Web Download Protection

Define the settings for the SandBlast Agent Browser Extension to protect against malicious files that come from internet sources. The Browser Extension is supported on Google Chrome.

The automatic options are:

  • Protect web downloads with Threat Extraction and Emulation - Send files for emulation. While a file is tested, users receive a copy of it with all suspicious parts removed. If the file is not malicious, users receive the original file when the emulation is finished. Emulation can take up to two minutes.

  • Protect web downloads with Threat Emulation - Send files for emulation. Users do not receive a copy during the emulation. If the file is not malicious, users receive the original file when the emulation is finished. Emulation can take up to two minutes.

  • Do not use web download protection - The SandBlast Agent Browser Extension is not active.

When Threat ExtractionClosed Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. is selected, it only applies to file types that can be extracted, such as documents.

When Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. is selected, it only applies to file types that can be emulated, such as executables and scripts.

You can edit the selections manually to define more settings for Threat Extraction and Threat Emulation for different file types.

To change the setting for categories of file types:

  1. In a SandBlast Agent Threat Extraction and Threat Emulation ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right-click the Web Download Protection Action and select Edit Shared Action.

  2. Expand the list for the type of file that you choose:

    • Files that can be extracted and emulated (such as documents and pictures).

    • Files that can only be emulated (such as executables and scripts).

    • When neither Extraction nor Emulation is supported (such as videos).

  3. Select an option for emulation and access to the original file from the options shown. Different options show for different file types.

    • Extract and suspend original file until emulation completes - Send files for emulation. While a file is tested, the user receives a copy of it with all suspicious parts removed.

    • Emulate and suspend original file until emulation completes - Send files for emulation. Users only receive the files after the emulation finishes and the file was found to be safe.

    • Emulate original file without suspending access - Send files for emulation. Users can download and access the file while it is tested. The administrator is notified if files are found to be malicious.

    • Allow Download - No emulation or extraction. The download is allowed.

    • Block Download - No emulation or extraction. The download is blocked.

  4. If files are extracted, select the Extract Mode, which is the format of the extracted document that users can see during the emulation.

    • Extract potentially malicious elements -The file is sent in its original file type but without malicious elements.

    • Convert to PDF - When relevant, files are converted to PDF.

  5. Click OK.

To change the setting for a specified file type, such as.zip or .pdf:

  1. In a SandBlast Agent Threat Extraction and Threat Emulation rule, right-click the Web Download Protection Action and select Edit Shared Action.

  2. Click Override default file action per file type.

  3. Select a file type.

  4. Click in the File Action column to select a different action for that file type.

  5. Click in the Extraction Mode column to select a different extraction mode for the file type.

  6. Click OK.