Serious Discussion [Extension]Checkpoint harmony web protection

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
Chrome Firefox (checkpoint domain for xpi file as I can't find the id in the store )


Checkpoint harmony extension with zero pishing and category selection



Safe search and more options can be enabled by exporting the configuration and editing via a text editor




Categories that can be blocked
Code:
Blocked Categories - Level: Customx
Alcohol & Tobacco

Anonymizer

Art / Culture

Blogs / Personal Pages

Botnets

Business / Economy

Chat / Instant Messaging

Child Abuse

Computers / Internet

Critical Risk

Education

Email

Entertainment

Fashion

File Storage and Sharing

Financial Services

Gambling

Games

General

Government / Military

Greeting Cards

Hacking

Hate / Racism

Health

High Risk

Illegal / Questionable

Illegal Drugs

Inactive Sites

Instant Chat

Instant Messaging

Job Search / Careers

Lifestyle

Lingerie and Swimsuit / Suggestive

Low Risk

Marijuana

Media Sharing

Media Streams

Medium Risk

Nature / Conservation

News / Media

Newsgroups / Forums

Non-profits & NGOs

Nudity

P2P File Sharing

Personals / Dating

Phishing

Political / Activist Groups

Pornography

Real Estate

Recreation

Religion

Restaurants / Dining / Food

Search Engines / Portals

Sex

Sex Education

Shopping

Social Networking

Software Downloads

Spam

Sports

Spyware / Malicious Sites

Suspicious Content

Tasteless

Translation

Travel

Vehicles

Very Low Risk

Violence

Weapons

Web Advertisements




Only stuff that doesn't work is threat extraction and emulation since it requires a server or a paid API
 
Last edited:

Bot

AI-powered Bot
Apr 21, 2016
4,634
This is an extensive list of categories that can be blocked using the Harmony Web Protection extension. It allows users to customize their web browsing experience and ensure a safe and appropriate online environment.
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
Feature Settings Check - Phishing Page - AMTSO - no result. Does it really work without Harmony installed?

Also I added pornography to the categories to block and opened a porn site without any problems. I think it is useless without the desktop application.
Works for me with this demo page even specific categories

Using my phone that isn't connected to a checkpoint server

As well as date detects open pish sites


Btw there is another extension with most of the same features you can test too
Here ZoneAlarm Web Secure Free - Chrome Web Store

Btw what browser did you use as I tested only on chromium based ones



Haven't tested the porn category myself but you can send the specific url in dm so I can verify it's blocked when I add it as a blocked category
 

Attachments

  • Screenshot_2024-10-23-13-23-44-322_com.kiwibrowser.browser.jpg
    Screenshot_2024-10-23-13-23-44-322_com.kiwibrowser.browser.jpg
    261.1 KB · Views: 81
  • Screenshot_2024-10-23-12-55-34-157_com.kiwibrowser.browser-edit.jpg
    Screenshot_2024-10-23-12-55-34-157_com.kiwibrowser.browser-edit.jpg
    164.4 KB · Views: 75
  • Screenshot_2024-10-23-12-54-20-512_com.kiwibrowser.browser-edit.jpg
    Screenshot_2024-10-23-12-54-20-512_com.kiwibrowser.browser-edit.jpg
    141.6 KB · Views: 94

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
Feature Settings Check - Phishing Page - AMTSO - no result. Does it really work without Harmony installed?

Also I added pornography to the categories to block and opened a porn site without any problems. I think it is useless without the desktop application.
Actually furthermore my browser currently has a ton of pishing extension installed and AMTSO got blocked only by Symantec extension XD

Probably because it's a testing site and not actually a pishing page
 

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
444
Probably because it's a testing site and not actually a pishing page
AMTSO is blocked by at least Eset and Bitdefender. This is a fairly well-known test to check the performance of web protection. )

Btw what browser did you use as I tested only on chromium based ones
I only checked in Opera, since that's my primary browser. I'll try it in others now, still nothing works for me. :)
 

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
444
Okay, now i test it in Edge.
That's my settings.

изображение_2024-10-23_194330298.png

1729687458409.png


No reaction on test page.

1729687501309.png


If I refresh the page in the settings, it asks for admin email and doesn't respond to fake data.

