Threat Prevention Scheduled Updates

Introduction to Scheduled Updates

Check Point wants the customer to be protected. When a protection update is available, Check Point wants the configuration to be automatically enforced on the gateway. You can configure automatic gateway updates for the Anti-Virus, Anti-Bot, Threat Emulation and IPS blades.

For the Anti-Virus, Anti-Bot and Threat Emulation, the gateways download the updates directly from the Check Point cloud.

For the IPS blade, prior to R80.20, the updates were downloaded to the Security Management Server, and only after you installed policy, the gateways could enforce the updates. Starting from R80.20, the gateways can directly download the updates. For R80.20 gateways and higher with no internet connectivity, you must still install policy to enforce the updates.

When you configure automatic IPS updates on the gateway, the action for the newly downloaded protections is by default according to the profile settings.

IPS, Anti-Virus and Anti-Bot updates are performed every two hours by default. Threat Emulation engine updates are performed daily at 05:00 by default, and Threat Emulation image updates are performed daily at 04:00 by default.

You can see the list of Anti-Bot and Anti-Virus protections in Threat Tools > Protections, and the list of IPS protections in Threat Tools > IPS Protections. The update date appears next to each protection.

Configuring Threat Prevention Scheduled Updates

To configure Threat Prevention scheduled updates:

1. In SmartConsole, go to the Security Policies page and select Threat Prevention.
2. In the Threat Tools section of the Threat Prevention Policy, click Updates.
3. In the section for the applicable Software Blade, click Schedule Update.

   The Scheduled Updates window opens.

4. Make sure Enable <blade> scheduled updates is selected.
5. For IPS, there are 2 more configuration options for scheduling Security Management Server updates:
   • On successful IPS update on the Security Management Server, install policy on the Security Gateway - automatically installs the policy on the devices you select after the IPS update is completed. Click Configure to select these devices.

     Note - In pre-R80 gateways, IPS was part of the Access Control policy. Therefore, when you select this option, a message shows which indicates that for pre-R80 gateways, the Access Control policy is installed and for R80 and above gateways, the Threat Prevention policy is installed.

   • Perform retries on the Security Management Server when the update fails - lets you configure the number of tries the scheduled update makes if it does not complete successfully the first time.
6. Click Configure.
7. In the window that opens, set the Time of event:
   • Update every: set the update frequency by hours

   OR:

   • Update at: set the update frequency by days:
     • Daily - Every day
     • Days in week - Select days of the week
     • Days in month - Select dates of the month
8. Click OK.
9. Click Close.
10. Install Policy.

To Learn More About Threat Prevention

To learn more about configuring a Threat Prevention Policy, see the R80.30 Threat Prevention Administration Guide.