Web and Files Protection
URL Filtering
URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. rules define which sites can be accessed from within your organization.
To set the URL Filtering mode:
-
Go to Policy > Threat Prevention > Policy Capabilities.
-
In the Web & Files Protection tab, under URL Filtering, select a mode:
-
Prevent - The request to enter a site is suspended until a verdict regarding the site is received. Access to the site is blocked if site matches one of the blocked categories or the blacklisting.
-
Allows user to dismiss the URL Filtering alert and access the website.
-
This option is selected by default. It provides the user with access to a blocked site if the end user believes the verdict is unjustified. This option can also be turned off through the Advanced Settings section.
-
-
Detect - Allows an access if a site is determined as malicious, but logs the traffic.
-
Off - URL Filtering is turned off.
-
-
For Advanced Settings, see URL Filtering.
Download Protection
Download Protection rules protects users from malicious content.
To set the Download Emulation & Extraction mode:
-
Go to Policy > Threat Prevention > Policy Capabilities.
-
Select the rule.
-
In the Web & Files Protection tab, under Download Protection, select a mode:
-
Prevent - Prevents the download if the file is either known to be malicious or detected as malicious by the Threat Emulation
Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE..
-
Detect - Emulates original file without suspending access to the file and logs the incident. The file is blocked if it is malicious or blocked by file extension (Advanced Settings > Download Protection). If not, the file is downloaded before the emulation is complete.
-
Off - Downloads the file without protection.
-
-
For Advanced Settings, see Download Protection.
Credential Protection
Zero Phishing
Phishing prevention checks different characteristics of a website to make sure that a site does not pretend to be a different site and use personal information maliciously.
To set the Zero Phishing mode:
-
Go to Policy > Threat Prevention > Policy Capabilities.
-
Select the rule.
-
In the Web & Files Protection tab, under Zero Phishing, select a mode:
-
Prevent - If site is scanned and found to be malicious, access to it is blocked and log of the incident is shown in the Harmony Browse web management log section.
-
Detect - An incident log is sent but access to the site is not be blocked. Also, the site scan is silent (invisible to the user).
-
OFF – Turns off the feature.
-
-
For Advanced Settings, see Credential Protection.
Password Reuse Protection
Alerts users not to use their corporate password in non-corporate domains.
To set the Password Reuse mode:
-
Go to Policy > Threat Prevention > Policy Capabilities.
-
Select the rule.
-
In the Web & Files Protection tab, under Password Reuse, select a mode:
-
Prevent mode - Blocks the user from entering the corporate password and opens the blocking page in a new tab. If you enable Allow users to dismiss the password reuse alert and access the website, then it allows the user to dismiss the blocking page and continue to enter the corporate password.
-
Detect mode - The system does not block the user from entering the corporate password. If a user enters the corporate password, it is captured in the Harmony Browse logs.
-
Off - Turns off password reuse protection.
-
-
For Advanced Settings, see Credential Protection.
Safe Search
Search Reputation
Search Reputation is a feature added to search engines that classifies search results based on URL's reputation.
|
Notes:
|
To set the Search Reputation mode:
-
Go to Policy > Threat Prevention > Policy Capabilities.
-
Select the rule.
-
In the Web & Files Protection tab, under Search Reputation, select a mode:
-
On - Turns on the feature.
-
Off -Turns off the feature.
-
When you enable this feature, the icon across the URL in the search results indicate the classification:
Icon |
Classification |
---|---|
![]() |
The website is safe. Example:
|
![]() |
The website is not safe. Example:
|
![]() |
The website is blocked by the Administrator. Example:
|
|
Note - If the Search Reputation cannot classify a URL, then it does not display an icon across the URL. If you want such URLs to be classified and blocked, then enable the Uncategorized checkbox in URL Filtering > Categories > General Use. The Search Reputation classifies Uncategorized URLs as The website is blocked by the Administrator. |
Force Safe Search
Force Safe Search is a feature in search engines that acts as an automated filter for potentially offensive and inappropriate content.
To set the Force Search Reputation mode:
-
Go to Policy > Threat Prevention > Policy Capabilities.
-
Select the rule.
-
In the Web & Files Protection tab, under Force Safe Search, select a mode:
-
On - Hides explicit content from the search results.
-
Off - User sees the most relevant results for their search, which may include explicit content like images consisting of violence.
-
Main features:
-
When ‘Force Safe Search’ is on, Harmony Browse turns on Safe Search on the supported search engines.
-
It is supported with Google, Bing, and Yahoo search engines.
-
Force Safe Search is off by default.
-
Force Safe Search is supported with Google Chrome, and Microsoft Edge browsers.
Advanced Settings
URL Filtering
|
Note - You must set the URL Filtering Mode to Prevent or Detect to set the Advanced Settings. |
Allow user to dismiss the URL Filtering alert and access the website – Allows user to bypass URL filtering and access the website.
Categories
Harmony Browse categorizes websites and you can specify the categories that must be blocked for the user. When you select a category, the URL Filtering rule applies to all sites in the selected category.
To specify the categories to block:
-
Under Categories, select the category. For example, Bandwidth Consumption.
-
Click Show and then select the sub-category.
Black List
You can specify specific URLs, domains or IP addresses you want to block.
To black list a domain or IP address, click Show and add the URL, domain or IP address.
|
Notes:
|
Malicious Script Protection
Malicious Script Protection scans Uncategorized websites for embedded malicious JavaScripts. If the domain that hosts the script belongs to any one of these categories, then the page is blocked and the event is logged.
-
Anonymizer
-
Botnets
-
Critical Risk
-
High Risk
-
Medium Risk
-
Phishing
-
Spam
-
Spyware
-
Malicious Sites
-
Suspicious Content
|
Note - Ensure that you set URL Filtering Mode to either Prevent or Detect.If it is set to Prevent, the page is blocked and the event is logged. If it is set to Detect, the page is not blocked and the event is logged. |
To specify malicious script protection:
-
To enable malicious script protection, select Block websites where Malicious Scripts are found embedded in the HTML.
-
To allow users to dismiss the malicious script security alert and access the website, select Allow user to dismiss the Malicious Scripts alert and access the website.
Download Protection
|
Note - You must set the Download Emulation & Extraction to Prevent or Detect to set the Advanced Settings. |
Harmony Browse protects against malicious files that you download to your Endpoint. By default, it sends the files for extraction and emulation to Check Point's Threat Emulation on the cloud before they are downloaded to the Endpoint disk. You can also configure Harmony Browse with Threat Emulation on-premise. For more information, see sk113599.
-
Threat Emulation: Detects zero-day and unknown attacks. Files are sent to sandbox for emulation to detect evasive zero-day attacks.
-
Threat Extraction
Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX.: Proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.
Supported Files
The supported file types for Threat Emulation are:
Threat Emulation Supported File Types |
||
---|---|---|
7z | lnk | tbz2 |
arj | pif | tbz |
bz2 | tb2 | |
bat | ppt | tgz |
CAB | pptx | udf |
csv | pps | uue |
com | pptm | wim |
cpl | potx | xlt |
dll | potm | xls |
doc | ppam | xlsx |
docx | ppsx | xlm |
dot | ppsm | xltx |
dotx | ps1 | xlsm |
dotm | rar | xltm |
docm | rtf | xlsb |
exe | scr | xla |
gz | sldx | xlam |
hwp | sldm | xll |
iso | slk | xlw |
iqy | swf | xz |
jar | tar | zip |
The supported file types for Threat Extraction are:
Threat Extraction Supported File Types |
||
---|---|---|
doc |
potm |
pptx |
docm |
potx |
xls |
docx |
ppa |
xlsb |
dot |
ppam |
xlsm |
dotm |
pps |
xlsx |
dotx |
ppsm |
xlt |
fdf |
ppsx |
xltm |
|
ppt |
xltx |
pot |
pptm |
xlam |
|
Note - Ignore the files types listed in the Harmony BrowseAdministrator Portal. |
The options available for supported file types are Threat Extraction are:
-
Get extracted copy before emulation completes
-
Extract potential malicious elements - While a file is tested, receive a copy of the file with all suspicious parts removed. Files that support extraction are available for download after the extraction. Files that do not support extraction are available for download only after the emulation and if it is benign.
-
Covert to PDF - For receive the file in a PDF format. If the file is not malicious, users receive the original file when the emulation is finished. Emulation can take up to two minutes.
-
-
Suspend download until emulation completes – The original file is downloaded if found to be clean.
-
Emulate original file without suspending access - Emulates original file without suspending access to the file and logs the incident. If the file is malicious, it is blocked.
-
Allow – Threat Emulation and Threat Extraction is turned off.
Unsupported Files
The options available for unsupported files types are:
-
Allow Download - Allows user to access the file.
-
Block Download - Blocks user from accessing the file.
Emulation Environments
You can specify the size limit for files that must be sent for Threat Emulation. Files larger than the specified limit are not sent to Threat Emulation.
Upload and emulate files under – Specify the file size limit for Threat Emulation. The default file size limit is 15 MB. The maximum file size limit supported is 50 MB.
Override Default File Actions
Harmony Browse allows you to override the default action for a file type.
To override a file action, click Edit and select the File action and Extraction Mode.
Credential Protection
|
Note - You must set the Zero Phishing and Password Reuse to Prevent or Detect to set the Advanced Settings. |
User can select any of these settings under Zero Phishing:
-
Allow user to dismiss the phishing alert and access the website - It allows the user to dismiss the blocking page and continue to enter the corporate password.
-
Send log on each scanned site
-
Allow user to abort phishing scans
-
Scan local HTML files - By default, the Harmony Browse extension in Chromium-based browsers (Chrome, Microsoft Edge, and Brave) cannot access the local HTML files opened by the browser to scan them for phishing attacks. This setting prompts users to grant permission to Chromium-based browsers to access and scan local HTML files on your PC.
Notes:
-
You can customize the prompt page. For more information, see Configuring Client Settings Policy
-
This feature is not supported with Safari and Internet Explorer browser extensions.
-
User can select any of these settings under Password Reuse Protection:
-
To protect a domain, click Edit and enter the domain name or IP address.
-
You can also select Allow users to dismiss the password reuse alert and access the website setting.
Browser Settings
Starting from the Harmony Browse Client version BROWSE_90.09.0001 and higher, the extension is pinned to the browser by default for users.
To allow users to unpin the browser extension, clear Always pin the browser extension to the tool bar under Pin Extension.
|
Note - You can unpin the extension only on Chromium browsers, such as Chrome, Edge and Brave. You cannot unpin an extension in Firefox. |