This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Suguru_Kawahara
Contributor
‎2018-03-21 09:06 PM

Whitelist for Anti-Virus

Hello,

I'm using the Anti-Virus function on the R77.30 appliance.
However, I want to exclude scan the file downloaded from a specific website.

Is there a way to solve this?
Can Anti-Virus function create URL whitelist?

If there is any other concern, please contact me.

Thanks,

Suguru

0 Kudos
3 Replies
Iain_Keir1
Contributor
‎2018-03-21 09:54 PM

Have you looked at using src/dst in the threat prevention policy to deliver a different AV policy for the source??

Looks like in R77.30 this can only be done by host/network IP but R80.10 allows domain.

Iain
CISSP
0 Kudos
Suguru_Kawahara
Contributor
‎2018-03-21 10:46 PM
In response to Iain_Keir1

Hi Iain,

Thanks for your reply.

Can I create a URL list that excludes AV scanning using "Creating Threat Prevention Sites"?

I will apply it to Policy and create rules to exclude AV scan of download files from certain URL sites.

All URL sites other than those listed above are scanned with AV.

Thanks,

0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-22 10:35 AM

You can whitelist specific MD5s and URLs with an IoC file.

For the format of the file, refer to: ATRG: Anti-Bot and Anti-Virus 

Import the file, set the action to Inactive, install policy.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top