SandBlast Agent Threat Extraction and Threat Emulation

Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. detects zero-day and unknown attacks. Files on the endpoint computer are sent to a sandbox for emulation to detect evasive zero-day attacks.

Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.

As part of the Threat Extraction and Threat Emulation solution, when the SandBlast Agent client is installed on a client computer, the SandBlast Agent Browser Extension is also installed on the Google Chrome browser. The SandBlast Agent Browser Extension protects against malicious files that come from internet sources.

See all Threat Extraction and Threat Emulation logs in SmartLog under Threat Emulation.

  • Logs related to files from the SandBlast Agent Browser Extension show: Monitor Type - Browser Extension and Browser - Chrome

  • Logs related to files from the computer show: Monitor Type - File Monitor

Configure the settings in the SandBlast Agent Threat Extraction and Threat Emulation ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. of in the SmartEndpointClosed A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. Policy tab.