Anti-Malware
The Anti-Malware security engine determines if an email attachment or a shared file contains malware.
It uses Check Point’s ThreatCloud to detect files containing known malware (Anti-Virus) and Check Point’s advanced sandbox (Threat Emulation) to detect the evasive zero-day malware.
Engines Enabled
Under Engines Enabled, you can see the security engines available based on the license.
It could include Anti-Virus (known malware detection) or Threat Emulation & Antivirus (advanced sandbox).
To see the Engines Enabled for your tenant, go to Security Settings> Security Engines and click Configure for Anti-Malware.
Malware Emulation Operating Systems
Sandboxing attachments and shared files is crucial for detecting advanced zero-day unknown malware hidden in them.
During sandboxing, the Check Point Anti-Malware (Threat Emulation) engine opens the file in a secured virtual machine and baits it to trigger its malicious behavior.
A dedicated team in Check Point constantly perfects the engine and the preferences of the virtual machines on which files are emulated. Specifically, this team selects the operating systems of those machines.
Administrators can choose not to follow the Check Point best practices and to select the operating systems on their own. To do that, contact Check Point Support.
|
|
Note - Changing the default operating systems for emulation is not recommended and can damage the malware detection rate. |
Anti-Malware Inspection - File Size Limit
The Anti-Malware security engine inspects files attached to an email or shared via supported file sharing/messaging applications for malware only if it is less than 50 MB.