Configuring Threat Prevention Blade Control

In the Threat Prevention > Threat Prevention Blade Control page you can activate:

• Intrusion Prevention System (IPS). Blocks potentially malicious attempts to exploit known vulnerabilities in files and network protocols.

• Anti-Virus. Blocks potentially malicious files that are infected with viruses.

• Anti-Bot. Detects bots, prevents communication between the bot and its Command & Control center, and gives threat visibility. A bot is malicious software that can infect your computer with malware. A bot infected device can then be used by a Command & Control server to execute different types of attacks (send out SPAM messages or Denial-of-Service attacks against web sites). There are many infection methods. These include if you open attachments that exploit a vulnerability or access a web site that results in a malicious download.

• Threat Emulation. Gives networks protection against unknown threats in files that are downloaded from the Internet or attached to emails. In emulation, the file is opened on more than one virtual computer with different operating system environments. These virtual computers are closely monitored for unusual and malicious behavior. Any malicious behavior is immediately logged and you can use Prevent UserCheck rule action that blocks traffic and files and can show a UserCheck message. mode to block the file from the internal network. Information about malicious files is shared with Check Point ThreatCloud.

You configure all the settings for these blades in the same place and set a single profile for all of them.

Enabling and Disabling Threat Prevention

Move the slider to ON or OFF.

Enabling Threat Emulation Policy for the FTP Protocol

Move both the Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. and Threat Emulation Check Point Software Blade on a Security Gateway that monitors the behavior of files in a sandbox to determine whether or not they are malicious. Acronym: TE. sliders to ON.

The update status is displayed next to each blade:

• Up to date

• Update available

• Update service unreachable

You can activate the blades to prevent attacks/infection or set them to detect-mode only on the Threat Prevention Engine Settings page.

A warning message shows if a blade is in configured in the Detect UserCheck rule action that allows traffic and files to enter the internal network and logs them.-only mode.

The top of the page shows the number of infected devices. For more information, click More details.

One policy is configured for all the blades:

• Strict - Focuses on security.

• Recommended - The default option, which gives the best mixture of security and performance for small/medium sized business.

  Note - The performance impact for the "Suspicious Mail Activity" protection in Anti-Bot Check Point Software Blade on a Security Gateway that blocks botnet behavior and communication to Command and Control (C&C) centers. Acronyms: AB, ABOT. was changed to High and is now off by default. To enable this protection, you must configure it in a custom policy.

• Custom - Manually defined by the user.

Scheduling Threat Prevention Updates

1. Click Schedule.

   The Activate Automatic Updates window opens.

2. Select the Software Blades to receive automatic updates:

   • IPS

   • Anti-Virus

   • Anti-Bot

   • Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI.

3. Select the Recurrence and Time of day.

4. Click Apply