Advanced Threat Prevention Engine Settings
R81.10.X Quantum Spark 1500, 1600, 1800, 1900, 2000 Appliances Locally Managed Administration Guide|294
n
Inspect - The Threat Emulation engine inspects files of this type.
n
Bypass - The Threat Emulation engine does not inspect files of this type and lets
them pass through.
You cannot delete system defined file types. System defined file types are
recognized by built-in signatures that cannot be edited.
4. Select the HTTP connection emulation handling mode:
n
Background - Connections are allowed until emulation is complete.
n
Hold - Connections are blocked until emulation is complete.
In Threat Emulation, each file is run in the Check Point Public ThreatCloud to see if the file is
malicious. The verdict is returned to the gateway.
You can change the emulator location to a local private SandBlast appliance in the Advanced
Settings page.
You must first enable the Threat Emulation blade and then configure it for remote emulation.
To enable the Remote Private Cloud Threat Emulation emulator:
1. Go to Device > Advanced Settings.
2. Search for Threat Prevention Threat Emulation policy - Emulation location.
3. Select Emulation is done on remote (private) SandBlast.
4. Add or update the emulator IP address.
5. Click Apply
To disable the Remote Private Cloud Threat Emulation emulator:
1. Go to Device > Advanced Settings.
2. Search for Threat Prevention Threat Emulation policy - Emulation location.
3. Select Emulation is done on Public ThreatCloud.
4. Click Apply
To configure multiple remote emulators, you must use CLI commands.
For more information on Threat Emulation, see the
Threat Emulation video
on the
Small
Business Security video channel
.
To enable Detect-only mode:
Select the checkbox.
To Next Page
Loading...
