cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Thomas_Werner
inside SandBlast Network yesterday
views 4166 18 56
Employee++

ICAP Server on Sandblast Appliance (TEX)

ICAP ServerThe official ICAP Server SK mentions requirements, release notes and general information regarding the new ICAP server functionality. Check Point support for Internet Content Adaptation Protocol (ICAP) serverhttps://supportcenter....
Robert_Mueller
Robert_Mueller inside SandBlast Network Saturday
views 17 1

PDF with a qualified electronic signature

Hi,Is there a way that sandblast wont remove or ignore PDFs with a qualified electronic signature (compliant to EU Regulation No 910/2014).. At the moment the "Threat Extraction" removes the signature and recreates the PDF.. The best way will...
Thomas_Werner
inside SandBlast Network Friday
views 376 3 19
Employee++

R80.20 MTA logging and monitoring enhancements

This is available with R80.20 Mgmt & MTA running on R80.20 GW1) MTA LogsWithin your logs you now get Postfix logs in the GUI - just filter for blade:MTAYou can see mail queue ID and even the E-Mail headers in the log.Also it is possible to see...
Ran_Ish_Shalom
Ran_Ish_Shalom inside SandBlast Network Friday
views 98 3 1

Find infected hosts using AI - Maggy

We are working on a solution based on Threat Cloud intelligence and a unique Machine learning algorithm.The solution is calculating the probability of infection and alert the admin. In your experience, what is the recommended mobile...
Ryan_St__Germai
Ryan_St__Germai inside SandBlast Network Wednesday
views 126 4

False Negative with Threat Emulation

Hey guys,I just saw a Tweet regarding a ransomware payload with a low Ant-Virus detection rate. I grabbed a copy of it and ran the sample through the sandblast analysis website. The result is coming back as clean. App.any.run shows obvious ma...
HeikoAnkenbrand
HeikoAnkenbrand inside SandBlast Network a week ago
views 8025 39 72

Symantec (Bluecoat) SG ICAP and Sandblast (TEX)

ICAP integration for R77.30 and R80.10Configuring ICAP Server on Check Point Sandblast Appliance (TEX) or Gateway:Enable ICAP server on TEX appliance see SK111306 and configure thread rules in Smart DashBoard. Use hotfix 286 or higher for R77...
HeikoAnkenbrand
HeikoAnkenbrand inside SandBlast Network 3 weeks ago
views 6662 12 41

Fortigate Firewall ICAP and Sandblast (TEX)

ICAP integration for R77.30 and R80.10Configuring ICAP Server on Check Point Sandblast Appliance (TEX) or Gateway:Enable ICAP-Server on TEX Appliance see SK111306 and configure Thread rules in DashBoard. Use Hotfix 286 or higher for R77.30.&n...
Michael_Goessma
Michael_Goessma inside SandBlast Network 3 weeks ago
views 145 9

R80.20 on TE100X - Recommended?

Hi,I have been asked to upgrade a TE100X system from R77.30 to R80.20.Our customer heard "rumors" that it will run a lot better with R80.20.I am careful with such things.Does anybody have a TE100X running with R80.20? Is it recommended by Checkpoi...
Miguel_Barrios
Miguel_Barrios inside SandBlast Network 3 weeks ago
views 162 4 4

SandBlast can analyze links inside .doc files arriving through email attachment?

Hi Checkmates!, please your help with the following question:Sandblast (somewhere in the emulation process) can analyze links that comes within a .doc, .pdf, .xls files arriving through email attachment files (MTA) to detect if they lead to malici...
Ronald_Canchica
Ronald_Canchica inside SandBlast Network 4 weeks ago
views 93 3 2

Threat Emulation blade don´t connect to Checkpoint Cloud

Dear, I'm trying to implement Threat emulation Blade in Chassis 64k, Especifically in one VS. I followed the steps by sk111405. But as I´m implementing ThreatCloud environment, I didn´t follow the step "7. Perform an Offline Update ...
CHINMAYA_NAIK
CHINMAYA_NAIK inside SandBlast Network 4 weeks ago
views 119 6 1

Block Malicious Unknown File type attachment (MTA) (TE) (R80.20)

SetupMGMT Server : Open ServerSecurity Gateway : 15600TE ApplianceMTA : EnabledRequirement : Our requirement is that Threat Emulation or Antivirus should drop the mail if any other or unknown extension is attach in the mail. (Currently Checkp...
Michal_Gans
Michal_Gans inside SandBlast Network 4 weeks ago
views 55 2

cron schedule on tecli command

I would like to monitor emulation status on SandBlast appliance, so I want to run "tecli s e v s" by cron every x min.But if I start tecli command by cron, it ended with this error/opt/CPsuite-R77/fw1/bin/tecli: line 49: /teCurrentPack/temain...
Yanick_DJINZOU
Yanick_DJINZOU inside SandBlast Network ‎02-13-2019 06:42:30 AM
views 96 2 2

PARTICULARITIES OF CHECKPOINT'S NGTX AND THE OTHER PROVIDERS

Hello Dear,I am newcomer to Checkpoint solutions but I always knew they were the best in the field of Firewall.My employer had a market in a bank which also its first market with the solution of Checkpoint and what made it possible to have this ma...
Shahar_Grober2
Shahar_Grober2 inside SandBlast Network ‎02-12-2019 12:56:01 PM
views 253 17 8

Sandblast and .msg attachments

Hi, Can it be that Check Point Threat Prevention and Sandblast in MTA doesn't scan "*.msg" attachments inside an email?I did the following tests:First Test (Baseline)I sent a malicious .doc file attached to an email via the MTA Resu...
Prabulingam_N1
Prabulingam_N1 inside SandBlast Network ‎02-12-2019 05:50:25 AM
views 1055 8 1

Threat Emulation Environment selection of Images - issue

Dear All,One of our customer have TE1000x dedicated appliance in Gaia R77.30. Mgmt server in R80.10 with Clusters as well.Since no internet connectivity for TE Appliance - we have manually downloaded the images (WinXP,Win7 etc) and followed as per...