Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DanielFarina
Explorer

EICAR through Virtual Wire Pair

Jump to solution

Grettings,

 

I'm trying to detect, block and log the EICAR file transfered on diferent protocols (FTP, HTTP and SMB), I've deployed the Checkpoint 1570R on transparent mode by configuring a bridge between 2 interfaces with a laptop on each interface, somehow I'm not being able to block the file despite I think I've properly enabled Antivirus etc.

 

By the way, in the enviroment where I'm testing this I'm not allowed to access to the internet to update the device, I just want to know if it's an configuration issue. In case it's an issue with updates I would find a way to fix it.

 

Any advice?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
Tom_Hinoue
Collaborator

Have you tried enabling LAN to LAN inspection?
By default, inspection between internal interfaces is disabled.

Device -> Advanced Settings -> [Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic] -> change the value to [True]

*Note it may impact performance if you have e.g. additional LAN-WAN traffic.

View solution in original post

4 Replies
DanielFarina
Explorer

 

Forgot to attach the screenshots 🙂

 

 

1.PNG2.1.PNG2.2.PNG2.3.PNG3.PNG

0 Kudos
PhoneBoy
Admin
Admin

Without Internet access, or a Private ThreatCloud appliance, most of the Threat Prevention blades aren't going to work.
That includes AV...and even detecting the EICAR virus, it seems like.
At least that's what I read into the following SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Tom_Hinoue
Collaborator

Have you tried enabling LAN to LAN inspection?
By default, inspection between internal interfaces is disabled.

Device -> Advanced Settings -> [Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic] -> change the value to [True]

*Note it may impact performance if you have e.g. additional LAN-WAN traffic.

View solution in original post

DanielFarina
Explorer

It worked, but just under HTTP. It must be something related to firmware upgrade or internet access. Many thanks!

0 Kudos