Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hi all,
i am facing the below problem.
I have Sandblast appliance where it acts as MTA , and I have all the blades enabled (AntiBot, AntiVirus, Threat Emulation, Threat Extraction). IPS blade is disabled on the SG so not functional.
I have created the below profile:
I have the problem mentioned on the title.
I would expect my AntiVirus blade to Prevent anything with a Severity of medium to Critical and Confidence Medium to High.
Although it is working fine for High-High or Critical -High it is not predictable for Medium severity.
I have logs that is Prevent and others that are Detect. The only difference i ve noticed is the "Risk" were in the prevent logs is above 90 and in the Detect is around 80. But i am straggling to find any documentation that proves this.
I have read similar issue in CheckMates for threat Emulation and there are multiple explenations about the way the mail is delivered(Rapid vs Hold) but AntiVirus has not such a setting.
I am surely missing something but just cant figure it.
Any help please.
Thanks,
