Maximum Security for Anti-Virus and Anti-Bot

Maximum Security (also known as Adaptive Hold) is a feature for Anti-VirusClosed Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. and Anti-BotClosed Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. Software Blades introduced in R82.

A Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. inspects each URL that internal clients access, and sends the URL to the RAD process for a classification verdict of malicious or benign. The RAD process queries the Check Point ThreatCloudClosed The cyber intelligence center of all of Check Point products. Dynamically updated based on an innovative global network of threat sensors and invites organizations to share threat data and collaborate in the fight against modern malware. for detailed information. Occasionally, the RAD process may experience issues, such as resource shortages or cloud service overload. When this occurs, the Anti-Virus and Anti-BotClosed Malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions. blades can dynamically adjust their behavior:

  • If the latency in RAD responses exceeds the accepted threshold, the Security Gateway gradually moves connections to background inspection.

  • If the number of timeouts in the RAD responses exceeds the accepted threshold, the Security Gateway gradually moves connections to bypass mode.

Improved Behavior

The Maximum Security feature improves protection when the RAD responses are delayed or when there are connectivity issues between the Security Gateway and Check Point ThreatCloud.

To enable Maximum Security:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., go to the Manage & Settings view > Blades.

  2. Go to Threat Prevention and click Advanced Settings.

  3. In the left navigation pane, go to General:

    1. In the Fail Mode section, select Allow all connections (Fail-open).

    2. In the Check Point Online Web Service section, clear Block connections when the web service is unavailable.

  4. Click OK.

  5. Install the Threat Prevention policy.

For more information about the Maximum Security feature, see sk181434