CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 6 of 6

Thread: Threat Prevention and Traditional Anti-Virus

  1. #1
    Join Date
    2012-08-16
    Posts
    182
    Rep Power
    8

    Default Threat Prevention and Traditional Anti-Virus

    Hi all,

    I'm looking to get some clarification on the apparently two different anti-virus options offered by Check Point. Threat Prevention has its own tab and policy to craft what you would like it to do and then Traditional Anti-Virus is a subsection within that. In the notes it says you can not activate both on the same gateway. But, in the case of the so-called zero hour malware protections and mail anti-virus are you not actually scanning email on the anti-spam blade unless traditional is enabled? Or is it just a matter of making sure the check box next to mail is selected within the profile settings under threat prevention? Are they both the same thing and Threat Prevention is more advanced?

    Thanks

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Threat Prevention and Traditional Anti-Virus

    Anti-Virus (the newer option) is using indicators of compromise to determine if a file is potentially malicious.
    This includes the URL of the file and file hashes which are queried to ThreatCloud to determine if they are malicious.
    Local SandBlast/Threat Emulation appliances can also supplement this information.
    This method of AV is pretty lightweight and is meant to be used in conjunction with the other Threat Prevention blades.
    Traditional AV uses a traditional heuristic scan with traditional AV signatures.

    To clarify: The Zero-Hour Protection comes from the newer AV option, not Traditional AV.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  3. #3
    Join Date
    2012-08-16
    Posts
    182
    Rep Power
    8

    Default Re: Threat Prevention and Traditional Anti-Virus

    Thanks for that. We are using the Threat Prevention blade in conjunction with IPS, DLP, Anti-Spam, and application control/URL filtering/https. The odd thing about the zero day malware is that it is nested under traditional anti-virus in both tracker and the anti-spam tab.

  4. #4
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Threat Prevention and Traditional Anti-Virus

    I see what you're saying in Tracker (which is ultimately being replaced in R80) but not sure I see what you're saying in Anti-Spam (at least in R77.30).
    Screenshot?
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

  5. #5
    Join Date
    2012-08-16
    Posts
    182
    Rep Power
    8

    Default Re: Threat Prevention and Traditional Anti-Virus

    Hopefully I attached this correctly.
    Click image for larger version. 

Name:	anti-spam.png 
Views:	187 
Size:	20.1 KB 
ID:	1025

  6. #6
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,494
    Rep Power
    17

    Default Re: Threat Prevention and Traditional Anti-Virus

    That suggests to me that even with Traditional AV, you can leverage the zero-day malware signatures (which may be true).
    If you're not using Traditional AV, you configure zero-day malware in the Threat Prevention policy.
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. Your Best Anti Virus Software for 2014
    By ValerieCasady in forum Off-Topic
    Replies: 1
    Last Post: 2014-07-29, 12:32
  2. Remove Anti-Bot & Anti-Virus blade from SmarView Monitor
    By armando.ferreira in forum Anti-Bot Software Blade
    Replies: 1
    Last Post: 2012-06-04, 05:08
  3. Anti-virus and anti-malware blade
    By amani in forum SmartDashboard
    Replies: 0
    Last Post: 2011-03-23, 10:38
  4. Anti-virus license problem!
    By doccocaubai in forum Licensing
    Replies: 7
    Last Post: 2008-10-08, 04:13
  5. anti-virus update
    By gchow in forum SecureClient/SecuRemote
    Replies: 4
    Last Post: 2008-05-08, 23:56

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •