I have been working with several customers on their Threat Emulation deployment. Check Point has been very aggressive with updating the file types that this Software Blade supports. There was an update a week and a half ago which included several new file types including sandboxing of Flash files or SWF.
So we enabled it, and within 24 hours it ate up almost 25% of our Threat Emulation monthly subscription. For now I would say be careful with this one as your end users are probably running into a lot more Flash than you would anticipate.
I was told a few days ago by a Check Point SE that Check Point is aware of the issue, and there may be some changes for this particular file type in the future. I think for now we are going to leave it off.
By the way a good reseller will be able to cover you in case you go over. You are working with a good reseller right? Yeah I am sure they know about this kind of stuff. 😉