- Feb 7, 2023
- 2,351
What's happening?
Recent federal regulations in the US have led Check Point to taking the decision to suspend offering of E1 (Kaspersky Engine).
When?
By 29th of September 2024
What's next?
As of now, default engine for all installations is Sophos. By the 29th of September 2024, all Harmony Endpoint customers must migrate to E2 engine (Sophos). Kaspersky engine will not receive any updates after this date. Engines can be switched through the Infinity Portal and reboot is required, unlike with other updates that support hot installation.
Is this a problem?
The anti-malware engine that was many years ago the heart and soul of Check Point products, represents a very insignificant part of the whole architecture today. Customers remain protected against threats through Threat Cloud, Threat Emulation, CDR, Behavioural Guard and Forensics, Anti-Bot, Anti-Ransomware and others. In the next few weeks, we'll discuss a lot of the 60+ Threat Cloud engines. The Sophos engine now runs with cloud look-ups (Live Protection) enabled, which boosts its capacity in protecting machines. But the real strength comes through Check Point proprietary technologies.
So why is third-party engine being used at all?
Check Point already offers NGAV based on deep learning, as part of Harmony Endpoint and has a proprietary AV engine which runs on Quantum (Next-Gen Firewalls). This engine is very heavy, based on many Yara rules (not signatures), including Yara rules on process memory. For this reason, Check Point does not wish to offer the engine as a software component (it runs on the cloud emulator), and is instead paying a third-party, namely Sophos, to help cover local signatures. Check Point remains focused on signature-less technologies, AI and deep learning.
Will performance be degraded?
No, the Sophos SAVI engine is light, updates are infrequent and small, with minimal traffic consumption, disk and CPU activity.
What happens to Kaspersky feeds?
There is no law that prohibits dual-listed (American-Israeli) companies from Trading with Russian-based companies -- the law prohibits components from being installed locally on US-citizen computers, and providing access to customer data. Check Point just consumes the feeds without any telemetry to Kaspersky whatsoever, so feeds are still remaining a part of Threat Cloud for now.
Is there any official documentation to read?
Absolutely!
community.checkpoint.com
What's next for Harmony Endpoint?
In Q3, the major focus will be on performance improvements, including a drastic reduction of memory usage from the Endpoint Forensic Recorder engine (as soon as 88.80 client, which will be released around October-November). Major upgrades are planned for the Infinity Portal in the meantime. The roadmap for the next 6-12 months is almost being laid out with Check Point actively collecting feedback and feature requests from customers and partners.
Recent federal regulations in the US have led Check Point to taking the decision to suspend offering of E1 (Kaspersky Engine).
When?
By 29th of September 2024
What's next?
As of now, default engine for all installations is Sophos. By the 29th of September 2024, all Harmony Endpoint customers must migrate to E2 engine (Sophos). Kaspersky engine will not receive any updates after this date. Engines can be switched through the Infinity Portal and reboot is required, unlike with other updates that support hot installation.
Is this a problem?
The anti-malware engine that was many years ago the heart and soul of Check Point products, represents a very insignificant part of the whole architecture today. Customers remain protected against threats through Threat Cloud, Threat Emulation, CDR, Behavioural Guard and Forensics, Anti-Bot, Anti-Ransomware and others. In the next few weeks, we'll discuss a lot of the 60+ Threat Cloud engines. The Sophos engine now runs with cloud look-ups (Live Protection) enabled, which boosts its capacity in protecting machines. But the real strength comes through Check Point proprietary technologies.
So why is third-party engine being used at all?
Check Point already offers NGAV based on deep learning, as part of Harmony Endpoint and has a proprietary AV engine which runs on Quantum (Next-Gen Firewalls). This engine is very heavy, based on many Yara rules (not signatures), including Yara rules on process memory. For this reason, Check Point does not wish to offer the engine as a software component (it runs on the cloud emulator), and is instead paying a third-party, namely Sophos, to help cover local signatures. Check Point remains focused on signature-less technologies, AI and deep learning.
Will performance be degraded?
No, the Sophos SAVI engine is light, updates are infrequent and small, with minimal traffic consumption, disk and CPU activity.
What happens to Kaspersky feeds?
There is no law that prohibits dual-listed (American-Israeli) companies from Trading with Russian-based companies -- the law prohibits components from being installed locally on US-citizen computers, and providing access to customer data. Check Point just consumes the feeds without any telemetry to Kaspersky whatsoever, so feeds are still remaining a part of Threat Cloud for now.
Is there any official documentation to read?
Absolutely!
Re: End of Support for Non US-DoC Compliant Versions of Harmony Endpoint
Excellent news
community.checkpoint.com
What's next for Harmony Endpoint?
In Q3, the major focus will be on performance improvements, including a drastic reduction of memory usage from the Endpoint Forensic Recorder engine (as soon as 88.80 client, which will be released around October-November). Major upgrades are planned for the Infinity Portal in the meantime. The roadmap for the next 6-12 months is almost being laid out with Check Point actively collecting feedback and feature requests from customers and partners.
Last edited:
