This script would give info on threat prevention blades enabled on the firewall. As always, please run dos2unix and chmod 777 before running it.

Lab example:

[Expert@CP-GW:0]# ./tp_blades.sh
============================================================
Threat Prevention Blade Audit Report
============================================================
Host: CP-GW
Time: 2026-01-28_073408
User: admin
Shell: /bin/bash

============================================================
System / Version Context
============================================================

---- OS / Kernel ----
$ uname -a
Linux CP-GW 4.18.0-372.9.1cpx86_64 #1 SMP Mon Nov 24 18:58:32 IST 2025 x86_64 x86_64 x86_64 GNU/Linux

---- Firewall version (fw ver) ----
$ fw ver 2>/dev/null || echo 'fw command not found'
This is Check Point's software version R82 - Build 013

---- cpstat availability check ----
$ cpstat 2>/dev/null | head -n 40 || echo 'cpstat not available'
============================================================
Enabled Blades (best-effort)
============================================================

---- enabled_blades ----
$ enabled_blades
fw vpn cvpn urlf av appi ips identityServer mon
============================================================
Policy / Install Context (useful when correlating TP behavior)
============================================================

---- Firewall policy info ----
$ cpstat fw -f policy 2>/dev/null || echo 'cpstat fw -f policy not available'

Product name: Firewall
Policy name: LAB-POLICY-Andy
Policy install time: Tue Jan 27 12:32:38 2026
Num. connections: 17
Peak num. connections: 528
Connections capacity limit: 0
Total accepted packets: 22868016
Total dropped packets: 806147
Total rejected packets: 0
Total accepted bytes: 3245183015
Total dropped bytes: 46392024
Total rejected bytes: 0
Total logged: 12624

Interface table
----------------------------------------
|Name |Dir|Accept |Drop|Reject|Log |
----------------------------------------
|eth0 |in |11526670| 17| 0| 517|
|eth0 |out|11296980| 22| 0|7859|
|eth1 |in | 22183| 0| 0| 690|
|eth1 |out| 0| 0| 0| 0|
|eth2 |in | 22183| 0| 0| 690|
|eth2 |out| 0| 0| 0| 0|
|eth2.100|in | 0| 0| 0| 0|
|eth2.100|out| 0| 0| 0| 0|
----------------------------------------
| | |22868016| 39| 0|9756|
----------------------------------------

Interface table (64-bit)
----------------------------------------
|Name |Dir|Accept |Drop|Reject|Log |
----------------------------------------
|eth0 |in |11526670| 17| 0| 517|
|eth0 |out|11296980| 22| 0|7859|
|eth1 |in | 22183| 0| 0| 690|
|eth1 |out| 0| 0| 0| 0|
|eth2 |in | 22183| 0| 0| 690|
|eth2 |out| 0| 0| 0| 0|
|eth2.100|in | 0| 0| 0| 0|
|eth2.100|out| 0| 0| 0| 0|
----------------------------------------
| | |22868016| 39| 0|9756|
----------------------------------------

============================================================
Threat Prevention: IPS
============================================================

---- IPS status (ips stat) ----
$ ips stat
IPS Status: Enabled
Active Profiles:
Optimized
IPS Update Version: 635260635
Global Detect: Off
Bypass Under Load: Off

---- IPS statistics via cpstat (if available) ----
$ cpstat ips 2>/dev/null || echo 'cpstat ips not available'
cpstat ips not available
============================================================
Threat Prevention: Anti-Bot / Anti-Virus (AntiMalware)
============================================================

---- AntiMalware update status (cpstat antimalware -f update_status) ----
$ cpstat antimalware -f update_status 2>/dev/null || echo 'cpstat antimalware -f update_status not available'

AB Update status: up-to-date
AB Update description: Gateway is up to date. Database version: 2601111138. Package date: Sun Jan 11 03:00:00 2026
.
AB Next update description: The next update will be run as scheduled.
AB DB version: 2601111138
AV Update status: up-to-date
AV Update description: Gateway is up to date. Database version: 2601280904. Package date: Wed Jan 28 03:00:00 2026
.
AV Next update description: The next update will be run as scheduled.
AV DB version: 2601280904

---- AntiMalware general stats (cpstat antimalware) ----
$ cpstat antimalware 2>/dev/null || echo 'cpstat antimalware not available'

Status: 0
Status short description:
Status long description:

============================================================
Threat Prevention: Threat Emulation (TE)
============================================================

---- TE status (tecli) ----
$ tecli
daemon did not respond or not running!

---- TE statistics (tecli show statistics) ----
$ tecli show statistics 2>/dev/null || echo 'tecli show statistics not available'
daemon did not respond or not running!
============================================================
Threat Prevention: Threat Extraction (TEX) / Content Disarm & Reconstruction
============================================================
Attempting discovery of TEX-related cpstat application flags (best-effort).

