Web & Files Protection

This category includes URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF., Download (web) Emulation & Extraction, Credential Protection and Files Protection.

URL Filtering

URL Filtering rules define which sites can be accessed from within your organization. You select these sites in the Categories and Blacklisting sections, and define the mode in which the rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. operates.

When you select a category of sites, the URL Filtering rule applies to all sites in the selected category.

In Blacklisting, you enter the names of specific domains, IP addresses or sites.

Notes:

You can add the domain names manually or upload a CSV file with the domain names you want to include in the blacklist.
You can use * and ? as wildcards for blacklisting.
- * is supported with any string. For example: A* can be ADomain or AB or AAAA.
- ? is supported with another character. For example, A? can be AA or AB or Ab.
You can export your blacklist.

There are 3 configuration modes for the URL Filtering protection:

Prevent - Currently supported only in Hold mode. The request to enter a site is suspended until a verdict regarding the site is received.
- Unclassified URLs - URLs that the service has no verdict about. Unclassified URLs are allowed by default. To change this configuration to Block, contact Check Point Support.
- Ask - This option is selected by default. This lets you access a site determined as malicious, if you think that the verdict is wrong.
Detect - Allows an access if a site is determined as malicious, but logs the traffic.
Off

Note:

SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. does not support the new capability. It is only supported for web users.

You can define specific URLs or domains as blacklisted. These URLs/domains will be blocked automatically, while other traffic will be inspected by the URL Filtering rules. You can add the URLs/domain names manually or upload a CSV file with the URLs/domain names you want to include in the blacklist.

To add a URL to the blacklist:

Go to Advanced Settings > URL Filtering > Blacklist > Edit.
In the URLs pane, for each required URL, enter the URL and click the + sign
click OK.

Notes:

You can use * and ? as wildcards for blacklisting.

* is supported with any string. For example: A* can be ADomain or AB or AAAA.
? is supported with another character. For example, A? can be AA or AB or Ab.

To search for a URL:

Go to Advanced Settings > URL Filtering > Blacklist > Edit.
In the search box, enter the required URL.

The search results appear in the URLs pane.

You can edit or delete the URL.

To import URLs from an external source:

Go to Advanced Settings > URL Filtering > Blacklist > Edit.
Next to the search box, click the sign (import domains list from a 'csv' file).
Find the required file and click Open.
Click OK.

To export a list of URLs to from the Endpoint Security Management Server to an external source:

Go to Advanced Settings > URL Filtering > Blacklist > Edit.
Next to the search box, click the sign (export domains list to a 'csv' file).
Click OK.

Download (Web) Emulation & Extraction

Harmony Endpoint browser protects against malicious files that you download to your device. The Harmony Endpoint Browser extension is supported on Google Chrome. Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. detects zero-day and unknown attacks. Files on the Endpoint device are sent to a sandbox for emulation to detect evasive zero-day attacks. Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.

There are three configuration options for this protection:

Detect - Emulate original file without suspending access to the file and log the incident.
Off - Allow file

Credential Protection

This protection includes two components:

Zero Phishing - Phishing prevention checks different characteristics of a website to make sure that a site does not pretend to be a different site and use personal information maliciously.
There are three configuration options for this protection: Prevent, Detect and Off.
Password reuse protection alerts users not to use their corporate password in non-corporate domains.
There are three configuration options for this protection: Detect & Alert, Detect and Off.

Files Protection

This protection includes two components:

Anti-Malware - Protection of your network from all kinds of malware threats, ranging from worms and Trojans to adware and keystroke loggers. Use Anti-Malware A component of the Endpoint Security client that protects against known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. to manage the detection and treatment of malware on your endpoint computers.

There are three configuration options for this protection:

Prevent - Prevents your files from malware threats.
Detect - Provides detection of the threats, so they appear in the logs, although the virus or malware are still executable. Administrators must use this mode with caution.
Off - No protection from malware.

Note - Starting from E83.20 Endpoint Security client, Check Point has certified the E2 client version (the Anti-Malware engine is based on Sophos as opposed to Kaspersky) for Cloud deployments.

Files Threat Emulation - Emulation on files on the system.