Configuring the Threat Prevention Policy

The Threat Prevention policy includes these components:

• Web & Files Protection - Includes download protection, credential protection and Files protection.

• Behavioral Protection - Includes Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT., Anti-Ransomware and Anti-Exploit.

• Analysis & Remediation - Includes forensics and file Remediation.

The Threat Prevention policy unifies all the Threat Prevention components. This is different from the Policy Rule Base All rules configured in a given Security Policy. Synonym: Rulebase. in SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., where each Threat Prevention component has its own set of rules. The unified policy lets the administrator control all Threat Prevention components in one Policy. Each rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. in the Policy defines the scope which the rule applies to and the Threat Prevention components which are activated.

The Threat Prevention policy contains a pre-defined Default Policy rule, which applies to the entire organization.

Each new rule you create, has pre-defined settings, which you can then edit in the right section of the screen.

The Policy Rule Base consists of these parts:

Column	Description
Rule Number	The sequence of the rules is important because the first rule that matches traffic according to the protected scope is applied.
Rule Name	Give the rule a descriptive name.
Applied to	The protected scope, to which the rule applies.
Web & Files Protection Behavioral Protection Analysis & Remediation	The policy components.

The Policy toolbar includes these options: