Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tiger_QAs
Participant

Enable Anti-Virus blade in Detect mode, Is it possible ?

Good morning!

Would like to know if entire AV blade could be enabled in "Detect" mode and gradually modify it to "Prevent" mode, anything like a soft-enable is possible at all ? 

Or the setting protections for AV under "Threat Tools" >> "Protecitons" to DETECT should be sufficient ? And gradually change them to PREVENT ?
Anti-Virus blade protections.JPG




0 Kudos
3 Replies
the_rock
Mentor
Mentor

I would say your last point makes sense...just set protections to detect, leave it for 2 weeks or so and then move to prevent. I find that 14 days is perfect amount of time to have it run in detect mode before switching to prevent.

Ruan_Kotze
Advisor

On your gateway / cluster properties go to the Anti-bot and Anti-virus section and set the activation mode to "Detect only".

The downside is of this method is you can't gradually switch in to prevent - but it does allow you to monitor for false positives.

the_rock
Mentor
Mentor

I agree 100%, but then again, that is how most threat prevention blades work in Check Point.