This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arend
Contributor
‎2024-01-19 02:42 AM

Content Awareness does not scan HTML files by default

Environment: cluster R81.20
Model: Check Point 6200B

My customer gave me a whole Iist of file types to block with Content Awareness and one of the file types is MSI. So i needed to block MSI file downloads by clients in a POC and present a Block page. I found out (via TAC) that Check Point gateway does not block this by default in Content Awareness because the HTML file is not inspected by default.

Maybe not so much a question but a realization that these HTML files are not inspected by default.

See the bottom of the sk114640.

HTML files
Content Awareness does not scan HTML files (for type and content) which are downloaded using the HTTP "GET" method over HTTP because it could have a high adverse affect on the Security Gateway performance.

After turning on this option (1) the download was blocked correctly and the Block page shown as well.

$FWDIR/boot/modules/fwkern.conf

[Expert@XXXXXXXXXX# fw ctl get int fileapp_parse_html
fileapp_parse_html = 1

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2024-01-19 07:08 AM

I guess where I'm having trouble here is why trying to block an MSI file would fail because it can't block an HTML file.
Is it because the MSI file has html in it or some other reason?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events