Serious Discussion Harmony Endpoint by Check Point

[Xeno1234]

Another evasive script taken down by Behavioural Guard.
I am turning Application Control off to test these, as under my policy it will not execute at all.

View attachment 277138

Impressive on Harmony's End.

 

[Trident]

Impressive on Harmony's End.

I turned emulation off as well…
Otherwise I can’t download.

 

[Xeno1234]

idk if this is a good question but how does Checkpoint fair against rootkit/bootkits that are unknown?

 

[Sandbox Breaker - DFIR]

idk if this is a good question but how does Checkpoint fair against rootkit/bootkits that are unknown?

Kaspersky engine is really good at that. Also scans UEFI firmware and prevents them from being installed. I've seen a threat emulation detection for a UEFI writer once. So they sandbox is equipped to look for that.

 

[Xeno1234]

cool

@Trident what Anti-Rootkit capabilities does Harmony have

 

[lyldz]

I changed some settings in portal.
what can I do to restore it.or how can I easily return to the initial settings?

 

[Trident]

I changed some settings in portal.
what can I do to restore it.or how can I easily return to the initial settings?

Just change the policy to strict or something.

 

[Xeno1234]

How do you make exclusions, some uninstaller of one of my apps was picked up by threat emulation and its not malware.

 

[Trident]

How do you make exclusions, some uninstaller of one of my apps was picked up by threat emulation and its not malware.

Adding Exclusions to Rules

sc1.checkpoint.com

 

[simmerskool]

Adding Exclusions to Rules

sc1.checkpoint.com

did you add mullvad as exclusion and did that fix mullvad's javascript error?

 

[Trident]

did you add mullvad as exclusion and did that fix mullvad's javascript error?

These exclusions only affect detections and in the Mullvad case, there is no detection. It seems to be incompatability. I can give it a try.

 

[NormanF]

These exclusions only affect detections and in the Mullvad case, there is no detection. It seems to be incompatability. I can give it a try.

I had the same thing with a Notion web app I built with Fluid on MacOS. The firewall wouldn't detect it. I had to trash it and replace it with the desktop client, which was detected and which I could allow to connect to the Internet. Some programs on Windows and MacOS can be hit or miss and you can see what works.

 

[Xeno1234]

And default-deny is coming soon as well.

How would Default Deny work with Harmony?

 

[Trident]

How would Default Deny work with Harmony?

I can’t discuss at the moment. I can enable it if I want and test it. It’s on the very close roadmap.

 

[Xeno1234]

I can’t discuss at the moment. I can enable it if I want and test it. It’s on the very close roadmap.

Is it confidental or something is that why you cant say anything about it?

 

[Trident]

Is it confidental or something is that why you cant say anything about it?

Well I’ve been told by a product manager so don’t really wanna go around and discuss. But it is not far away from official release.

 

[Xeno1234]

I've been enjoying checkpoint with my trial but for some reason Threat Emulation just randomly stops being able to work on my device, any reason why?

 

[Sandbox Breaker - DFIR]

I've been enjoying checkpoint with my trial but for some reason Threat Emulation just randomly stops being able to work on my device, any reason why?

How do you know its not working? Where do you see that?

 

[Xeno1234]

How do you know its not working? Where do you see that?

The portal, but now I just realized updating fixes the issue. I dont know why it doesnt auto update though.

 

[Trident]

The portal, but now I just realized updating fixes the issue. I dont know why it doesnt auto update though.

Threat emulation is not linked to the updates.