Support Center > Search Results > SecureKnowledge Details
Check Point Document Threat Extraction Technology

Threat Extraction Overview

Threat Extraction is a technology that removes potentially malicious features that are known to be risky from files (macros, embedded objects and more).
This is a new approach for Threat Prevention: instead of determining whether a file is malicious or not, Threat Extraction cleans the file before it enters the organization.
Threat Extraction prevents both known and unknown threats before they arrive to the organization, thus providing better protection against zero-day threats.

Important: since R80.30, Threat Extraction supports HTTP/HTTPS.


Supported file formats

Threat Extraction supports the following primary file formats. Many other formats (such as Windows Metafile) that are commonly associated with these primary formats are also supported.

Format Extensions
Adobe FDF fdf
Adobe PDF (all versions) pdf
Microsoft Docfile Microsoft Visio, Microsoft Project, etc.
Note: since R80.30, valid only on Mail
Microsoft Excel 2007 and above xlsx, xlsb, xlsm, xltx, xltm, xlam
Microsoft Excel 2007 Binary xlsb
Microsoft Excel 97 - 2003 xls
Microsoft PowerPoint 2007 and above pptx, pptm, potx, potm, ppam, ppsx, ppsm
Microsoft PowerPoint 97 - 2003 ppt, pps, pot, ppa
Microsoft Word 2007 and above docx, docm, dotx, dotm
Microsoft Word 97 - 2003 doc, dot


To experience this new technology, you may submit files to SandBlast Analysis Page by sending them to


Important Notes

  • Threat Extraction blade is supported on Security Gateway in VSX mode in R80.10 or above.

  • Threat Extraction processes files over these protocols:

    • over SMTP in MTA mode
    • over HTTP / HTTPS in Browser Extensions and in Sandblast Agent


Related solution: sk112240 - How to add support for new file types in Threat Extraction

Give us Feedback
Please rate this document