cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Hugo_vd_Kooij
Hugo_vd_Kooij inside IPS, Anti-Virus, and Anti-Bot 12 hours ago
views 44 3

Odd behaviour of profile

Hi, Even with R80.30 EA there is an odd issue with the profile. I want IPS only. Byt if I disable ThreathExtraction it barfs on me with something I considere a silly error. As you can see on the 3 attached screenshots.    
Shahar_Grober2
Shahar_Grober2 inside SandBlast Network 17 hours ago
views 23 1

MTA AV Exceptions

Hi, AV in MTA is blocking one of our emails coming from a trusted source This is a False positive. The only option I see to exclude the sender Mail Adress is in IPS profile --> Threat Emulation --> Excluded Mail Adresses. Is there a way to e...
Ploni_Almoni
Ploni_Almoni inside SandBlast Network yesterday
views 5539 12 4

Uploading file works on cloud but not local gateway

I'm using sandBlast api, when I upload to the cloud all is fine, but when I try to upload to local gateway I receive code:1008,label:BAD_REQUEST, message: Invalid Multipart/form requestWhy?I'm not sending cookie to local gateway, I'm using CS...
PhoneBoy
inside SandBlast Network Friday
views 62 2 1
Admin

How do I verify Threat Emulation is working?

We offer a test you can access from behind your Security Gateway where Threat Emulation is enabled to ensure it is working: Threat Emulation Test -- A link to a DOC with an exploit that will not harm your computer. Will show as Exploited Document...
Admin

How do I test if Anti-Bot and/or Anti-Virus is Working?

We offer a couple of test links you can access from behind your Security Gateway where Anti-Bot and Anti-Virus is working: Anti-Virus Test -- Downloads the standard EICAR AV test file Anti-Bot Test -- Accesses a link that is flagged by ...

Https inspection for ips incoming traffic with thrid party CA

Hi All I have a deployment of cloudguard on aws and the requirement is to perform HTTPs inspection on incoming IPS traffic.There is a web server behind the cloudguard and using third party sign cert. Here comes my question, in order...

Sandblast on-premise emulation, file size

We have an on-premise Sandblast. 'Tecli s s' shows that 'scanned files' and 'scanned files remotely' is the same, 6215. However, when I run the same command on the Sandblast it shows a different number, 172. Shouldn't those two be the same - 6215 ...
Sagar_Manandhar
Sagar_Manandhar inside SandBlast Network Tuesday
views 2478 6 5

Threat Emulation Quota Exceed

hi,Checkpoint is showing that the quota has been exceeded at start up of the smartdashboard. What does that really mean? Does CP stop to emulated the file after it exceeded the file limit? CP has used the quota term in the documentation but not me...

Inspection Settings

Hi Check MateI am pretty confused about the difference between core protections and protections listed in Inspection settings.What is the difference between them ?In Inspection Settings there are two profiles "Recommended Inspection" and "Default ...

Can we block exe download for specific networks only without using HTTPS inspection in CP R80.20?

Hi Everybody,We just tried to block exe download for specific user/network by enabling content awareness and through using it in the access policy as shown in screenshot attached herewith. But it is not working.Is HTTPS Inspection mandatory for th...

Logic for RDP Brute Force detection?

As Check Point does not publish its rules/logic for signatures, I am looking for help understanding the RDP brute force login signature.Endpoint logs would be the source of truth (audit logs). How is this being detected on the wire? Edit: Her...
Thomas_Werner
inside SandBlast Network a week ago
views 4312 18 57
Employee++

ICAP Server on Sandblast Appliance (TEX)

ICAP ServerThe official ICAP Server SK mentions requirements, release notes and general information regarding the new ICAP server functionality. Check Point support for Internet Content Adaptation Protocol (ICAP) serverhttps://supportcenter....
Robert_Mueller
Robert_Mueller inside SandBlast Network a week ago
views 32 1

PDF with a qualified electronic signature

Hi,Is there a way that sandblast wont remove or ignore PDFs with a qualified electronic signature (compliant to EU Regulation No 910/2014).. At the moment the "Threat Extraction" removes the signature and recreates the PDF.. The best way will...
Adrian_Bawn
Adrian_Bawn inside IPS, Anti-Virus, and Anti-Bot a week ago
views 6174 10 3

MTA configuration examples

Hi all, I have been looking around and I don't seem to be able to find a direct answer to my issue so I figure I will need to post the question.Is there a suggested configuration for how to setup mail-flow through checkpoint gateways including TLS...