This time I show you the Checkpoint “Application Control Signature Tool”. This tool allows you to create your own Apps and URL filtering signatures.
For example, I’m using it to block Torrent clients based on the User-Agent, but it is very versatile and you can use it in many ways.
Downloading the tool
Visit the following SK103051 and download it. This post explains the GUI tool, but it also exists the command-line version.
After uncompressing the downloaded ZIP file, run ACST.exe
After pressing the “+” button to add a new Application, you can see the mandatoty fields in red (Name, Category, Risk, Description). But the fun is in the “Application Scenarios” window.
In the main manu, select one of the existing Applications and press the “Export” button.
Automatically a new window is opened where the a .xml and .apps file are created.
Those files are the ones needed to import the new Application to our Checkpoint policy / database.
Select the related .XML to import it
Usage example (Bittorrent clients)
To fix it i tried to use a custom application and it seems to work. The idea is, based on values of the User-Agent that are related to Torrent clients, filter those connections.
Simply check the “User-Agent” field, fill it with the values of torrent clients (uTorrent|BitComet|tTorrent|BitTorrent|libTorrent) separated by pipes and also check the PCRE to enable regex expressions).