Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DanielFarina
Explorer
Jump to solution

EICAR through Virtual Wire Pair

Grettings,

 

I'm trying to detect, block and log the EICAR file transfered on diferent protocols (FTP, HTTP and SMB), I've deployed the Checkpoint 1570R on transparent mode by configuring a bridge between 2 interfaces with a laptop on each interface, somehow I'm not being able to block the file despite I think I've properly enabled Antivirus etc.

 

By the way, in the enviroment where I'm testing this I'm not allowed to access to the internet to update the device, I just want to know if it's an configuration issue. In case it's an issue with updates I would find a way to fix it.

 

Any advice?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
Tom_Hinoue
Advisor
Advisor

Have you tried enabling LAN to LAN inspection?
By default, inspection between internal interfaces is disabled.

Device -> Advanced Settings -> [Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic] -> change the value to [True]

*Note it may impact performance if you have e.g. additional LAN-WAN traffic.

View solution in original post

4 Replies
DanielFarina
Explorer

 

Forgot to attach the screenshots 🙂

 

 

1.PNG2.1.PNG2.2.PNG2.3.PNG3.PNG

0 Kudos
PhoneBoy
Admin
Admin

Without Internet access, or a Private ThreatCloud appliance, most of the Threat Prevention blades aren't going to work.
That includes AV...and even detecting the EICAR virus, it seems like.
At least that's what I read into the following SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Tom_Hinoue
Advisor
Advisor

Have you tried enabling LAN to LAN inspection?
By default, inspection between internal interfaces is disabled.

Device -> Advanced Settings -> [Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic] -> change the value to [True]

*Note it may impact performance if you have e.g. additional LAN-WAN traffic.

DanielFarina
Explorer

It worked, but just under HTTP. It must be something related to firmware upgrade or internet access. Many thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events