Web & Files Protection

This category includes URL Filtering Check Point Software Blade on a Security Gateway that allows granular control over which web sites can be accessed by a given group of users, computers or networks. Acronym: URLF., Download (web) Emulation & Extraction, Credential Protection and Files Protection.

URL Filtering

URL Filtering rules define which sites can be accessed from within your organization. You select these sites in the Categories and Blacklisting sections, and define the mode in which the rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. operates.

When you select a category of sites, the URL Filtering rule applies to all sites in the selected category.

In Blacklisting, you enter the names of specific domains, IP addresses or sites.

Notes: You can add the domain names manually or upload a CSV file with the domain names you want to include in the blacklist. You can use * and ? as wildcards for blacklisting. * is supported with any string. For example: A* can be ADomain or AB or AAAA. ? is supported with another character. For example, A? can be AA or AB or Ab. You can export your blacklist.

There are three configuration modes for the URL Filtering protection:

• Prevent - Currently supported only in Hold mode. The request to enter a site is suspended until a verdict regarding the site is received.

  • Unclassified URLs - URLs that the service has no verdict about. Unclassified URLs are allowed by default. To change this configuration to Block, contact Check Point Support.

  • Ask - This option is selected by default. This lets you access a site determined as malicious, if you think that the verdict is wrong.

• Detect - Allows an access if a site is determined as malicious, but logs the traffic.

• Off

Note: SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. does not support the new capability. It is only supported for web users.

Download (Web) Emulation & Extraction

Harmony Endpoint browser protects against malicious files that you download to your device. The Harmony Endpoint Browser extension is supported on Google Chrome. Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. detects zero-day and unknown attacks. Files on the Endpoint device are sent to a sandbox for emulation to detect evasive zero-day attacks. Threat Extraction Check Point Software Blade on a Security Gateway that removes malicious content from files. Acronym: TEX. proactively protects users from malicious content. It quickly delivers safe files while the original files are inspected for potential threats.

Credential Protection

This protection includes two components:

• Zero Phishing - Phishing prevention checks different characteristics of a website to make sure that a site does not pretend to be a different site and use personal information maliciously.
  There are three configuration options for this protection: Prevent, Detect and Off.

• Password reuse protection alerts users not to use their corporate password in non-corporate domains.
  There are three configuration options for this protection: Detect & Alert, Detect and Off.

Files Protection

This protection includes two components:

• Anti-Malware - Protection of your network from all kinds of malware threats, ranging from worms and Trojans to adware and keystroke loggers. Use Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. to manage the detection and treatment of malware on your endpoint computers.

  There are two configuration options for this protection:

  • Prevent - Prevents your files from malware threats.

  • Off - No protection from malware.

  Note - Starting from E83.20 Endpoint Security client, Check Point has certified the E2 client version (the Anti-Malware engine is based on Sophos as opposed to Kaspersky) for Cloud deployments.

• Files Threat Emulation - Emulation on files on the system.