While configuring various settings in my locally-managed 1430 appliance (Firmware R77.20.60), I was surprised to find the following Threat Prevention Engine default Settings:
Anti-Virus Blade scans HTTP, FTP, Mail (SMTP and POP3 but not IMAP).
File types policy: Process file types known to contain malware.
Threat Emulation Blade (SandBlast) - does not scan FTP. Scans HTTP and Mail SMTP only.
File types default policy:
Inspect .doc, .docx, .pdf, .ppt, .pptx, .xls, .xlsx, only.
Bypass all other file extensions/types, including .exe, .rar. .zip etc.
So it seems Check-Point experts consider Threat Emulation (SandBlast) as redundant, and rely more strongly on Anti-Virus scanning most file types capable of containing malware.
Please recommend whether I should add several file extensions/types to the very limited group that are scanned by default by the Threat Emulation Blade.