---
title: "Threat Prevention Exceptions"
slug: "threat-prevention-exceptions"
updated: 2026-04-07T09:08:35Z
published: 2026-04-07T09:08:35Z
canonical: "support.perimeter81.com/threat-prevention-exceptions"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Threat Prevention Exceptions

Threat Prevention exceptions allow administrators to handle false positives safely without disabling entire security blades. By defining exceptions for specific URLs or files, organizations can maintain user productivity while preserving a strong security posture.

You can manage all exceptions from the **Exceptions******tab. This page allows you to create, edit, delete, and search for exceptions efficiently.

To access the **Exceptions**tab, access the Check Point SASE Administrator Portal, click **Threat Prevention**, and click the **Exceptions** tab.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1763444203689.png)

## Example Use Case

- Whitelisting a false-positive file based on its SHA256 hash.
- Creating exceptions from user-submitted false-positive reports.

## Key Concept

Threat Prevention exceptions provide flexibility in managing cases where legitimate resources are blocked by security policies.

### Key Principles

- URL exceptions take precedence over file exceptions.
- File identification uses SHA256 hash values.
- URL exceptions apply to both HTTP and HTTPS protocols.
- Domain-level exceptions include all subdomains and paths (example, `*.microsoft.com*` or `*.microsoft.com/*)`.
- SHA-256–based exceptions are not supported by the Anti-Bot blade.

Note - The exceptions apply globally across the entire Threat Prevention policy and all security profiles. They are not limited to individual rules and across all profiles.

## URL Exceptions

URL exceptions allow administrators to whitelist specific domains or URLs that were previously identified as malicious or risky. URL exceptions support wildcard entries and apply to both HTTP and HTTPS traffic.

### Creating URL Exceptions

To create a URL Exception:

1. Access the Check Point SASE Administrator Portal, click **Threat Prevention**, and then click the **Exceptions** tab.
2. Click **Add Exception**.  
The **Add Exception** window appears.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1763444792820.png)
3. From the **Type**list, select **URL**.
4. In the **Value**field, enter the full domain or URL. To allow all subdomains, use a wildcard  (example, `*.microsoft.com).`Note - Use a valid URL without *http/https*, *?*, or *#*. Include *www* if part of the domain. Wildcards (*) are allowed only at the start of the domain (example, **.example.com*).
5. (Optional) In the **Add Short Description** field, enter a description with expiration date.
6. Click **Apply Changes**.

## File Exceptions

File exceptions are used when legitimate files are flagged as malicious by Threat Prevention. The system supports the SHA256 hash identifier.

Note - The hash identifier can be obtained from the security log which blocked the file.

![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1764075720913.png)

### Creating File Exceptions

To create a File Exception:

1. Access the Check Point SASE Administrator Portal, click **Threat Prevention**, and click the **Exceptions** tab.
2. Click **Add Exception**.  
The **Add Exception** window appears.  
![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1763444792820.png)
3. From the **Type**list, select **File Hash**.
4. In the **Value**field, enter the file's SHA256 hash exactly as it appears (64 characters, in hexadecimal format).
5. (Optional) In the **Add Short Description** field, enter a description.
6. Click **Apply Changes.**

## Managing Exceptions

The Exceptions page provides a complete list of all configured exceptions.

1. To delete an exception, hover over the exception row that you want to delete, scroll to the end of the table, and click ![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1763445894482.png).
2. To duplicate an exception, hover over the exception row that you want to duplicate, scroll to the end of the table, and click![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1763445960203.png) .
3. To edit an exception, do either of these:
  - Hover over the exception row that you want to edit, scroll to the end of the table, and click![](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/image-1763446025404.png).
  - Click the exception row that you want to edit.  
The **Manage Exception**window appears.
4. Make the required changes.
5. Click **Apply Changes**.

## Exception Properties Reference

| Property Name | Type | Description |
| --- | --- | --- |
| Type | List | Values: - URL - SHA256 |
| Value | String (500) | The URL or Hash value |
| Description | String (1000) | Optional description |
| Status | Boolean | Enabled or Disabled. The default value is Enabled. |

Notes:

- Use wildcards carefully, and avoid broad exceptions that may reduce protection.
- Regularly review and clean expired exceptions.
- Always validate hash values before adding file exceptions.