Support Center > Search Results > SecureKnowledge Details
Autonomous Threat Prevention Management integration Release Updates Technical Level
Solution
Show the Entire Article

Availability| Released Takes | List of resolved issues

 

Introduction

Autonomous Threat Prevention Management (ATPM):

  • New Threat Prevention management, that uses Smart Cyber Policy from the cloud.
  • Provides out of the box Threat Prevention profiles based on business & IT security needs
  • Easy assignment of policy profile that is tailored to your needs.
  • Automatic update of Threat Prevention policy profiles to protect against the latest cyber threats using the latest technologies.
  • Zero day-to-day maintenance required from the administrator, while maintaining optimal security. Administrators still have manual configuration capabilities

For information about EA program, refer to sk163593 - Autonomous Threat Prevention Management

Availability

Update Release Date GOT_TPCONF GOT_TPCONF_MGMT GOT_MGMT DC_INFRA
13 15 July 2021 (Take 97) (Take 34) (Take 95) (Take 26)
Where:
  • GOT_TPCONF_MGMT, GOT_MGMT and DC_INFRA - Management packages
  • GOT_TPCONF - a Security Gateway package

 

Released Takes

Show / Hide Released Takes

Date Description Package Take
09 Dec 2021 Update 13 GOT_MGMT 95
GOT_TPCONF 97
dc_infra 34
03 May 2021 Update 11 GOT_MGMT 91
GOT_TPCONF 91
25 Feb 2021 Update 9 GOT_MGMT 82
GOT_TPCONF 86
25 Jan 2021 Update 8 GOT_MGMT 80
GOT_TPCONF 84
dc_infra 26
03 Dec 2020 Update 7 GOT_MGMT 32
GOT_TPCONF 78
dc_infra 22
03 Nov 2020 Update 6 GOT_MGMT 74
GOT_TPCONF 75
dc_infra 21
12 Oct 2020 Update 5 GOT_MGMT 72
01 Oct 2020 Update 4 GOT_MGMT 71
GOT_TPCONF 30
dc_infra 63
10 Sep 2020 Update 3 GOT_MGMT 65
GOT_TPCONF 52
13 Aug 2020 Update 2 GOT_TPCONF 50
15 Jul 2020 Update 1 GOT_MGMT 56
GOT_TPCONF_MGMT 25
GOT_TPCONF 35
dc_infra 18

 

 

Manual Installation


Show / Hide Instructions

Note: first, install Check Point R80.40 GA
  1. Step 1 - Download and install the Autonomous Threat Prevention package GOT_TPCONF on the Security gateway (on cluster, install on each member):
    1. Copy the Gateway package to the Security Gateway and put it in a new folder (name it GW_PKG).
    2. Download the installItpDarwin.sh script and place it to the GW_PKG folder.
    3. Give permissions to the script (chmod +x installItpDarwin.sh)
    4. In the GW_PKG folder, run this script: ./installItpDarwin.sh --local $(pwd)
      When finished, script shows 'Finished'


  2. Step 2 - Install 3 Autonomous Threat Prevention packages on the Management server:
    1. Copy the Management packages to the Security Management Server and put them in a new folder (name it MGMT_PKG).
    2. Download the installItpDarwin.sh script and upload it to MGMT_PKG folder.
    3. On the Security Management Server, give permissions to the script (chmod +x installItpDarwin.sh)
    4. In MGMT_PKG folder, run this script: ./installItpDarwin.sh --local $(pwd).
      When finished, script shows 'Finished' and a list of the installed packages.
    5. In SmartConsole under Threat Prevention profile, you will see Autonomous Threat Prevention


  3. Step 3 - Enable Autonomous Threat Prevention on a Security Gateway Object:
    1. In SmartConsole, go to Gateways & Servers, right-click the Gateway and click Edit.
    2. Go to the Threat Prevention tab (right-lower section of the window) and select Autonomous Threat Prevention.
    3. Click OK


  4. Step 4 - Create an Autonomous Threat Prevention policy (if you already have a Threat Prevention policy package, skip to step 5):
    1. In SmartConsole, go to main Menu and select Manage policies and layers
    2. The Manage policies and layers window opens
    3. Click New - the New Policy window opens
    4. Enter a name for the policy package.
    5. In the General page > Policy types section, select Threat Prevention (you can select more policy types if required).
    6. In SmartConsole, go to Security Policies > Infinity Threat Prevention > Policy
    7. From the drop-down list the 5 pre-defined profiles, select the required profile
    8. Click Ok


