Support Center > Search Results > SecureKnowledge Details
Autonomous Threat Prevention Management integration Release Updates Technical Level
Solution
Show the Entire Article

Availability | Released Takes | List of resolved issues

 

Introduction

Autonomous Threat Prevention Management (ATPM):

  • New Threat Prevention management, that uses Smart Cyber Policy from the cloud.
  • Provides out of the box Threat Prevention profiles based on business & IT security needs
  • Easy assignment of policy profile that is tailored to your needs.
  • Automatic update of Threat Prevention policy profiles to protect against the latest cyber threats using the latest technologies.
  • Zero day-to-day maintenance required from the administrator, while maintaining optimal security. Administrators still have manual configuration capabilities


Availability

Update Release Date GOT_TPCONF GOT_TPCONF_MGMT GOT_MGMT DC_INFRA
15 14 Jun 2022 (Take 107) (Take 36) (Take 101) (Take 30)
Where:
  • GOT_TPCONF_MGMT, GOT_MGMT and DC_INFRA - Management packages
  • GOT_TPCONF - a Security Gateway package

 

Released Takes

Show / Hide Released Takes

Date Description Package Take
14 Jun 2022 Update 15 GOT_TPCONF 107
GOT_MGMT 101
20 Mar 2022 Update 14 GOT_MGMT 99
GOT_TPCONF 104
dc_infra 30
09 Dec 2021 Update 13 GOT_MGMT 95
GOT_TPCONF 97
dc_infra 34
03 May 2021 Update 11 GOT_MGMT 91
GOT_TPCONF 91
25 Feb 2021 Update 9 GOT_MGMT 82
GOT_TPCONF 86
25 Jan 2021 Update 8 GOT_MGMT 80
GOT_TPCONF 84
dc_infra 26
03 Dec 2020 Update 7 GOT_MGMT 32
GOT_TPCONF 78
dc_infra 22
03 Nov 2020 Update 6 GOT_MGMT 74
GOT_TPCONF 75
dc_infra 21
12 Oct 2020 Update 5 GOT_MGMT 72
01 Oct 2020 Update 4 GOT_MGMT 71
GOT_TPCONF 30
dc_infra 63
10 Sep 2020 Update 3 GOT_MGMT 65
GOT_TPCONF 52
13 Aug 2020 Update 2 GOT_TPCONF 50
15 Jul 2020 Update 1 GOT_MGMT 56
GOT_TPCONF_MGMT 25
GOT_TPCONF 35
dc_infra 18

 

 

Manual Installation


Show / Hide Instructions

Note: first, install Check Point R80.40 GA
  1. Step 1 - Download and install the Autonomous Threat Prevention package GOT_TPCONF on the Security gateway (on cluster, install on each member):
    1. Copy the Gateway package to the Security Gateway and put it in a new folder (name it GW_PKG).
    2. Download the installItpDarwin.sh script and place it to the GW_PKG folder.
    3. Give permissions to the script (chmod +x installItpDarwin.sh)
    4. In the GW_PKG folder, run this script: ./installItpDarwin.sh --local $(pwd)
      When finished, script shows 'Finished'


  2. Step 2 - Install 3 Autonomous Threat Prevention packages on the Management server:
    1. Copy the Management packages to the Security Management Server and put them in a new folder (name it MGMT_PKG).
    2. Download the installItpDarwin.sh script and upload it to MGMT_PKG folder.
    3. On the Security Management Server, give permissions to the script (chmod +x installItpDarwin.sh)
    4. In MGMT_PKG folder, run this script: ./installItpDarwin.sh --local $(pwd).
      When finished, script shows 'Finished' and a list of the installed packages.
    5. In SmartConsole under Threat Prevention profile, you will see Autonomous Threat Prevention


  3. Step 3 - Enable Autonomous Threat Prevention on a Security Gateway Object:
    1. In SmartConsole, go to Gateways & Servers, right-click the Gateway and click Edit.
    2. Go to the Threat Prevention tab (right-lower section of the window) and select Autonomous Threat Prevention.
    3. Click OK


  4. Step 4 - Create an Autonomous Threat Prevention policy (if you already have a Threat Prevention policy package, skip to step 5):
    1. In SmartConsole, go to main Menu and select Manage policies and layers
    2. The Manage policies and layers window opens
    3. Click New - the New Policy window opens
    4. Enter a name for the policy package.
    5. In the General page > Policy types section, select Threat Prevention (you can select more policy types if required).
    6. In SmartConsole, go to Security Policies > Infinity Threat Prevention > Policy
    7. From the drop-down list the 5 pre-defined profiles, select the required profile
    8. Click Ok


  5. Step 5 - Install the Autonomous Threat Prevention policy:
    1. In SmartConsole, from the main menu, select Install policy
    2. Select Threat Prevention
    3. Select the your gateways targets for policy installation
      Note: The Autonomous Threat Prevention policy will be installed on gateways with Threat Prevention Infinity enabled. Gateways with no Threat Prevention Infinity enabled will receive the traditional Threat Prevention Policy
    4. Click Install
    5. Success criteria: Install policy success
    6. Verify the policy is enforced - download malicious file and verify prevention and correct log generated 

 

List of Resolved Issues and New Features per Update

ID Description
Update 15 (14 June 2022)
ODU-385 NEW: Web Zero-day Phishing Prevention is now available for all R81.20 EA customers with an NGTX license.
  • The protection is automatically enabled in the  Autonomous Perimeter and Strict Security profiles.
  • The new Configuration Overview panel prompts fixing potential protection misconfigurations.
Update 14 (20 March 2022)

ODU-283

In some scenarios, Blade Global Exceptions may not be optimized for CPU consumption.
Network feeds and Updatable objects are not supported in ATPM, including as part of Network Groups.
When installing policy with Network Feeds or Updatable Objects which are part of Network Groups or stand-alone, an obscure message may be displayed.
Update 13 (15 July 2021)
ODU-154 UPDATE: Prevention of Codecov supply chain attack is automatically enabled for all policy profiles of Autonomous Threat Prevention.
UPDATE: Sandbox enhanced, with new heuristics for Qbot malware detection and improved AI-based detection capabilities for executable files.
UPDATE: Added new IPS protections for detection and prevention of malicious usage of XML macros, like ZloaderQbot, and Icedid
The License absence warning may be shown to NGTP licensed users.
Update 11 (03 May 2021)
ODU-112 NEW: Added customization capabilities to support RTF files. All Gateways with enabled Sanitization will clean RTF files from potentially malicious content.
NEW: Automatic optimization of a Threat Prevention policy according to the appliance RAM usage during policy installation: for appliances with a lack of RAM,  Autonomous Threat Prevention Management will automatically disable Sanitization technology. An administrator will be notified and can check the status under the “Device and information” section
NEW: In Autonomous Threat Prevention Settings menu, it is now possible to control if the policy package is optimized for rapid file delivery (unknown files delivered after the initial scan, before the final verdict from Sandbox) or for maximum security (files delivered after the final verdict from Sandbox).
UPDATE: Adjusted suffix of sanitized files (".cleaned" by default)
UPDATE: Threat Emulation Sandbox is enhanced with advanced anti-evasion techniques to improve prevention of malware that tries to detect emulation and hides its malicious activities.
UPDATE: Microsoft Exchange Zero-days exploits. On March 2, 2021, Microsoft shared details on multiple severe vulnerabilities (CVE2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) targeting Microsoft Exchange Servers. Microsoft reported that those vulnerabilities have been detected as exploited.

The following IPS protections have been released for the relevant vulnerabilities:
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26855; CVE-2021-27065)
      • Microsoft Exchange Server Remote Code Execution (CVE-2021-26857; CVE-2021-26858)
Update 9 (25 February 2021)
ODU-89 Added various detection enhancements and code improvements.
Update 8 (25 January 2021)
ODU-82 NEW:
  • Profile Security Settings Override and Sanitization Preferences are now available in the Settings tab.
  • Added “Share Feedback” component at the bottom of the screen.
Update 7 (03 December 2020)
ODU-76 Added various detection enchantments and code improvements.
Update 6 (03 November 2020)
TPM-2286,
TPM-2552,
TPM-2565
NEW: Added ability to configure via Management API, Sandbox (Threat Emulation) and Sanitization (Threat Extraction). Refer to sk169952.
TPM-2558 Search in the Deployment Dashboard may not filter the result.
Update 5 (12 October 2020)
TPM-2321 Policy statistics may not be visible.
Update 4 (01 October 2020)
PMTR-58049 In some scenarios, policy installation on Virtual System may fail when ITPM is enabled.
Update 3 (10 September 2020)
TPP-613 NEW: Added the File Protections tab. It provides detailed visibility of file type actions per profile and an option to override default profile actions.
Update 2 (13 August 2020)
- Improvements in IPS Profile settings.
Update 1 (15 July 2020)
- UPDATE: Added Sandboxing support for the following MacOS file types: app, dmg and pkg.
By default, these file types will be sandboxed by all the Gateways.
- UPDATE: Added File Reputation and Sandboxing support for the following archive types: RPM, WIM, CHM, LZH, MSI, ARJ, CPIO, AR, CramFS, QCW2, UDF.
By default, these file types will be inspected by all the Gateways.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment