Support Center > Search Results > SecureKnowledge Details
Check Point Document Threat Extraction Technology Technical Level
Solution

Threat Extraction Overview

Threat Extraction is a technology that removes potentially malicious features that are known to be risky from files (macros, embedded objects and more).
This is a new approach for Threat Prevention: instead of determining whether a file is malicious or not, Threat Extraction cleans the file before it enters the organization.
Threat Extraction prevents both known and unknown threats before they arrive to the organization, thus providing better protection against zero-day threats.

Important: since R80.30, Threat Extraction supports HTTP/HTTPS.

 

Supported file formats

Threat Extraction supports the following primary file formats. Many other formats (such as Windows Metafile) that are commonly associated with these primary formats are also supported.

Format Extensions mail/Web/Both* Supported Methods Recommended Method
Adobe FDF fdf Both Extract/Convert to PDF Extract
Adobe PDF (all versions) pdf Both Extract/Convert to PDF Extract
Microsoft Docfile Microsoft Visio, Microsoft Project, etc. mail Extract/Convert to PDF Extract
Microsoft Excel 2007 and above xlsx, xlsb, xlsm, xltx, xltm, xlam Both Extract/Convert to PDF Extract
Microsoft Excel 2007 Binary xlsb Both Extract/Convert to PDF Extract
Microsoft Excel 97 - 2003 xls Both Extract/Convert to PDF Extract
Microsoft PowerPoint 2007 and above pptx, pptm, potx, potm, ppam, ppsx, ppsm Both Extract/Convert to PDF Extract
Microsoft PowerPoint 97 - 2003 ppt, pps, pot, ppa Both Extract/Convert to PDF Extract
Microsoft Word 2007 and above docx, docm, dotx, dotm Both Extract/Convert to PDF Extract
Microsoft Word 97 - 2003 doc, dot Both Extract/Convert to PDF Extract
Rich Text Format rtf Both Extract*/Convert to PDF

* From R80.40 Engine update 2
Extract


Compressed graphic Format JPEG jpeg,jpg,jpe,jfif mail Extract/Convert to PDF Extract
Multi Picture Format File mpo mail Convert to PDF Bypass
Ichitaro word proccessing application jtd mail Convert to PDF Bypass
Hanword hwp mail Convert to PDF Bypass
Graphics interchange Format gif mail Extract/Convert to PDF Extract
Tagged Image File Format tif,tiff mail Extract/Convert to PDF Extract
Portable Network Graphics png mail Extract/Convert to PDF Extract
bitmap image file bmp mail Extract/Convert to PDF Extract
Device independent Bitmap file dib mail Convert to PDF Bypass
Encapsulated Postscript file eps mail Convert to PDF Convert to PDF
adobe Photoshop Document psd mail Convert to PDF Bypass
Targa Graphic tga mail Convert to PDF Bypass
Paintbrush bitmap image file pcx mail Convert to PDF Bypass
DICOM image dcm mail Covnert to PDF Bypass
JavaScript File js mail Convert to PDF Bypass
Extensible Markup Language xml mail Convert to PDF Bypass
Plain Text file txt mail Convert to PDF  Bypass
Hypertext Markup Language html mail Convert to PDF Bypass

To experience this new technology, you may submit files to SandBlast Analysis Page by sending them to threats@checkpoint.com.

 

Important Notes

  • Threat Extraction blade is supported on Security Gateway in VSX mode in R80.10 or above.

  • Threat Extraction processes files over these protocols:

    • over SMTP in MTA mode
    • over HTTP / HTTPS in Browser Extensions and in Sandblast Agent
  • Starting from R80.30, Threat Extraction support HTTP/S extraction "inline" without SB4B  

 

Related solution: sk112240 - How to add support for new file types in Threat Extraction

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment