supportcenter.checkpoint.com
Open in
urlscan Pro
194.29.39.18
Public Scan
URL:
https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk74060
Submission: On March 29 via api from MX — Scanned from DE
Submission: On March 29 via api from MX — Scanned from DE
Form analysis
4 forms found in the DOMName: searchform — POST https://supportcenter.checkpoint.com/supportcenter/portal
<form style="position:relative" name="searchform" method="post" action="https://supportcenter.checkpoint.com/supportcenter/portal" onsubmit="cp_show_loading_div();setSearch('false');" data-swiftype-index="false">
<input type="hidden" id="js_peid" name="js_peid" value="P-14d3e809b51-10001">
<input type="hidden" id="SearchType" name="SearchType" value="">
<input type="hidden" id="action" name="action" value="portlets.SupportCenterSearchAction">
<input type="hidden" id="productDescription" name="productDescription">
<!--<input id="eventSubmit_doSearch" name="eventSubmit_doSearch" type="hidden" />-->
<div class="scSearchInputWrap scSearchInputCustom">
<input id="keyWordsInput" name="keyWords" type="text" class="scSearchInputField cp_text ui-autocomplete-input" placeholder="Search Support Center" autocomplete="off">
</div>
<div class="scSearchInputButton" onclick="javascript: setSearch('false');cp_show_loading_div();document.searchform.submit()" style="left: 580px;"></div>
</form>
Name: topRatingForm —
<form name="topRatingForm" class="solutionDetailsRate" style="padding-right: 7px;border-right: 2px solid rgb(227, 227, 227);">
<table class="starsTable">
<tbody>
<tr>
<td star_number="1" class="ratingStar"></td>
<td star_number="2" class="ratingStar"></td>
<td star_number="3" class="ratingStar"></td>
<td star_number="4" class="ratingStar"></td>
<td star_number="5" class="ratingStar"></td>
<td style="padding-left:5px">
<a id="rateThisLink" targetid="feedbackForm" class="checkpoint_navigate" style="position:relative;top:-3px;text-decoration:underline">Rate This</a>
<span style="display:none;" class="rateLabel">Rating submitted</span>
</td>
</tr>
<tr style="display:none;" class="submitErrorMessage">
<td colspan="6">Your rating was not submitted, please try again later</td>
</tr>
</tbody>
</table>
</form>
Name: bottomRatingForm —
<form name="bottomRatingForm">
<table>
<tbody>
<tr>
<td>
<span class="rateDocumentQuestion">Please rate this document</span>
<span style="display:none;" class="rateLabel">Rating submitted</span>
</td>
<td>
<div class="rateArea">
<table class="starsTable">
<tbody>
<tr>
<td star_number="1" class="ratingStar"></td>
<td star_number="2" class="ratingStar"></td>
<td star_number="3" class="ratingStar"></td>
<td star_number="4" class="ratingStar"></td>
<td star_number="5" class="ratingStar"></td>
<td></td>
<td valign="top" align="left">
<span style="padding-left: 20px;" id="rateLabel2">[1=Worst,5=Best]</span>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td>
<div style="display:none;" class="submitErrorMessage"> Your rating was not submitted, please try again later </div>
</td>
</tr>
</tbody>
</table>
<input type="hidden" name="solutionID" value="sk74060">
<input type="hidden" name="title" value="Anti-Virus Malware DNS Trap feature">
<input type="hidden" name="owner" value="Liron Rubin">
<input type="hidden" name="ownerId" value="1-4JAM5NE">
<input type="hidden" name="js_peid" value="P-14d3e809b51-10001">
<input type="hidden" name="sr" value="">
</form>
Name: feedbackForm —
<form name="feedbackForm">
<table id="commentsTable">
<tbody>
<tr>
<td style="font-weight:bold">Comment </td>
<td>
<textarea placeholder="Enter your comment here" id="solutionComment" name="solutionComment" class="commentsValid" maxlength="2000" onfocus="expandForm()" wrap="VIRTUAL" rows="1"></textarea>
</td>
<!--<textarea placeholder="Enter your comment here" id="solutionComment" name="solutionComment" class="commentsValid" onKeyDown="checkCharCount(this.value)"
onKeyUp="checkCharCount(this.value)" onBlur="checkCharCount(this.value);handleMessageBlur(this.value);"
onFocus="handleMessageFocus(event);expandForm()" wrap="VIRTUAL" rows="1" cols="110"></textarea>-->
<!--<div style="position:relative">
<div id="promptText" class="textPromptText" onClick="document.feedbackForm.solutionComment.focus();">
<span class="textComment">Enter your comment here</span>
</div>
</div>-->
<td></td>
</tr>
<tr>
<td></td>
<td style="overflow-y:hidden;">
<div id="captchaForm" style="display:block;height:0px;overflow-y:hidden;">
<div class="g-recaptcha" data-sitekey="6Le4IwETAAAAAEH9WJjuiZaEDpDmOkHoLaJem7_e">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le4IwETAAAAAEH9WJjuiZaEDpDmOkHoLaJem7_e&co=aHR0cHM6Ly9zdXBwb3J0Y2VudGVyLmNoZWNrcG9pbnQuY29tOjQ0Mw..&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=normal&cb=90eyncb8ffrk"
width="304" height="78" role="presentation" name="a-riqa9f6yqgz9" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe></div><textarea id="g-recaptcha-response" name="g-recaptcha-response"
class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<br>
<div>
<button type="button" class="cp_btn feedbackSubmit" onclick="doFeedback()">Submit</button>
<button class="cp_btn feedbackSubmit" onclick="cancelFeedback();return false;">Cancel</button>
<div id="submitMessage" style="display:none">Submitting rating</div>
</div>
</div>
</td>
<td></td>
</tr>
</tbody>
</table>
<input type="hidden" name="solutionID" value="sk74060">
<input type="hidden" name="title" value="Anti-Virus Malware DNS Trap feature">
<input type="hidden" name="owner" value="Liron Rubin">
<input type="hidden" name="js_peid" value="P-14d3e809b51-10001">
<input type="hidden" name="sr" value="">
<div id="feedbackDone" style="font-weight:bold;padding-left:2px;display:none;"> Thank you for your feedback! </div>
</form>
Text Content
Choose your language... Japanese English Products Products Quantum Secure the Network Quantum Maestro Quantum Security Gateway Quantum Spark Quantum Scalable Chassis Quantum Edge Quantum IoT Protect Quantum VPN Quantum Smart-1 Quantum Smart-1 Cloud CloudGuard Secure The Cloud CloudGuard Network CloudGuard Posture Management CloudGuard Workload CloudGuard AppSec CloudGuard Intelligence Harmony Secure Users & Access Harmony Endpoint Harmony Connect Harmony Browse Harmony Email & Office Harmony Mobile Infinity-Vision Unified Management Infinity Portal Infinity SOC Infinity Unified Management View All Products Solution Solution Cloud Security Containers & Serverless Security Cloud Compliance & Governance AWS Security Azure Security GCP Security Branch Cloud Security Branch Virtual Security Business Size & Industry Data Center & High Performance Large Enterprise Small and Medium Business Consumer and Small Business Retail Financial Services Government Healthcare Industrial Control Systems ICS & SCADA Telco Education Topic Secure Remote Workforce Anti-Ransomware Cloud Security Endpoint Security Enterprise Mobile Security GDPR GRC IoT Security Network Security SD-WAN Security Zero Trust Security Zero-Day Protection Solutions Overview Support & Services Support & Services Support Create/View Service Request Contact Support Check Point Pro Support Programs Life Cycle Policy License Agreement & Warranty RMA Policy Training Training and Certification Cyber Range Courses Learning Credits HackingPoint Courses Secure Academy Knowledge Base eLearning Services Professional Services Lifecycle Management Services Security Consulting ThreatCloud Managed Security Service Partners Partners Channel Partners Become a Partner Find a Partner Technology Partners Technology Partners Featured Technology Partners Partner Portal PartnerMAP Sign In Resources Resources Resources Content Resource Center Product Demos Product Trials Customer Stories Events Webinars Videos Glossary Downloads and Documentation Downloads and Documentation Product Catalog Renewal Pricing Tool Cyber Security Insights Check Point Blog Check Point Research Cyber Talk for Executives CheckMates Community Free Demo Contact Us Support Center Blog Sign In Free Demo Contact Us Support Center Blog Sign In Products Products Quantum Secure the Network Quantum Maestro Quantum Security Gateway Quantum Spark Quantum Scalable Chassis Quantum Edge Quantum IoT Protect Quantum VPN Quantum Smart-1 Quantum Smart-1 Cloud CloudGuard Secure The Cloud CloudGuard Network CloudGuard Posture Management CloudGuard Workload CloudGuard AppSec CloudGuard Intelligence Harmony Secure Users & Access Harmony Endpoint Harmony Connect Harmony Browse Harmony Email & Office Harmony Mobile Infinity-Vision Unified Management Infinity Portal Infinity SOC Infinity Unified Management View All Products Solution Solution Cloud Security Containers & Serverless Security Cloud Compliance & Governance AWS Security Azure Security GCP Security Branch Cloud Security Branch Virtual Security Business Size & Industry Data Center & High Performance Large Enterprise Small and Medium Business Consumer and Small Business Retail Financial Services Government Healthcare Industrial Control Systems ICS & SCADA Telco Education Topic Secure Remote Workforce Anti-Ransomware Cloud Security Endpoint Security Enterprise Mobile Security GDPR GRC IoT Security Network Security SD-WAN Security Zero Trust Security Zero-Day Protection Solutions Overview Support & Services Support & Services Support Create/View Service Request Contact Support Check Point Pro Support Programs Life Cycle Policy License Agreement & Warranty RMA Policy Training Training and Certification Cyber Range Courses Learning Credits HackingPoint Courses Secure Academy Knowledge Base eLearning Services Professional Services Lifecycle