Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
Announcing End of Life for Kaspersky Engine in Harmony Endpoint
Message
<blockquote data-quote="Trident" data-source="post: 1093264" data-attributes="member: 99014"><p><strong>What's happening?</strong></p><p>Recent federal regulations in the US have led Check Point to taking the decision to suspend offering of E1 (Kaspersky Engine).</p><p></p><p><strong>When?</strong></p><p>By 29th of September 2024</p><p></p><p><strong>What's next?</strong></p><p>As of now, default engine for all installations is Sophos. By the 29th of September 2024, all Harmony Endpoint customers must migrate to E2 engine (Sophos). Kaspersky engine will not receive any updates after this date. Engines can be switched through the Infinity Portal and reboot is required, unlike with other updates that support hot installation.</p><p>[URL unfurl="true"]https://support.checkpoint.com/results/sk/sk178307[/URL]</p><p></p><p><strong>Is this a problem?</strong></p><p>The anti-malware engine that was many years ago the heart and soul of Check Point products, represents a very insignificant part of the whole architecture today. Customers remain protected against threats through Threat Cloud, Threat Emulation, CDR, Behavioural Guard and Forensics, Anti-Bot, Anti-Ransomware and others. In the next few weeks, we'll discuss a lot of the 60+ Threat Cloud engines. The Sophos engine now runs with cloud look-ups (Live Protection) enabled, which boosts its capacity in protecting machines. But the real strength comes through Check Point proprietary technologies.</p><p></p><p><strong>So why is third-party engine being used at all?</strong></p><p>Check Point already offers NGAV based on deep learning, as part of Harmony Endpoint and has a proprietary AV engine which runs on Quantum (Next-Gen Firewalls). This engine is very heavy, based on many Yara rules (not signatures), including Yara rules on process memory. For this reason, Check Point does not wish to offer the engine as a software component (it runs on the cloud emulator), and is instead paying a third-party, namely Sophos, to help cover local signatures. Check Point remains focused on signature-less technologies, AI and deep learning.</p><p></p><p><strong>Will performance be degraded?</strong></p><p>No, the Sophos SAVI engine is light, updates are infrequent and small, with minimal traffic consumption, disk and CPU activity.</p><p></p><p><strong>What happens to Kaspersky feeds?</strong></p><p>There is no law that prohibits dual-listed (American-Israeli) companies from Trading with Russian-based companies -- the law prohibits components from being installed locally on US-citizen computers, and providing access to customer data. Check Point just consumes the feeds without any telemetry to Kaspersky whatsoever, so feeds are still remaining a part of Threat Cloud for now.</p><p></p><p><strong>Is there any official documentation to read?</strong></p><p>Absolutely!</p><p>[URL unfurl="true"]https://www.federalregister.gov/documents/2024/06/24/2024-13532/final-determination-case-no-icts-2021-002-kaspersky-lab-inc[/URL]</p><p>[URL unfurl="true"]https://community.checkpoint.com/t5/Endpoint/End-of-Support-for-Non-US-DoC-Compliant-Versions-of-Harmony/m-p/220410#M8947[/URL]</p><p></p><p><strong>What's next for Harmony Endpoint?</strong></p><p>In Q3, the major focus will be on performance improvements, including a drastic reduction of memory usage from the Endpoint Forensic Recorder engine (as soon as 88.80 client, which will be released around October-November). Major upgrades are planned for the Infinity Portal in the meantime. The roadmap for the next 6-12 months is almost being laid out with Check Point actively collecting feedback and feature requests from customers and partners.</p></blockquote><p></p>
[QUOTE="Trident, post: 1093264, member: 99014"] [B]What's happening?[/B] Recent federal regulations in the US have led Check Point to taking the decision to suspend offering of E1 (Kaspersky Engine). [B]When?[/B] By 29th of September 2024 [B]What's next?[/B] As of now, default engine for all installations is Sophos. By the 29th of September 2024, all Harmony Endpoint customers must migrate to E2 engine (Sophos). Kaspersky engine will not receive any updates after this date. Engines can be switched through the Infinity Portal and reboot is required, unlike with other updates that support hot installation. [URL unfurl="true"]https://support.checkpoint.com/results/sk/sk178307[/URL] [B]Is this a problem?[/B] The anti-malware engine that was many years ago the heart and soul of Check Point products, represents a very insignificant part of the whole architecture today. Customers remain protected against threats through Threat Cloud, Threat Emulation, CDR, Behavioural Guard and Forensics, Anti-Bot, Anti-Ransomware and others. In the next few weeks, we'll discuss a lot of the 60+ Threat Cloud engines. The Sophos engine now runs with cloud look-ups (Live Protection) enabled, which boosts its capacity in protecting machines. But the real strength comes through Check Point proprietary technologies. [B]So why is third-party engine being used at all?[/B] Check Point already offers NGAV based on deep learning, as part of Harmony Endpoint and has a proprietary AV engine which runs on Quantum (Next-Gen Firewalls). This engine is very heavy, based on many Yara rules (not signatures), including Yara rules on process memory. For this reason, Check Point does not wish to offer the engine as a software component (it runs on the cloud emulator), and is instead paying a third-party, namely Sophos, to help cover local signatures. Check Point remains focused on signature-less technologies, AI and deep learning. [B]Will performance be degraded?[/B] No, the Sophos SAVI engine is light, updates are infrequent and small, with minimal traffic consumption, disk and CPU activity. [B]What happens to Kaspersky feeds?[/B] There is no law that prohibits dual-listed (American-Israeli) companies from Trading with Russian-based companies -- the law prohibits components from being installed locally on US-citizen computers, and providing access to customer data. Check Point just consumes the feeds without any telemetry to Kaspersky whatsoever, so feeds are still remaining a part of Threat Cloud for now. [B]Is there any official documentation to read?[/B] Absolutely! [URL unfurl="true"]https://www.federalregister.gov/documents/2024/06/24/2024-13532/final-determination-case-no-icts-2021-002-kaspersky-lab-inc[/URL] [URL unfurl="true"]https://community.checkpoint.com/t5/Endpoint/End-of-Support-for-Non-US-DoC-Compliant-Versions-of-Harmony/m-p/220410#M8947[/URL] [B]What's next for Harmony Endpoint?[/B] In Q3, the major focus will be on performance improvements, including a drastic reduction of memory usage from the Endpoint Forensic Recorder engine (as soon as 88.80 client, which will be released around October-November). Major upgrades are planned for the Infinity Portal in the meantime. The roadmap for the next 6-12 months is almost being laid out with Check Point actively collecting feedback and feature requests from customers and partners. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
