This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Amir_Rehman
Contributor
‎2019-05-16 06:26 AM
Jump to solution

Global Policy Exceptions

Any idea... How can I add exception for this ? I don't want to bypass the full Antivirus blade for this source.

There is not much information in the log .. Such as MD5 hash, protection name etc.

Capture.PNG

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend
‎2019-05-16 07:38 PM
In response to Amir_Rehman
Jump to solution

The anti-virus engine is experiencing an internal failure trying to scan that resource, and because the anti-virus blade is set to "fail closed" the resulting action is a Prevent.  Creating an exception for that resource will not help since it only changes the final decision rendered (Prevent/Detect/Inactive) but does not stop the scanning of that resource and therefore the internal failure that is occurring.  It probably has to do with the scanned resource exceeding the fixed size of the SFT buffer on the firewall, please see the following SK for the fix: sk139292: "Failure-reject: unknown error" in Anti-Virus log, traffic fails

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm

View solution in original post

0 Kudos
7 Replies
TP_Master
Employee
Employee
‎2019-05-16 01:07 PM
Jump to solution

Hi,

You can see the resource name on the upper-right corner. You can add an exception for that.

0 Kudos
tpoole_global
Employee
Employee
‎2019-05-16 01:11 PM
Jump to solution

Use the URL under resource in the top right.

0 Kudos
Amir_Rehman
Contributor
‎2019-05-16 01:30 PM
In response to tpoole_global
Jump to solution

Thanks ...

Do you mean I can add domain (.easel.inventable.com) in the exception ?

If yes, I tried to add global exception but could not find Url based domain in the destination field. Only Ip and subnets is the option.

Thanks,

Amir

0 Kudos
TP_Master
Employee
Employee
‎2019-05-16 01:34 PM
In response to Amir_Rehman
Jump to solution

Not in the scope; in the column called "Protection/Blade/Site" -- you need to add the url as a "custom site" in that column (scope can be "Any")
Amir_Rehman
Contributor
‎2019-05-16 02:17 PM
In response to TP_Master
Jump to solution

Antivirus blade still catches it. Not sure why .

Capture1.PNGCapture2.PNG

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2019-05-16 07:38 PM
In response to Amir_Rehman
Jump to solution

The anti-virus engine is experiencing an internal failure trying to scan that resource, and because the anti-virus blade is set to "fail closed" the resulting action is a Prevent.  Creating an exception for that resource will not help since it only changes the final decision rendered (Prevent/Detect/Inactive) but does not stop the scanning of that resource and therefore the internal failure that is occurring.  It probably has to do with the scanned resource exceeding the fixed size of the SFT buffer on the firewall, please see the following SK for the fix: sk139292: "Failure-reject: unknown error" in Anti-Virus log, traffic fails

 

Attend my 60-minute "Be your Own TAC: Part Deux" Presentation
Exclusively at CPX 2025 Las Vegas Tuesday Feb 25th @ 1:00pm
0 Kudos
Amir_Rehman
Contributor
‎2019-05-17 05:46 AM
In response to Timothy_Hall
Jump to solution

Thank you for your Help.

Yes sk139292 did work .

# fw ctl set int g_ci_av_sft_classification_buffer_size 15000

Ciao

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    CheckMates Events