Support Center > Search Results > SecureKnowledge Details
How to work with Anti-Virus / Anti-Bot Technical Level
Solution

Configuration

Anti-Virus / Anti-Bot default configuration and policy are very simple, intuitive and set in advance to protect the internal network in the most efficient way.

 

Use the default policy and rule base, and these setting should not be changed. The only scenario when we need to add another rule to Anti-Virus / Anti-Bot policy is described in sk92515 - How to configure Anti-Virus Exceptions.


This is an example of incorrect policy:

 

With this setting all traffic will be matched on rule "1" and AB blade only ( no inspection for AV and TE ).

 

Protections

There are different Anti-Virus / Anti-Bot protections with different confidence levels and performance impacts.

The default "Recommended Profile" for Anti-Virus / Anti-Bot contains the best setup in terms of performance and reliability of detection rate.

Deviation from the "Recommended Profile" can cause performance impact on the environment and false positive detections.

 

Check Point Threat Wiki

Threat Wiki contains all the current information regarding the Malware and protections.

The Threat Wiki is available in the SmartDashboard and it is an easy to use tool that lets you search and filter through Check Point's Malware Database.

Filter by a category, type or risk level and search for a keyword or malware.

Threat Wiki is also accessible online at http://threatwiki.checkpoint.com/threatwiki/public.htm

 

Supported protocols

  • HTTP
  • SMTP
  • HTTPS (if HTTPS Inspection is enabled)

 

Files Types feature

This feature provides the ability to specify "safe" file types that Anti-Virus does not inspect.

You can also configure file types that the Security Gateway blocks. File types can be considered safe because they do not normally contain viruses.

For example, picture and video files are normally considered safe.

Note: This feature will block the file base on its type, according to the policy that was set, and not because the file is malicious.

 

Archives scanning

This feature allows the customer to configure how the Anti-Virus engine unpacks and scans file archives.

Important Note: Using this feature together with "file types" will not provide the ability to block files types (non malicious) within ZIP files.

The ability to block non malicious files within ZIP files is not available for Anti-Virus blade. Use the Threat Emulation blade.

 

Traditional Anti-Virus

Anti-Virus blade and Traditional Anti-Virus can not be activated on the same Security Gateway.

Therefore, all Traditional Anti-Virus settings should be disabled.

 

Related solutions:

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment