Print Download Documentation Send Feedback

Previous

Next

Updates - Threat Prevention

What can I do here?

Use this window to configure automatic updates to the malware database, Threat Emulation engine, Threat Emulation images, and IPS database.

Getting Here

Getting Here - Security Policies Threat Prevention > Policy > Threat Tools > Updates

Updating the IPS and Malware Databases

The IPS protection database and the Malware database automatically download updates at regular intervals. This ensures that you have the latest IPS protections, and the most current data and newly added signatures and URL reputations in your Anti-Bot and Anti-Virus policy.

The Malware database only updates if you have a valid Anti-Bot, Threat Emulation and/or Anti-Virus contract.

By default, updates for Anti-Virus and Anti-Bot run on the Security Gateway every two hours. For IPS and Threat Emulation you must configure an update schedule. You can change the update schedule or choose to manually update the Security Gateway. The updates are stored in a few files on each Security Gateway.

Updating IPS Protections

Check Point constantly develops and improves its protections against the latest threats. You can manually update the database with latest IPS protections.

Note - The Security Gateways with IPS enabled only get the updates after you install the Policy.

For troubleshooting or for performance tuning, you can revert to an earlier IPS protection package.

To manually update the IPS protections:

  1. In SmartConsole, click Security Policies > Threat Prevention.
  2. In the Threat Tools section, click Updates.
  3. In the IPS section, click Update Now.
  4. Install the Access Control policy.

To revert to an earlier protection package:

  1. In the IPS section of the Threat Prevention Updates page, click Switch to version.
  2. In the window that opens, select an IPS Package Version, and click OK.
  3. Install the Access Control policy

Scheduling Updates

You can change the default automatic schedule for when updates are automatically downloaded and installed. If you have Security Gateways in different time zones, they are not synchronized when one updates and the other did not yet update.

To configure Threat Prevention scheduled updates:

  1. In SmartConsole, go to the Security Policies page and select Threat Prevention.
  2. In the Threat Tools section of the Threat Prevention Policy, click Updates.
  3. In the section for the applicable Software Blade, click Schedule Update.

    The Scheduled Update window opens.

  4. Make sure Enable <feature> scheduled update is selected.
  5. Click Configure.
  6. In the window that opens, set the Update at time and the frequency:
    • Daily - Every day
    • Days in week - Select days of the week
    • Days in month - Select dates of the month
  7. Click OK.
  8. Click Close.
  9. Install the policy for the applicable Software Blade:
    • IPS updates, install the Access Control policy (for Pre-R80 gateways)
    • Anti-Bot, Anti-Virus, and Threat Emulation updates, and R80.x IPS gateways, install the Threat Prevention policy