Share your Cyber Security Insights
On-Stage at CPX 2025
Simplifying Zero Trust Security
with Infinity Identity!
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
CheckMates Go:
What's New in R82
As Dameon said there normally isn't a big patterns/signature database downloaded and used by AV/ABOT, unlike APCL and IPS. Constant interaction with the ThreatCloud keeps a memory cache up to date with all the latest AV/ABOT updates automatically, so there is no real need to "force" an update most of the time.
However a situation can arise where a value held in the AV/ABOT cache is improperly blocking something causing a false positive. In that case you can create an exception, or a Custom Threat Indicator matching the traffic set to "Inactive" to work around the issue. If you suspect this is a "bad" or malfunctioning entry you can force an immediate refresh of all items in the cache, hoping that Check Point has cleared the problem:
Anti-Virus: sed -i "1s/.*/100/" $FWDIR/amw_kss/update/next_update
Anti-Bot: sed -i "1s/.*/100/" $FWDIR/amw/update/next_update
Note that the "1s" in the sed commands above is a number 1 followed by the letter "s". See here for more detail: sk143972: How to trigger an update for Application Control / Anti-Virus /Anti-Bot / IPS
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
