Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Pre-emptive Malformed File Attack Protection

Malformed file attacks work by tricking users into opening seemingly-innocent files. These files then introduce malicious content, such as a virus, into the system. These attacks often rely upon the user’s trust of familiar file types, such as Word or Excel.

Conventional antivirus applications are not sufficient to protect your network against these attacks. After Microsoft Patch Tuesday and non-Microsoft vulnerability disclosures, hackers immediately go to work creating exploits. Attacks can occur before antivirus signatures are available or before patches have been applied.

Users obtain these malicious files either through e-mail or from the web. Laptop users may even become infected while at home or on the road and then introduce them to your network when they connect to your LAN or VPN.

Check Point provides protection for each of these possible vectors through SmartDefense Services:

E-mail

Check Point’s Messaging Security (Available with UTM-1 Total Security) analyzes mail on the global level, flagging and blocking malicious items as they occur. This provides your network with protection before virus signatures are even available. See proof-points of how Check Point Messaging Security provides protections before virus signatures are available.

How to configure this protection:

  1. Log into SmartDashboard.
  2. In the Messaging Security tab, set Zero hour malware protection to Block.
  3. Select tracking options for SMTP and POP3 mail.

Web

SmartDefense detects and blocks the transfer of malformed files over HTTP. SmartDefense's powerful detection engine enables identification of the underlying vulnerabilities that enable hackers to create numerous variants of malicious files. Recently-issued updates include protections for vulnerabilities in Microsoft PowerPoint, Excel, Word, and image files.

How to configure these protections:

  1. Log into SmartDashboard.
  2. Activate the appropriate protections in the Application Intelligence > Content Protection category in Smart Defense.

Some possible protections include:

Block Microsoft Excel Calendar Object Validation Vulnerability (MS08-057)
Block Microsoft Excel File Format Parsing (MS08-057)
Block Microsoft Excel Indexing Validation Vulnerability (MS08-043)
Block Microsoft Excel Record Parsing Vulnerability (MS08-043)
Block Microsoft PowerPoint Memory Allocation Vulnerability (MS08-051)
Block Malformed PowerPoint Files (MS08-051)
Block Microsoft Word Malformed Data Vulnerability (MS08-042)