Hi @Jon_AK
I suppose that, you sre using central management. (if not, and you are using local management, the method can be similar)
If I understand correctly you are unable to create an exception for this "command injection"
I don't know how tried to do that but you can apply an exception by the Core protections
The descriptions of the steps is under the screenshot
1-3 steps: this is straightforward
4-5: add the "Type" critera to the filter column
6: select the Core
7: choose the "command injection"
8: select exceptions
9: add the exception as you wish
Unfortunately I can't test it in my lab, because I can't reproducate the issue.
The corresponding documentation: documentation: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...
Editing Core IPS Protections
To edit core protections|
Step |
Instructions |
|---|---|
|
1 |
Go to Security Policies > Threat Prevention > Custom Policy Tools > IPS Protections. Note - To filter for core protections, select Type Core in the Filters pane. |
|
2 |
Right-click a core protection and select Edit. |
|
3 |
Configure the required settings. |
|
4 |
Install the Threat Prevention policy. |
I hope it helps,
Akos
Hi @Jon_AK
I suppose that, you sre using central management. (if not, and you are using local management, the method can be similar)
If I understand correctly you are unable to create an exception for this "command injection"
I don't know how tried to do that but you can apply an exception by the Core protections
The descriptions of the steps is under the screenshot
1-3 steps: this is straightforward
4-5: add the "Type" critera to the filter column
6: select the Core
7: choose the "command injection"
8: select exceptions
9: add the exception as you wish
Unfortunately I can't test it in my lab, because I can't reproducate the issue.
The corresponding documentation: documentation: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_ThreatPrevention_AdminGuide/...
Editing Core IPS Protections
To edit core protections|
Step |
Instructions |
|---|---|
|
1 |
Go to Security Policies > Threat Prevention > Custom Policy Tools > IPS Protections. Note - To filter for core protections, select Type Core in the Filters pane. |
|
2 |
Right-click a core protection and select Edit. |
|
3 |
Configure the required settings. |
|
4 |
Install the Threat Prevention policy. |
I hope it helps,
Akos
Unfortunately, my screens don't come close to yours. I believe I found the core protections but the only thing available to do is disable or set to log only
Ok, I am not sure what I was doing wrong, been to this particular setting several times but with the 1575 on local administration, it is Threat Prevention -> Exceptions. In the Protection column, Can't just type in Command Injection, had to search for it & then select it from the list. This was the first place I went to when working to allow this connection but could not get it to work. Now it is working fine. Thank you for your help. Guess I just wasn't holding my mouth right.....
Wed 04 Sep 2024 @ 05:00 PM (CEST)
Secure the GenAI Revolution with the All-New GenAI Security from Check PointThu 05 Sep 2024 @ 11:00 AM (PDT)
West US: What's New In Check Point Quantum Security Gateway R82!Tue 10 Sep 2024 @ 03:00 PM (AEST)
No Suits, No Ties - MDR and Incident Response - Going Equipped to Compromise (APAC)Wed 04 Sep 2024 @ 05:00 PM (CEST)
Secure the GenAI Revolution with the All-New GenAI Security from Check PointThu 05 Sep 2024 @ 11:00 AM (PDT)
West US: What's New In Check Point Quantum Security Gateway R82!Tue 10 Sep 2024 @ 03:00 PM (AEST)
No Suits, No Ties - MDR and Incident Response - Going Equipped to Compromise (APAC)Wed 11 Sep 2024 @ 10:00 AM (CEST)
CheckMates Live Norway - Network Troubleshooting Best PracticesTue 01 Oct 2024 @ 10:00 AM (CEST)
CheckMates Live Salzburg - Maintenance and Upgrade Best PracticesThu 03 Oct 2024 @ 10:00 AM (CEST)
CheckMates Live Vienna - Identity Awareness Best Practices and Harmony Sase Updates
.png "Wolfgang"){kind=avatar}