Management Services Security Consulting ThreatCloud Managed Security Service Partners Partners Channel Partners Become a Partner Find a Partner Technology Partners Technology Partners Featured Technology Partners Partner Portal PartnerMAP Sign In Resources Resources Resources Content Resource Center Product Demos Product Trials Customer Stories Events Webinars Videos Glossary Downloads and Documentation Downloads and Documentation Product Catalog Renewal Pricing Tool Cyber Security Insights Check Point Blog Check Point Research Cyber Talk for Executives CheckMates Community Choose your language... Japanese English Support Center > Search Results > SecureKnowledge Details Anti-Virus Malware DNS Trap feature Technical Level Rate This Rating submitted Your rating was not submitted, please try again later Email Print Solution ID sk74060 Technical Level Product Anti-Virus Version R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40, R81, R81.10, R81.20 Date Created 30-Mai-2012 Last Modified 03-Jan-2023 Solution Malware DNS Trap identifies compromised clients that try to access known malicious domains. When this feature is enabled, the Gateway does not block DNS requests identified as malicious. The response is tampered with, and a false (bogus) IP address is returned to the client. With the Malware DNS Trap, you can then detect compromised clients by checking logs with connection attempts to the false IP address. Consecutive connections addressed to the bogus IP are blocked. * When the Gateway allows the DNS request, it generates a DNS reputation log with "Connection was allowed because a DNS trap was set" description. * When the Gateway tampers the DNS response, the description of the DNS reputation log is replaced with "DNS response was replaced with a DNS trap bogus IP" description. * Connections to the bogus IP are logged with DNS Trap protection type and "Connection to DNS trap bogus IP" description. You can set the bogus IP address to be the IP address of the Gateway's external interface or another IP address. When the Gateway's external interface is defined as the bogus IP, this feature may cause drops of connections addressed to the Gateway. Therefore, it is recommended to define a bogus IP address and not use the external interface of the Gateway. Note: When a client tries to connect to a bogus IP address after receiving a reply to the original DNS request, the connection is blocked on the first (SYN) packet. Accordingly, there is nothing to capture. DNS TRAP CONFIGURATION In the Anti-Bot and Anti-Virus section of the Security Gateway object: 1. In SmartConsole, click Gateways & Servers and double-click Security Gateway. The Gateway window opens and shows the General Properties page. 2. From the navigation tree, select Anti-Bot and Anti-Virus. 3. In the Malicious DNS Trap section, choose one of the options: * According to profile settings - use the Malware DNS Trap IP address configured for each profile. * IP - enter the IP address for all the profiles assigned to this Security Gateway: The default value for DNS trap IP is 62.0.58.94. If for some reason you cannot use the default IP address 62.0.58.94 as a DNS trap, you can define a specific IP address. At the Security Gateway level, you can use the settings defined for the profiles or a specified IP address that is used by all profiles used on the specific Gateway. When you define the Gateway's external interface, there is a list of ports for which Gateway addressed traffic will not be blocked. You can edit this list in thye $FWDIR/conf/malware_config file in the dns_redirection_exceptions section. To set the Malware DNS Trap parameters in the Anti-Bot and Anti-Virus profile: For R81.x: 1. In SmartConsole, select Security Policies. 2. From the Custom Policy Tools section, click Profiles. 3. Edit the relevant Profile and go to Malware DNS Trap: For R80.x: 1. In SmartConsole, select Security Policies. 2. From the Threat Tools section, click Profiles. 3. Edit the relevant Profile and go to Malware DNS Trap: For information about how to configure a Malware DNS Trap, refer to Threat Prevention Administration Guide. Related solution: sk92224 - Resource Categorization for Anti-Bot / Anti-Virus DNS Settings optimization Give us Feedback Please rate this document Rating submitted [1=Worst,5=Best] Your rating was not submitted, please try again later Comment Submit Cancel Submitting rating Thank you for your feedback! Thanks for your feedback! Are you sure you want to rate this stars? SECURE YOUR EVERYTHING™ © 1994-2023 Check Point Software Technologies Ltd. All rights reserved. Copyright | Privacy Policy Follow Us Copying Internal ContentClose The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point. OK Define your search: Search entire support site