Threat Emulation - Excluded Mail Addresses

What can I do here?

Use this window to exclude email senders and recipients from scanning.

Getting Here - Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. > Threat Prevention > Policy > Custom Policy Tools > Profiles > Profile > Mail > Exceptions > Emulation Exceptions > Configure

Excluding Emails

You can enter email addresses that are not included in Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. protection. SMTP traffic that is sent to or from these addresses is not sent for emulation.

Note - If you want to do emulation on outgoing emails, make sure that you set the Protected Scope to Inspect incoming and outgoing files.

To exclude emails from Threat Emulation:

  1. In the Recipients section, you can click the Add button and enter one or more emails.

    Emails and attachments that are sent to these addresses will not be sent for emulation.

  2. In the Senders section, you can click the Add button and enter one or more emails.

    Emails and attachments that are received from these addresses will not be sent for emulation.

    Note - You can also use a wildcard character to exclude more than one email address from a domain.

  3. Click OK and close the Threat Prevention profile window.

  4. Install the Threat Prevention policy.