AnsweredAssumed Answered

Too few file types are inspected by default by SandBlast

Question asked by Ben-Zion Joselson on Dec 30, 2017
Latest reply on Jan 4, 2018 by Miri Ofir

While configuring various settings in my locally-managed 1430 appliance (Firmware R77.20.60), I was surprised to find the following Threat Prevention Engine default Settings:

 

Anti-Virus Blade scans HTTP, FTP, Mail (SMTP and POP3 but not IMAP).
 File types policy: Process file types known to contain malware.

 

Threat Emulation Blade (SandBlast) - does not scan FTP. Scans HTTP and Mail SMTP only.
 File types default policy:

Inspect .doc, .docx, .pdf, .ppt, .pptx, .xls, .xlsx, only.
Bypass all other file extensions/types, including .exe, .rar. .zip etc.

 

So it seems Check-Point experts consider Threat Emulation (SandBlast) as redundant, and rely more strongly on Anti-Virus scanning most file types capable of containing malware.

 

Please recommend whether I should add several file extensions/types to the very limited group that are scanned by default by the Threat Emulation Blade.

Outcomes