  5. Step 5 - Install the Autonomous Threat Prevention policy:
    1. In SmartConsole, from the main menu, select Install policy
    2. Select Threat Prevention
    3. Select the your gateways targets for policy installation
      Note: The Autonomous Threat Prevention policy will be installed on gateways with Threat Prevention Infinity enabled. Gateways with no Threat Prevention Infinity enabled will receive the traditional Threat Prevention Policy
    4. Click Install
    5. Success criteria: Install policy success
    6. Verify the policy is enforced - download malicious file and verify prevention and correct log generated 

 

List of Resolved Issues and New Features per Update

ID Description
Update 13 (15 July 2021)
ODU-154
  • Prevention of Codecov supply chain attack is automatically enabled for all policy profiles of Autonomous Threat Prevention.
  • Sandbox enhanced, with new heuristics for Qbot malware detection and improved AI-based detection capabilities for executable files.
  • New IPS protections for detection and prevention of malicious usage of XML macros, like Zloader, Qbot, and Icedid
  • Fix of the UI defect that showed license warning to NGTP licensed users.
Update 11 (03 May 2021)
ODU-112 NEW: Added customization capabilities that allow
  • Sanitization technology extended to support RTF files.
    • No action required - All gateways with enabled sanitization will clean RTF files from potentially malicious content.
  • Automatic optimization of a threat prevention policy according to the appliance RAM usage during policy installation: for appliances with a lack of RAM, the Autonomous Threat Prevention Management will automatically disable Sanitization technology. An administrator will be notified and can check the status under the “Device and information” section
  • Adjust suffix of sanitized files (".cleaned" by default)
  • Control if your Policy package is optimized for rapid file delivery (unknown files delivered after the initial scan, before the final verdict from Sandbox) or maximum security (files delivered after the final verdict from Sandbox)
    • You can find both controls under Autonomous Threat Prevention Settings menu.
  • Threat Emulation sandbox enhanced with advanced anti evasion techniques to improve prevention of malware that tries to detect emulation and hide its malicious activities.
  • Microsoft Exchange 0days - On March 2, 2021, Microsoft shared details on multiple severe vulnerabilities (CVE2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) targeting Microsoft Exchange Servers. Microsoft reported that those vulnerabilities have been detected as exploited.
    • The following IPS protections have been released for the relevant vulnerabilities:
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26857; CVE-2021-26858)
Update 9 (25 February 2021)
ODU-89 Added various detection enhancements and code improvements.
Update 8 (25 January 2021)
ODU-82 NEW: Profile Security Settings Override and Sanitization Preferences are now available in the Settings tab.
Share your feedback about Autonomous Threat Prevention management with us using the new “Share Feedback” component at the bottom of the screen.
Update 7 (03 December 2020)
ODU-76 Added various detection enchantments and code improvements.
Update 6 (03 November 2020)
TPM-2286,
TPM-2552,
TPM-2565
Added ability to configure via Management API, Sandbox (Threat Emulation) and Sanitization (Threat Extraction). Refer to sk169952.
TPM-2558 Search in the Deployment Dashboard may not filter the result.
Update 5 (12 October 2020)
TPM-2321 Policy statistics are not visible.
Update 4 (01 October 2020)
PMTR-58049 In some scenarios, policy installation on Virtual System may fail when ITPM is enabled.
Update 3 (10 September 2020)
TPP-613 File Protections tab is now available. It provides detailed visibility of file type actions per profile and an option to override default profile actions.
Update 2 (13 August 2020)
- Fixes in IPS profile settings.
Update 1 (15 July 2020)
- Added Sandboxing support for the following MacOS file types: app, dmg and pkg.
No action is required - the file types will be sandboxed by all your gateways.
- Added File Reputation and Sandboxing support for the following archive types: RPM, WIM, CHM, LZH, MSI, ARJ, CPIO, AR, CramFS, QCW2, UDF.
No action is required - the file types will be inspected by all your gateways.

 

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment