Best Practice to Enable Software Blades

We recommend you to enable the Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. and the operating modes in the order shown in the table below.

• Add exclusions before you enable a Software Blade.

• Enable the Software Blade on a test group before you enable it on the organization level.

Order	Software Blade	Operating Mode	Applicable Group Level
1.1 1.2	Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. 1,2,3	Prevent Prevent	Test Organization
2.1 2.2	Forensics	Prevent Off	Test Organization
3.1 3.2 3.3 3.4	Anti-Ransomware and Behavioral Guard1	Detect Detect Prevent Prevent	Test Organization Test Organization
4.1 4.2	Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. 1	Prevent Prevent	Test Organization
5.1 5.2 5.3 5.4	Anti-Exploit 1	Detect Detect Prevent Prevent	Test Organization Test Organization
6.1 6.2 6.3 6.4	Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. 1 and URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF. 1	Detect Detect Prevent Prevent	Test Organization Test Organization
7.1 7.2 7.3 7.4	Analysis and Remediation 1	High High Always Always	Test Organization Test Organization

¹ Add exclusions before enabling the blade.

• For Citrix Anti-Malware, click here.

• For Microsoft Terminal Server Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., click here.

• For FSLogix Anti-Virus, click here.

² Schedule the scan during non-active period.

³ To add exclusions, see sk122706.