How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
How does the Anti-Virus feature of the Threat Prevention policy block traffic from infected websites?
The Anti-Virus feature of the Threat Prevention policy blocks traffic from infected websites by dropping traffic from websites identified through ThreatCloud Verification and URL Caching. This involves querying the ThreatCloud repository and leveraging local caching mechanisms to determine if accessed URLs are connected to malware or not.
A local cache that gives answers to 99% of URL reputation requests. When the cache does not have an answer, it queries the ThreatCloud repository. For Anti-Virus - the signature is sent for file classification. Prevents malware download from the internet by preventing access to sites that are known to be connected to malware. Accessed URLs are checked by the gateway caching mechanisms or sent to the ThreatCloud repository to determine if they are permissible or not. If not, the attempt is stopped before any damage can take place. Uses the ThreatCloud repository to receive binary signature updates and query the repository for URL reputation and Anti-Virus classification. https://dl3.checkpoint.com/paid/0a/0a9a4722c3031fb380e5a9e4e64d1614/CP_R80.40_ThreatPrevention_AdminGuide.pdf?HashKey=1657703210_7cdeae13ccff67e55d7b3ddc432763b1&xtn=.pdf
Correct D