Showing results for 
Search instead for 
Did you mean: 
Create a Post

"Your Sandblast for Office365 Mail report" shows no activity

For the past two days, the daily "Your Sandblast for Office365 Mail report" has reported No General Activity, no emails, no files. Needless to say, it is unlikely this report is accurate.this happened a few weeks ago and then with no remediating action, it started reporting activity again.Can someone point me in a direction to investigate?

How can I switch off a notification from Threat Emulation?

Good day! How can I switch off a notification file from Threat Emulation? I mean if TE removes an attachment from a mail, it will sent to user a file with the message "Original attachment (unsafe string) was found to be malicious." instead of an original attachment. I don't want that TE sent anything to users.
Kim_Moberg inside SandBlast Cloud for Office 365 2018-08-09
views 5423 5 20

Sandblast for Office 365 Log Transport Agent

Hi,I have been reading the administration guide for Sandblast Cloud, and I want to push logs to our gateway mgmt log server on R80.10.I am confused about why it is mention installation on linux or windows. doesnt it run on gateway mgmt?Text from the guide.The Log Transport Agent (LTA) utility transfers logs from your SandBlast Cloud account to a designated Log Server inside your internal corporate network. By default, logs are stored in the SandBlast Cloud for 30 days before being marked for deletion. Logs are generated each time SandBlast Cloud checks an email.The designated Log Server can be:A Check Point Log ServerA Check Point Security Management Server that also functions as a Log ServerBest practice is to run the Log Transport Agent directly on your designated Log Server.Anyone managed to have it installed to R80.10? I know of R77.30 one have to installed a plugin into mgmt to be able to connect to the office 365 instance to get centralized logs.Thanks
IT_Admins_Nicol inside SandBlast Cloud for Office 365 2018-07-15
views 3978 3 6

Sandblast Cloud license renewal

hello, we are using checkpoint sandblast cloud and our license is almost expired. We have requested a renewal ( 1 year ) from our partner. Are there any actions that need to performed in order to activate the license ?
Danny inside SandBlast Cloud for Office 365 2018-06-05
views 3895 2 15

Cloud Geo Restriction and Scheduled Maintenance?

Check Point Services Status writes: Scheduled Maintenance in Frankfurt data center May 6, 2018 07:00-09:00 UTC Upgrading Frankfurt data center network infrastructure. During this time all cloud traffic will be routed to US data center - degraded performance may be occurred. Posted on May 2, 08:42 UTC Many German Check Point customers use Cloud Geo Restriction (sk97877) to make sure their data don't leave Frankfurt, Germany. What happens with their data when Frankfurt is in maintenance mode? WIll their traffic be routed to the US or will their configuration be respected?
Gianluca_Giorda inside SandBlast Cloud for Office 365 2018-05-24
views 5439 4 17

configuring sandblast cloud for office365

Hi teamlooking at how to implement sandblast cloud for O365 in the administration guide, I find "SandBlast Cloud for Office 365 uses the native Microsoft API and requires that you configure MX records to reroute email to an MTA (Mail Transfer Agent)."After the document doesn't describe how to retrieve the FQDN or the IP address that I will use in my MX for rerouting the SMTP flow.Looking anywhere in the supportcenter, I don't find additional information.How can retrieve the information for configuring properly the record MX?In addition I'd like to know if in R80.10 is still present Cloud Connector for O365?regards
MCG_Alerting inside SandBlast Cloud for Office 365 2018-05-09
views 3849 1 9

Problem with attachment write in Polish

I'm using the sandblast for office365 I worked for an international company which have a local antenna in Poland.When we use threat extraction with text in polish (like pdf or docx,...), the result of the extraction is strange becasuse some characters are unreadable. Can we do something for that ?
Marco_Coletti inside SandBlast Cloud for Office 365 2018-04-03
views 4324 2 8

License Key for SandBlast Cloud?

We use Carbon Black Protect (formerly Bit9) in our environment and are looking to test its integration with Check Point. In the Carbon Black config is a section for enabling a 'Connector' for Check Point. We want to enable this to take advantage of SandBlast Cloud but are required to enter a 'License Key' to enable it in Protect.We are licensed for this but our support vendor for CP and our own staff aren't aware of where or how we would find this key.Can anyone tell me how we would get/find this License Key?Thanks
Haim_Harush inside SandBlast Cloud for Office 365 2018-02-01
views 1061 2 10

License not released

Hello,I've a client who complain about "lost" licenses, by lost he mean that even if a mailbox is deleted or excluded from the policy , used licenses does not decrease. as far as i know there is an auto update/sync between O365 and SB Cloud which occur every hour just for this kind of anyone else have this kind of problem?I'll be glad to have explanation on how it shoud work and if  there is any plan to make the SB cloud management environment richer with management tools and sync with O365?Thanks,

Two factor authentication - Sandblast Cloud

Hi team, could someone please let me know if there is a way to implement the two factor authentication for the sandblast cloud manager? Thanks

Cloud O365 Questions.