1729687548022.png


It does not save the content filter settings after restarting.

1729687598711.png
 

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
444
Try the demo page and I have sent a video above showing It works on my end
Yes, I took this test page + used a porn site for the test. It only worked for me in Yandex Browser and completely fails in Edge and Opera ... This is very strange.

Is it possible that Eset's bank protection is preventing the extension from working in Edge? But never had any problems with other extensions. And that doesn't answer the question of what's wrong with Opera.
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
Yes, I took this test page + used a porn site for the test. It only worked for me in Yandex Browser and completely fails in Edge and Opera ... This is very strange.

Is it possible that Eset's bank protection is preventing the extension from working in Edge? But never had any problems with other extensions. And that doesn't answer the question of what's wrong with Opera.
Really weird I can't reproduced your issue
Btw this is how the test page gets blocked when all categories are checked
Checkpoint doesn't consider it pishing
 

Attachments

  • Screenshot_2024-10-23-15-54-54-355_com.kiwibrowser.browser.jpg
    Screenshot_2024-10-23-15-54-54-355_com.kiwibrowser.browser.jpg
    163 KB · Views: 82

CyberDevil

Level 9
Verified
Well-known
Apr 4, 2021
444
Try my configuration set to block all categories save as manifest.json
Ok, after importing your configuration the porn site in Opera it blocked, but the phishing defense is still completely unresponsive to their test page (2nd screenshot). This extension has too many weird bugs ...

1729688463327.png

1729688501711.png


Upd: In Yandex on phishing it triggers also only if you turn the switch off a few times in the settings...
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
Ok, after importing your configuration the porn site in Opera it blocked, but the phishing defense is still completely unresponsive to their test page (2nd screenshot). This extension has too many weird bugs ...

View attachment 285906
View attachment 285907
Well I can't fix their bugs but at least you confirm on your end that it works without a product or a server connected XD


I wouldn't say I haven't had bugs or delayed myself but nothing close to whatever is happening on your system
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
vt alexa.PNG


its actually really cool as you get responses back with virustotal ,alexa rank and you can prevent unclassified category so it only allows sites that have been categorized by checkpoint to load and have near phishing proof browsing or leave defaults with lowest false positives

oh and you can technically spoof as being an extension and talk directly to the api it with the appropriate headers to automate it in your edr ,xdr,firewall like wazuh so you wont waste performance running an extension so the sky is the limit and its my favorite extension
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
to enable it to every pishing sites in my testing over just most by default
then set this to block uncategorized
Code:
"urlf_unclassified": "block"
in manifest.json after exporting the config in the addon settings and then import the modified settings
here are examples of it blocking pashing sites it didn't have any verdict about (not set to any category )



best of all it doesn't block safe popular piracy sites when set to block uncategorized
 

Attachments

  • uncategorized.PNG
    uncategorized.PNG
    34.6 KB · Views: 64
  • unclass .PNG
    unclass .PNG
    16 KB · Views: 71
Last edited:

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828


zero pishing uses a lot of engines including an AI based one that's uses 300+ indicator they have developed themselves used for zero pishing but they have plenty of other intelligence feeds that allows insane pishing detection and prevention another benefit is that the extension sends the analysis to be done on the cloud it's very lightweight and incredible that a free extension has zero trust as well as nextgen technologies (technically open source too as every webstore extension is open source but the deep learning itself done in the cloud)
The future is bright too as it keeps improving at a very fast pace

Screenshot_2024-10-27-09-03-56-091_app.rvx.android.youtube-edit.jpg
 
Last edited:

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828
Another setting I recommend is to set
maliciousScript to true


Here is an explanation to what it does Logo
Code:
Malicious Script Protection scans Uncategorized websites for embedded malicious JavaScripts. If the domain that hosts the script belongs to any one of these categories, then the page is blocked and the event is logged.
Anonymizer

Botnets

Critical Risk

High Risk

Medium Risk

Phishing

Spam

Spyware

Malicious Sites

Suspicious Content
 

Vitali Ortzi

Level 29
Thread author
Verified
Top Poster
Well-known
Dec 12, 2016
1,828

Safari
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top