- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi team,
I try to create a custom signature with Wireshark raw data pattern, but it's not working.
Scenario:-I have an FTP server and I download two files from the FTP server and capture this in Wireshark and create a signature with one file raw data. I want when next time when I download the same file from the FTP server it should be blocked by my custom signature.
Yup, I know we can do with AV & IPS, but the requirement is to do with the application signature tool.
Wrong tool:
Signature Tool for Application and URL Filtering Administration Guide | 5 Introduction
Check Point Signature Tool lets you create Application and URL Filtering for your own or third-party applications. This tool expands your local Application and URL Filtering Database for applications and URLs that you add. Application and URL Filtering detects and enforces your policies on added signatures as with Check Point defined signatures.
For preventing downloads we use AV.
In the application signature tool, there is an option that we can create a signature with raw data. So I was just trying to block a specific file with the file raw data.
That imho is a misunderstanding - APCL and URLF deal with URLs and Applications that communicate using the internet. What you want to achieve is to prevent downloading malware, a job done by AV and TE / TX. Custom Applications get defined to enable, disable or limit their internet traffic in APCL rulebase.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY