Support Center > Search Results > SecureKnowledge Details
How to use a custom UserCheck object for Threat Extraction in the Autonomous Threat Prevention policy Technical Level
Solution

It is currently not possible to use UserCheck objects in the Autonomous Threat Prevention policy.

Check Point plans to improve the design to resolve this issue.

In the meantime, you can use a workaround to create a UserCheck object for Threat Extraction in the Autonomous policy.

Workaround:

  1. Contact Check Point Support to get the required files:

    1. Hotfix for your Security Gateway / Cluster.

    2. Shell script for your Security Gateway / Cluster.

    A Support Engineer will make sure the Hotfix is compatible with your environment before providing the Hotfix.
    For faster resolution and verification, collect CPinfo files from the Management Server and Security Gateways / Cluster Members involved in the case.

    Hotfix installation instructions:
    Refer to sk168597 - How to install a Hotfix.

  2. In SmartConsole, go to Security Policies > Threat Prevention > Custom Policy.

  3. In the Custom Policy Tools section, click UserCheck.

  4. Create a custom UserCheck object.

    In our example, we called this object "Company Policy Threat Extraction Custom UC message".

  5. In SmartConsole, click Custom Policy.

  6. Edit the applicable profile.

  7. In the profile, go to Threat Extraction > General.

  8. Select the custom UserCheck object you created earlier and click OK:

  9. Install the Threat Prevention policy to force the creation of the UserCheck object on the Security Gateway (even though you are using the Autonomous Threat Prevention profile).

  10. Transfer the required shell script from your computer to the Security Gateway / each Cluster Member to some directory (for example, /var/log/).

  11. Connect to the command line on the Security Gateway / each Cluster Member.

  12. Log in to the Expert mode.

  13. Go to the directory where you put the shell script:

    cd /var/log

  14. Assign the required permission to the shell script:

    chmod -v 777 scrub_change_uc.sh

  15. Run the shell script in this way:

    ./scrub_change_uc.sh "<FULL_NAME_OF_CUSTOM_USERCHECK_OBJECT>"

    Example:

    ./scrub_change_uc.sh "Company Policy Threat Extraction Custom UC message"

From now, the custom UserCheck object is enforced by Threat Extraction in the Autonomous policy.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment 

SECURE YOUR EVERYTHING

©

Copyright | Privacy Policy
Follow Us