Adding Exclusions to Rules
Below is the list of supported exclusions.
Threat Emulation, Threat Extraction, and Zero-Phishing Exclusions
You can exclude:
-
Domains
-
SHA1 hashes from Threat Emulation
Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.
Domain exclusions
-
To exclude an IP, in the Element field, enter IP address followed by subnet mask in the format <X.X.X.X>/ <subnet mask >. For example, to exclude a computer with IP address 192.168.100.30, enter 192.168.100.30/24.
-
Domain exclusions must be added without http/s, *, or any other special characters.
Domain exclusions can be added with or without www.
-
Sub-domain exclusions are supported.
Exclusion of a domain will exclude all its subdomains as well.
For example:
|
If you enter the domain |
It excludes these domains |
It does not exclude these domains |
|---|---|---|
| www.domain.com |
|
|
| domain.com |
|
- |
| sub.domain.com |
|
https://sub2.domain.com |
SHA1 exclusions -
-
It is not supported with Internet Explorer.
-
Macro exclusion - To exclude the office files which includes a macro, set exclusions for the SHA1 hash of the macro.
For example, if an exclusion is set to SHA1 hash of the macro, all the files which includes this macro are excluded.
Notes -
-
This is supported with Endpoint Security Client
Application installed on end-user computers to monitor security status and enforce security policies. version E88.00 or higher. -
To view the hash of a macro, see the Description in the Forensic Details section in the Card of the event. For more information see, Adding Exclusions from Logs.
-
-
Excludes downloaded files from File Protection.
-
Excludes local HTML files from Zero Phishing.