This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Platinum
MVP Platinum
‎2025-03-21 02:46 PM

AV blade/user check/windows updates

Hey guys,

Figured would share this, since customer and I had been working with TAC escalation guy for couple weeks and he told us would probably open a task with R&D to see if there is a way to make block page come up every time when specific file types are blocked (in our case msi and exe). Its somewhat inconsistent at this point, since random sites dont show block pages when msi file is blocked and some are even allowed. I will update once we have fully working solution, but in the meantime, figured would share some screenshos that can hopefully help others if you find yourself in similar situation.

Andy

Best,
Andy
Preview file
52 KB
Preview file
56 KB
Preview file
310 KB
Preview file
161 KB
Preview file
332 KB
Preview file
274 KB
Preview file
210 KB
0 Kudos
5 Replies
Lesley
MVP Gold
MVP Gold
‎2025-03-24 02:27 PM

I don't fully understand the issue, but here is what I can see

screenshot 1, I would the recommended bypass object listed in this SK:

https://support.checkpoint.com/results/sk/sk163595

Screenshot 7 rule 1 this rule will not match the traffic becuase it is set to N/A.
Therefore it will not hit the blades. I would recommend to right click it and add the blades you want to exclude(in this case AV)

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-24 02:30 PM
In response to Lesley

Hey Lesley,

We had problem where windows updates were not working when msi and exe files were blocked through AV blade.

Andy

Best,
Andy
0 Kudos
JaAnd
Contributor
‎2025-03-24 03:10 PM

Hi Andy,

maybe you could try to add in DST Updateble Object of recommended by CP HTTPS inspection bypass for Microsoft updates? It seems to be quite accurate in my use cases. Of course it might be sometimes to wide, but MS seems to be unpredictable in some ways 😜 Maybe good old manually defined URLs would do the job?

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-24 03:17 PM
In response to JaAnd

Hey @JaAnd  🙂

Yes, thats what we did, just added microsoft defender and it worked. Regardless, blocking files and showing block page is absolutely needed and it has to work CONSTANTLY, which sadly, is far from what happens now.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2025-03-24 04:24 PM
In response to JaAnd

For what its worth, TAC guy originally had us add akamai, cloudflare and github to bypass, but though that fixed windows updates, it broke few sites for ssl inspection.

Andy

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events