the fly" in response to new threats.

All of this will be covered in the upcoming Check Point Threat Prevention Specialist (CTPS) course that should be available worldwide from ATCs in Q3 2024.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events