SandBlast Threat Extraction

As part of the Check Point Zero-Day Protection SandBlast solution, the Threat Extraction capability removes exploitable content, including active content and embedded objects, reconstructs files to eliminate potential threats, and promptly delivers sanitized content to users to maintain business flow.

0/5 (0 Reviews)


Proactively protect against threats contained in emailed and web-downloaded documents

  • Remove exploitable content, including active content and embedded objects
  • Reconstruct files with known safe elements

Promptly deliver safe content - or sanitized versions of potentially malicious files

  • Proactively provide users with clean, reconstructed files containing only safe elements
  • Immediately deliver reconstructed files to maintain uninterrupted business flow

Provide complete threat visibility with comprehensive, integrated threat prevention and security management

  • Eliminate delays associated with traditional sandboxes, and enable real-world deployment of SandBlast Zero-Day Protection in prevent mode
  • Provide the best protection by converting reconstructed files to PDF format, or maintain flexibility with options to maintain the original file format and specify the type of content to be removed
  • Ensure visibility into attack attempts, and allow access to original file after completing background analysis by SandBlast Threat Emulation


Prompt delivery of safe content

Documents that we use on a daily basis can contain content within them, including macros or embedded links, that can be exploited to infect your computers and networks. Check Point SandBlast Zero-Day Protection utilizes Threat Extraction technology to eliminate threats by removing exploitable content and reconstructing documents using known safe elements.  SandBlast Zero-Day Protection promptly delivers safe, sanitized content to its intended destination, and allows access to original files after completing background analysis by the Threat Emulation engine.

Protects most common file types

SandBlast Threat Extraction supports the most common document types used in organizations today, including Microsoft Office Word, Excel, and Power Point, and Adobe PDF documents. Administrators can select which of these document types will undergo Threat Extraction when entering the network via email or web download.

Easy to deploy

Installed as an additional software blade on the gateway as part of the SandBlast Zero-Day Protection solution, SandBlast Threat Extraction is integrated in Mail Transfer Agent-Mode to the email network. It can be applied across the organization, or implemented only for specific individuals, domains, or departments. Administrators can configure included users and groups based upon needs, and can use this to facilitate gradual organizational deployment.

Proactive protection

Traditional detection technologies take time to search for and identify threats before blocking them.  Due to unacceptable delays, many solutions are deployed only in detect mode, leaving networks vulnerable to threats.  SandBlast Zero-Day Protection leverages its Threat Extraction capability to preemptively eliminate delays associated with traditional solutions, reduce risk, and enable real-world deployment in prevent mode.

Web browser extension

The SandBlast Web Extension allows users within organizations to utilize threat emulation and extraction from within the browser, protecting users from malware downloaded over the web.

Extended protection to endpoints

Using SandBlast Agent, the protections of Threat Extraction can now be extended to end-user systems, keeping users safe no matter where they go. For laptop users roaming beyond the perimeter, attacks originating as attachments within emails or web downloads undergo conversion to safe, reconstructed versions with minimal delay.

Flexible protection options

SandBlast Zero-Day Protection provides flexibility for organizations to select the document protection options that best suit operational needs. For the best protection, it is recommended that documents are reconstructed and converted into a PDF document. Alternatively, organizations can choose to maintain the original document format, and remove content that may pose a threat. This option allows administrators to determine the types of content to remove, from high risk macros to embedded files and external links.

extracted parts configuration

Bundled for the best protection

With the Next Generation Threat Prevention & SandBlast™ (NGTX) bundle from Check Point, organizations are able to leverage the protections delivered by Check Point SandBlast Zero-Day Protection, and gain the added protections provided by IPS, Application Control, URL Filtering, Antivirus, Anti-Bot, and Anti-Spam to protect users from downloading malicious files, accessing risky websites, and to stop bot communications before damage is caused.  Organizations already leveraging the Next Generation Threat Prevention (NGTP) appliance, can add this capability via the TX bundle.

Learn More


Supported File TypesMicrosoft Office 2003-2013, Adobe PDF
Document Languages Supported

Latin languages: full support

Non Latin languages: partial support

Deployment Options
  • MTA – gateway receives all incoming email, and forwards it to the next hop after inspection
  • Web – gateway inspection for web downloaded documents
  • WebAPI – sends files to the machine for reconstruction
  • Web Browser Extension – supports reconstruction and emulation for web downloaded files
Version and OSFrom R77.30 using SecurePlatform or GAiA
Web Browser ExtensionCurrently supported on the following browser types:
  • Google Chrome (available soon)
  • Other browsers (contact us for availability)
This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO