Are there any Check Point recommendations for Anti-Virus deep scanning enabling? In terms of performance we understand that performance impact is increasing, but what about security side? Are there some best practices about this?
Please refer the sk100633 (Best Practices - threats investigation using Threat Prevention Software Blades).Following Presentation: Investigative Best Practices with Threat Prevention in the sk will help you in better utilization of the threat prevention blades as per your environment.
First off, AV Deep Scanning invokes components that were created by Kaspersky Labs:
sk118539: How to disable and remove Kaspersky Labs components from Check Point Security Gateway
From a performance perspective, deep scanning invokes additional inspection that takes place outside the kernel of the firewall in process space. Any trip between the firewall's kernel and process space will cause a fair amount of extra overhead, I refer to these trips as the firewall's "fourth path" (in addition to SXL, PXL, F2F).
-- My book "Max Power: Check Point Firewall Performance Optimization" now available via http://maxpowerfirewalls.com.
Retrieving data ...