- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
We offer a test you can access from behind your Security Gateway where Threat Emulation is enabled to ensure it is working:
Related:
Thanks for the test tip, Dameon!
Also CP's CheckMe is a good option for this http://www.cpcheckme.com/checkme/
Regards,
Hello,
I' m checking the checkpoint ICAP server on my lab and if I upload a eicar document, the checkpoint accept the eicar file.
I configured a ICAP profil ont the threat prevention layer with this options.
- If the threat emulation is activate ont the ICAP profil, the eicar test file is accept by checkpoint
-If I the threat emulation is not activate on the ICAP profil the eicar test document is prevent by the anti-virus blade as shown as the attached picture.
I don't underand how it's works..
If someone can explain me the difference ?
Regards,
Miguel
I think that the explanation is on the behavior analytic engine of Sandblast, same happens with antivirus such as Cylance: EICAR is not being detected because it actually does nothing on your system. In other words it doesn't trigger any indicator of compromise.
I would recommend you try these solutins with real malware from The Zoo Project (https://github.com/ytisf/theZoo) if you want to go beyond you can even modify the binaries so the hash is new.
Handle with care since it's real malwre 🙂
Hope it helps
Hi,
Thanks you for reply,
Ha yes I understood, in the threat emulation, the document is emulated in various OS systems to check if there are abnormal behaviors. Effectively ICAR doesn't do anything it's a simply signature...so it's detected by the anti-virus signature.
Thank you for the link.
Is it compulsory to enable https inspection and MTA for Threat emulation blade? If I enable threat emulation like inline mode than does it scan files downloaded from websites?
Thanks.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
16 | |
11 | |
8 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 | |
3 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY