Anti-Virus / Anti-Bot default configuration and policy are very simple, intuitive and set in advance to protect the internal network in the most efficient way.
Use the default policy and rule base, and these setting should not be changed. The only scenario when we need to add another rule to Anti-Virus / Anti-Bot policy is described in sk92515 - How to configure Anti-Virus Exceptions.
This is an example of incorrect policy:
With this setting all traffic will be matched on rule "1" and AB blade only ( no inspection for AV and TE ).
There are different Anti-Virus / Anti-Bot protections with different confidence levels and performance impacts.
The default "Recommended Profile" for Anti-Virus / Anti-Bot contains the best setup in terms of performance and reliability of detection rate.
Deviation from the "Recommended Profile" can cause performance impact on the environment and false positive detections.
Check Point Threat Wiki
Threat Wiki contains all the current information regarding the Malware and protections.
The Threat Wiki is available in the SmartDashboard and it is an easy to use tool that lets you search and filter through Check Point's Malware Database.
Filter by a category, type or risk level and search for a keyword or malware.
Threat Wiki is also accessible online at http://threatwiki.checkpoint.com/threatwiki/public.htm
- HTTPS (if HTTPS Inspection is enabled)
Files Types feature
This feature provides the ability to specify "safe" file types that Anti-Virus does not inspect.
You can also configure file types that the Security Gateway blocks. File types can be considered safe because they do not normally contain viruses.
For example, picture and video files are normally considered safe.
Note: This feature will block the file base on its type, according to the policy that was set, and not because the file is malicious.
This feature allows the customer to configure how the Anti-Virus engine unpacks and scans file archives.
Important Note: Using this feature together with "file types" will not provide the ability to block files types (non malicious) within ZIP files.
The ability to block non malicious files within ZIP files is not available for Anti-Virus blade. Use the Threat Emulation blade.
Anti-Virus blade and Traditional Anti-Virus can not be activated on the same Security Gateway.
Therefore, all Traditional Anti-Virus settings should be disabled.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.