[INFO] Listing cpstat application flags that match: extraction|tex|threat
[INFO] No TEX/threat/extraction-related cpstat flags found in this environment.
============================================================
Running Processes (TP-relevant daemons)
============================================================

---- cpwd_admin list ----
$ cpwd_admin list
APP PID STAT #START START_TIME MON COMMAND
FWK_FORKER 11464 E 1 [16:38:18] 23/1/2026 N fwk_forker
FWK_WD 11473 E 1 [16:38:18] 23/1/2026 N fwk_wd -i 6 -i6 0
CPVIEWD 12032 E 1 [16:38:22] 23/1/2026 N cpviewd
CVIEWAPIS 12053 E 1 [16:38:22] 23/1/2026 N cpview_api_service
CPVIEWS 12058 E 1 [16:38:22] 23/1/2026 N cpview_services
SXL_STATD 12066 E 1 [16:38:22] 23/1/2026 N sxl_statd
MSGD 12095 E 1 [16:38:22] 23/1/2026 Y msgd
CPD 12188 E 1 [16:38:22] 23/1/2026 Y cpd
MPDAEMON 12199 E 1 [16:38:22] 23/1/2026 N mpdaemon /opt/CPshrd-R82/log/mpdaemon.elg /opt/CPshrd-R82/conf/mpdaemon.conf
TP_CONF_SERVICE 12236 E 1 [16:38:23] 23/1/2026 N tp_conf_service --conf=tp_conf.json --log=info
CI_CLEANUP 12387 E 1 [16:38:24] 23/1/2026 N avi_del_tmp_files
CIHS 12392 E 1 [16:38:24] 23/1/2026 N ci_http_server -j -f /opt/CPsuite-R82/fw1/conf/cihs.conf
FWD 12461 E 1 [16:38:24] 23/1/2026 N fwd
SPIKE_DETECTIVE 12491 E 1 [16:38:24] 23/1/2026 N spike_detective
LPD 13171 E 1 [16:38:30] 23/1/2026 N lpd
RAD 13183 E 1 [16:38:30] 23/1/2026 N rad
WSDNSD 14141 E 1 [16:39:30] 23/1/2026 Y wsdnsd
DLPU_0 14152 E 1 [16:39:30] 23/1/2026 Y dlpu -i4 0 1 -i6 -1 -1
DLPU_1 14155 E 1 [16:39:30] 23/1/2026 Y dlpu -i4 2 3 -i6 -1 -1
DLPU_2 14158 E 1 [16:39:30] 23/1/2026 Y dlpu -i4 4 5 -i6 -1 -1
TOPOD 14783 E 1 [16:39:37] 23/1/2026 Y topod
UPRD 14788 E 1 [16:39:37] 23/1/2026 Y uprd
MFDEMUXER 14933 E 1 [16:39:38] 23/1/2026 N /opt/CPcvpn-R82/bin/MoveFileDemuxer /opt/CPcvpn-R82/log/MFDemux.log /opt/CPcvpn-R82/conf/mfdemuxer.C
DBWRITER 14941 E 1 [16:39:38] 23/1/2026 N dbwriter /opt/CPcvpn-R82/log/dbwriter.elg /opt/CPcvpn-R82/conf/dbwriter.C
CVPNPROC 14946 E 1 [16:39:38] 23/1/2026 N cvpnproc /opt/CPcvpn-R82/log/cvpnproc.elg /opt/CPcvpn-R82/conf/cvpnproc.C
MFSERVER 14953 E 1 [16:39:38] 23/1/2026 N /opt/CPcvpn-R82/bin/MoveFileServer /opt/CPcvpn-R82/log/MFServer.log /opt/CPcvpn-R82/conf/mfserver.C
CVPNUMD 14956 E 1 [16:39:38] 23/1/2026 N /opt/CPcvpn-R82/bin/CvpnUMD
PINGER 14959 E 1 [16:39:38] 23/1/2026 N /opt/CPcvpn-R82/bin/Pinger /opt/CPcvpn-R82/log/Pinger.log /opt/CPcvpn-R82/conf/Pinger.C
IDLEPINGER 14962 E 1 [16:39:38] 23/1/2026 N /opt/CPcvpn-R82/bin/IdlePinger /opt/CPcvpn-R82/log/IdlePinger.log /opt/CPcvpn-R82/conf/IdlePinger.C
CVPNANALYTICS 14966 E 1 [16:39:38] 23/1/2026 N /opt/CPcvpn-R82/bin/CvpnAnalytics
CVPND 14978 E 1 [16:39:38] 23/1/2026 N cvpnd /opt/CPcvpn-R82/log/cvpnd.elg /opt/CPcvpn-R82/conf/cvpnd.C
GUACDISPATCHER 15006 E 1 [16:39:39] 23/1/2026 N /opt/CPcvpn-R82/bin/GuacDispatcher /opt/CPcvpn-R82/log/GuacDispatcher.log /opt/CPcvpn-R82/conf/GuacDispatcher.C
RTMD 19736 E 1 [16:40:57] 23/1/2026 N rtmd
DASERVICE 19808 E 1 [16:40:58] 23/1/2026 N DAService_script
AUTOUPDATER 19822 E 1 [16:40:58] 23/1/2026 N AutoUpdaterService.sh
PROBEMOND 19836 E 1 [16:40:58] 23/1/2026 N probemond
============================================================
Raw cpstat Catalog (for troubleshooting / completeness)
============================================================

---- cpstat (no args) - available apps/flavors ----
$ cpstat 2>/dev/null || echo 'cpstat not available'
cpstat not available

============================================================
End of Report
============================================================

Report saved to: ./TP_AUDIT_CP-GW_2026-01-28_073408.txt
[Expert@CP-GW:0]# ls