Threat Prevention Scheduled Updates

Introduction to Scheduled Updates

Check Point wants the customer to be protected. When a protection update is available, Check Point wants the configuration to be automatically enforced on the gateway. You can configure automatic gateway updates for the Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV., Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT., Threat EmulationClosed Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. and IPSClosed Check Point Software Blade on a Security Gateway that inspects and analyzes packets and data for numerous types of risks (Intrusion Prevention System). blades.

For the Anti-Virus, Anti-BotClosed Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. and Threat Emulation, the gateways download the updates directly from the Check Point cloud.

For the IPS blade, prior to R80.20, the updates were downloaded to the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., and only after you installed policy, the gateways could enforce the updates. Starting from R80.20, the gateways can directly download the updates. For R80.20 gateways and higher with no internet connectivity, you must still install policy to enforce the updates.

When you configure automatic IPS updates on the gateway, the action for the newly downloaded protections is by default according to the profile settings.

IPS, Anti-Virus and Anti-Bot updates are performed every two hours by default. Threat Emulation engine updates are performed daily at 05:00 by default, and Threat Emulation image updates are performed daily at 04:00 by default.

You can see the list of Anti-Bot and Anti-Virus protections in Custom Policy Tools > Protections, and the list of IPS protections in Custom Policy Tools > IPS Protections. The update date appears next to each protection.

Configuring Threat Prevention Scheduled Updates

Checking Update Status

In Custom Policy Tools > Update, a message shows which indicates the number of gateways which are up-to-date.

Turning Off IPS Automatic Updates on a Gateway

You can turn off automatic IPS updates on a specific gateway.

IPS Updates Use Cases

These scenarios explain how an upgrade of the Security Gateways or the Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. or both, affects the Scheduled Updates configuration.