Exception Rules

If necessary, you can add an exception directly to a ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session..

An exception sets a different Action to an object in the Protected Scope from the Action specified Threat Prevention rule.

In general, exceptions are designed to give you the option to reduce the level of enforcement of a specific protection and not to increase it.

You can add one or more exceptions to a rule. The exception is added as a shaded row below the rule in the Rule BaseClosed All rules configured in a given Security Policy. Synonym: Rulebase..

It is identified in the No column with the rule's number plus the letter E and a digit that represents the exception number.

For example, if you add two exceptions to rule number 1, two lines will be added and show in the Rule Base as E-1.1 and E-1.2.

You can use exception groups to group exceptions that you want to use in more than one rule. See the Exceptions Groups Pane.

You can expand or collapse the rule exceptions by clicking on the minus or plus sign next to the rule number in the No. column.

Disabling a Protection on One Server

Scenario: The protection Backdoor.Win32.Agent.AH blocks malware on windows servers. How can I change this protection to detect for one server only?

In this example, create this Threat Prevention rule, and install the Threat Prevention policy:


Protected Scope




Install On

Monitor BotClosed Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. Activity

* Any

- N/A

A profile based on the Optimized profile.

Edit this profile > go to the General Policy pane> in the Activation Mode section, set every Confidence to Prevent.


Policy Targets








Software Blade Exceptions

You can configure an exception for an entire blade.

You can create a rule or exception for a specific blade for a specific website/URL because the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. is always the destination in non-transparent proxy mode.

In a transparent proxy mode, or while the traffic is inspected by a Security Gateway, this setup is not a challenge because the destination is configured in the Destination column, and the excluded blade is configured in the Protection/Site/File/Blade column. This is not possible in non-transparent mode because the destination is always the Security Gateway itself.

Creating Exceptions from IPS Protections

Creating Exceptions from Logs or Events

In some cases, after evaluating a log or an event in the Logs & Monitor view, it may be necessary to update a rule exception in the SmartConsole Rule Base.

You can do this directly from within the Logs & Monitor view.

You can apply the exception to a specified rule or apply the exception to all rules that appear below Global Exceptions.

Exception Groups

An exception group is a container for one or more exceptions. You can attach an exception group to all rules or only to some rules. With exception groups, you can manage your exceptions more easily, because you can attach the same exception group to multiple rules, instead of manually define exceptions for each rule.

The Exception Groups pane shows a list of exception groups that were created, the rules that use them, and any comments related to the defined group.

Global Exceptions

The system comes with a predefined group named Global Exceptions. Exceptions that you define in the Global Exceptions group are automatically added to every rule in the Rule Base. For other exception groups, you can decide to which rules to add them.

Exception Groups in the Rule Base

Global exceptions and other exception groups are added as shaded rows below the rule in the Rule Base. Each exception group is labeled with a tab that shows the exception group's name. The exceptions within a group are identified in the No column using the syntax:
E - <rule number>.<exception number>, where E identifies the line as an exception.

To view exception groups in the Rule Base:

Click the plus or minus sign next to the rule number in the No. column to expand or collapse the rule exceptions and exception groups.

Creating Exception Groups

When you create an exception group, you create a container for one or more exceptions. After you create the group, add exceptions to them. You can then add the group to rules that require the exception group in the Threat Prevention Rule Base.

To use exception groups, you must add exception rules to them.

Adding Exceptions to Exception Groups

To use exception groups, you must add exception rules to them.

Adding Exception Groups to the Rule Base

You can add exception groups to Threat Prevention rules.

This only applies to exception groups that are configured to Manually attach to a rule.