Customer Threat Prevention
& Vulnerability Management Survey
Hunting Malware Using Memory Forensics
CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!
Harmony Endpoint:
Packing a Punch in 2024
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
The Difference Is In The Details
If attacks are being logged as "Detect" it is because the Threat Prevention policy has not been set to "Prevent" those particular signatures. Based on the "a1.jpg" screen shot, it looks like your policy is in detect mode. Detect mode will just log + alert you to an event happening, but the Gateway won't actually prevent anything from happening. This mode is good to give you an idea what is going on in your environment.
However, if you want the Gateway to prevent things, those policies need to be changed over to "Prevent". In R80.10, you can do this by going to Security Policies -> Threat Prevention -> Policy and reviewing the settings. Check Point offers some "out of the box" templates like Strict, Optimized, and Basic to get you started. If you aren't totally familiar with Threat Prevention, one of these templates may be a good place to start.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
