Using the Suspicious Object Migration Tool

Use the Suspicious Object Migration Tool to export all Control Manager Suspicious Object lists and import properly formatted suspicious object data to a Check Point server.


To manually migrate individual Control Manager Suspicious Object lists to a Check Point server, you may use the Suspicious Object List Exporter and Check Point SAM Client tools without executing the Suspicious Object Migration Tool.

For more information, see Using the Check Point Suspicious Activity Monitoring Client Tool.


Before using the Suspicious Object Migration Tool, you must:

  1. Log on to the Control Manager server.
  2. Open a command prompt.
  3. Use the following command to locate the directory which contains the SOMigrationTool.exe file:

    cd <Control Manager installation directory>\SOTools

  4. Execute SOMigrationTool.exe using the following command:

    SOMigrationTool Check_Point

    The total execution time for the command displays, indicating that the suspicious object data migration is successful.

  5. To view the imported suspicious object data on the Check Point firewall server:
    1. Log on to the Check Point SmartView Monitor console.
    2. Go to Tools > Suspicious Activity Rules.

      The Enforced Suspicious Activity Rules screen appears and displays the imported suspicious object data.