I currently have 2 questions about cloud office 365, thank you if you can help me solve them.1) What is the difference between the action allow and accept, I currently have the policy in prevent and I see this constant traffic.2) currently my client migrated to cloud O365 with their symantec PGP cloud service, how would our inspection around these encrypted emails or these mail already be in clear text.thanks for your help

Sandblast TE250X on premises engine Release 6.9/55.990001702 not available

As per sk95235 engine Release  6.9/55.990001702 is available since 26 Sep 2017 and for  Deployment: 26/09-10/10.My TE250X engine remain is version in 6.8.2/54.990001557.What does mean Deployment: 26/09-10/10 ? The engine availability for Customer using threat emulation in the cloud ? When will the latest version be available for on premises ? I have an open case at checkpoint but it seems difficult for them to answer this simple question.Why this question ? Simply because I have a zip that contains a malicious javascript. In the Checkpoint Cloud this java script is detected as malicious (i use this link to test but it is not on my Te250X on premises when i download it on http with a browser.The sk106123 specifies the File types supported by SandBlast Threat Emulation and that for .js / .js : these files are supported when arriving in archive as email attachment only. The protection is for the use of the files.I can understand that for http feeds it is not possible to analyze javascript loaded by html pages without generating a high latency for users as far as most pages contain javascript.But when javascript is in a zip it should be. No ?So my problem is related to the version of the engine or to this specific case? In this case why this difference between the cloud and the version on premise?ThanThanks
inside SandBlast Cloud for Office 365 2017-08-14
views 1068 2 2

Sandblast for O365 licensing

Hi All Experts,   I have a customer who is interested to our Sandblast for O365 service. His company have 1000 mailboxes on O365 but he want to buy 50 licenses to their VIP end users first. Is it possible? And how we can manage those 50 mailboxes?   I have a trial account of Sandblast for O365 and I cannot find where to manage the mailbox but only how to associate the account to the cloud service.Regards,Sammo

The Blackhole of Office 365: 45-day Security Challenge

At this very moment, your inbox and social media account are probably cluttered with promises for the latest quick fix or magical pill that turns you into a lean, mean version of your self in just 30 days. In the same vain, many organizations have adopted a similar approach for outsourcing their infrastructure and applications to the 'cloud' in an effort to 'slim down'. As I described in last years article, "When increased ROI also increases the Risk Of Infection (ROI)", many organizations moving to the cloud believe that they are also outsourcing the application security risk to those providers as well and how easy it is for hackers to target Office 365 environments. Like many of these programs, the short term gains may be coming at the price of your (company's security) long-term health.Did you know? By default, Microsoft Office 365 only provides basic protection against known malware.Abstaining from the cloud is probably not an option, but protection from unknown malware is. I'm proposing a 45-day Security Challenge for organizations utilizing Office 365. As an API solution, it's simple to deploy, does not require any MTA or proxy re-routing and will take you approximately 15-20 minutes to protect a subset of mailboxes OR your entire organization with no downtime or chance for outage. It's called Sandblast for Office 365.The 45-day Security ChallengeEngineering Support. A complimentary technical resource to help get you up and running. Or, if you prefer, we can provide you a step-by-step guide to do it yourself. (You will need to administrative credentials for your company's Office 365 account.)Detect, Prevent, Clean or all the above. Choose how you deploy for your environment. Detect will give you the visibility of email threats found. Prevent will provide active defense from even Patient-0 entering your organization. Clean will apply Threat Extraction for all incoming attachments which extracts active content from files or flattens to PDF thereby removing any potential threats.No sales calls. It's yours to try for 45-days. If at the end of 45-days you want to make it a permanent solution, it's up to you to reach out to us. Alternatively, if you decide this isn't for you, just delete your account.Bridging the gap. Check Point has you covered. Whichever organization is most in need based upon the most threats found will be protected for the next six months until a permanent solution is put into place (even if you choose another vendor solution).Getting StartedSend me a LinkedIn message, shoot me an email (stevej at, or leave the comment "45-day cleanse" on this article and I'll assign a technical resource to get you started.Remember, in just 15-20 minutes I guarantee that your organizational security health will immediately improve.Your truly,\stevejStephen JohnsonHead of Advanced Threat Prevention, Americas