This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rafal_N
Contributor
‎2019-02-13 03:06 AM

Mobile Access Portal + other blades?

Hi,

I try to scan files that are uploaded using Mobile Access Portal - File Shares, Web Applications but it looks like that all other security blades (AV,TE) ignores them. I triple check my TP policy and it seems to be ok.

Does anybody can confirm that it should work and there is something in my configuration or is it something that gateway can't do at all.

7 Replies
PhoneBoy
Admin
Admin
‎2019-02-13 08:59 PM

All the blades are supposed to work with Mobile Access Blade as noted in the documentation.

How are you determining that the blades are "ignoring" files uploaded via file shares?

Note the blades usually don't generate a log unless a file is malicious.

0 Kudos
Rafal_N
Contributor
‎2019-02-15 06:32 AM

I'm uploading malware test file "eicar.com" that gateway normally recognized without issue. Only when I transfer it using Mobile Access Portal it doesn't work. I thought it was only for Fileshare (some CIFS issue) but i add web aplication using http (not https) and file isn't scan at all. 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-15 11:51 AM
In response to Rafal_N

EICAR is kind of a special case

As there have been a few false positives with EICAR, and it's not really malicious, we don't detect EICAR by default.

Execute the following command on the gateway: fw ctl set int g_ci_av_eicar_handling_mode 2

Then repeat your test. 

Rafal_N
Contributor
‎2019-02-18 05:08 AM

I have set it to 2 previous it was set to 0.  g_ci_av_eicar_handling_mode = 2

But changing this setting doesn't help. Eicar is and was recognized if i download it form web site but if i uploaded it using Mobile Access Portal interface it doesn't.

Even if I establish tunnel (IPSEC or SSL/Connect)  and uploading eicar file to web application it is blocked as it should.

If I open Mobile Access Portal and without tunnel open that same web application only define as http URL in portal it is passed without scan. 

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-19 12:33 AM
In response to Rafal_N

Recommend opening a TAC case so we can investigate this more closely.

How To Open a Case with TAC and/or Account Services

0 Kudos
Rafal_N
Contributor
‎2019-02-19 01:04 AM

I got statements, that Traditional AV and Anti-Virus is not supported with Mobile Access portal. So probably TE does not work either. It should be write red capital letters in documentation in Mobile Access Portal.

I try to figure out some workaround how to solve it because it is big surprised for me. Any ideas and suggestion will be nice.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-23 06:23 AM
In response to Rafal_N

Please send me the TAC SR in a private message.

The documentation explicitly contradicts this, so I'd like to get to the bottom of it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top