Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
JoaT
Explorer
Jump to solution

Application Name in Log not found in Application List

I have been slowly implementing the application control, and noticed today the Overpage page listing a list of allowed high risk applications.  One of those applications is loadm.exelator.com.  I went to the Security Policies, Application and was going to make a rule to block it, but that application does not appear in list.

 

But when I research it in the logs, it lists it there, and a category even.  How do I block it when it is not listed in the Applications list in the rulebase though?  

 

See attached image for log entry.

 

0 Kudos
1 Solution

Accepted Solutions
MikeB
Advisor

Ofcourse yo can do it! you need to create a Custom Application/Site:

 

image.png

 

 

 

 

 

 

 

and then add the URLs that you want to block (or permit) in this custom category:

 

image.png

 

Check sk165094 for best practices: https://support.checkpoint.com/results/sk/sk165094

 

View solution in original post

(1)
8 Replies
MikeB
Advisor

The log was generated by URL FILTERING blade (not Application Control Blade) so this should be blocked by URL Filtering "categories" (not an specific application) in your access policy.

If you have R81.10, check the admin guide here: https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_SecurityManagement_AdminGuid...

 

 

JoaT
Explorer

So I would block it by using the categories Spam, High Risk and URL Filtering, but there is no way to block it directly by the loadm.exelator.com that is listed, correct?

 

0 Kudos
MikeB
Advisor

Ofcourse yo can do it! you need to create a Custom Application/Site:

 

image.png

 

 

 

 

 

 

 

and then add the URLs that you want to block (or permit) in this custom category:

 

image.png

 

Check sk165094 for best practices: https://support.checkpoint.com/results/sk/sk165094

 

(1)
MikeB
Advisor

Also....Check Point provides an online tool that allows you to check whether a URL is classified under one of the categories of the URL Filtering Blade. After you check the URL, this tool also allows you to suggest an alternative categorization for the URL:

 

https://urlcat.checkpoint.com/

 

the_rock
Legend
Legend

All great points @MikeB 

0 Kudos
JoaT
Explorer

Thank you very much!  Perfect

0 Kudos
the_rock
Legend
Legend

Btw, I will add one more thing on top of what @MikeB said. I know this has come up few times before, so figured would mention it. Some folks had said they whitelist all the needed sites, but they still get blocked. I spent, cant even count, how many hours with TAC and different customers troubleshooting this and I found way it works all the time, never let me down. So, here is what I mean by that.

Say you wish to block everything facebook or youtube, I simply create custom app/site as @MikeB pointed out and add *facebook* and *youtube* and thats it. Otherwise, I can tell you right now, if you try and follow all the examples given in the sk165094, no offense, but you might be on the phone till 3 am or longer lol

Just giving you my honest feedback/experience.

Cheers,

Andy

the_rock
Legend
Legend

I agree with @MikeB , makes sense what he advised about which blade blocked this traffic.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events