This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Eric_Lindsey
Explorer
‎2018-09-20 07:45 AM

Exclude files from emulation

We have 1000s of pcs going to a windows update site to download a .cab file.  It crashed our Threat Emulation blade.  We would like to exclude windows updates from threat emulation. I tried making an exclusion rule set to detect only but can not get the rule to match with the traffic.  What would be the correct url string in our application /Site group to bypass all windowsupdate.com files?  We have 77.30 take 302

0 Kudos
3 Replies
Vladimir
Champion
Champion
‎2018-09-20 09:48 AM

Hmm.. why on earth do you have 1000s of PCs using Windows Update site instead of a single WSUS?

Could it be a campus environment where you do not control the endpoints? If that's the case, perhaps caching proxy would be a better solution.

0 Kudos
Eric_Lindsey
Explorer
‎2018-09-20 10:02 AM

I agree with you on that one.  For whatever reason the Microsoft team is allowing this traffic to go out to the internet.  I just need a way to exclude all the threat emulation hits.  The source in the emulation log says "Trusted Source" so I do not think we are actually sending the file out to the cloud for emulation. 

0 Kudos
Vladimir
Champion
Champion
‎2018-09-20 02:03 PM
In response to Eric_Lindsey

Yep:

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events