Serious Discussion Harmony Endpoint by Check Point

[Trident]

@Trident

Your Quote

Btw, the anti-ransomware restoration module has a very granular configuration. You can choose file extensions that will be covered and you can specify maximum file size.

Unquote

Files Backup/Restore vs System Backup/Restore

I'm not in favor of files backup/restoration. I prefer system backup/restore.

If you don’t like it, you can disable it. It doesn’t come to play unless something has bypassed all other modules and has started to encrypt your system anyway.

 

[likeastar20]

@Trident tried this sample yesterday and no response from Harmony, PC infected. VirusTotal



I am using a fake bitwarden and today I got an email saying "Failed login attempts detected".

 

[Trident]

@Trident tried this sample yesterday and no response from Harmony, PC infected. VirusTotal



I am using a fake bitwarden and today I got an email saying "Failed login attempts detected".

For better coverage of these, it’s better to deploy it with Kaspersky. Or, you can block wscript.exe from connecting via program control. I’m aware Sophos doesn’t cover the Quakbot too well.

 

[likeastar20]

For better coverage of these, it’s better to deploy it with Kaspersky. Or, you can block wscript.exe from connecting via program control. I’m aware Sophos doesn’t cover the Quakbot too well.

Yes, I think it would have been blocked if it was the Kaspersky engine.

 

[Trident]

Yes, I think it would have been blocked if it was the Kaspersky engine.

With Sophos you have to do some LOtLBin hunting and blocking. Wscript.exe is one of the first that need to be blocked. PowerShell is another one. Kaspersky has the benefit of scanning memory content as well whereas Sophos supports memory scanning only on X86 and only hourly.

The weird thing in this case is ZoneAlarm emulates js files whereas Harmony Endpoint for some reason doesn’t. Via emulation it would’ve been blocked definitely.

 

[likeastar20]

With Sophos you have to do some LOtLBin hunting and blocking. Wscript.exe is one of the first that need to be blocked. PowerShell is another one. Kaspersky has the benefit of scanning memory content as well whereas Sophos supports memory scanning only on X86 and only hourly.

The weird thing in this case is ZoneAlarm emulates js files whereas Harmony Endpoint for some reason doesn’t. Via emulation it would’ve been blocked definitely.

yes, the sample was not emulated. i got it by going to a website where it was automatically downloaded it. if it was in a zip, would it have been emulated? Or does it not do emulation on JS files at all?

 

[Trident]

yes, the example was not emulated. i got it by going to a website where it was automatically downloaded. if it was in a zip, would it have been emulated? Or does it not do emulation on JS files at all?

It emulates js content in a zip file. Rule can also be added for all *.js files to be automatically rejected but blocking wscript.exe is a much better alternative. It’s what DeepInstinct does as well.

 

[likeastar20]

@Trident how do you delete the emulation logs from your pc?

 

[Shadowra]

Hello

I made a fight... Harmony vs DeepInstinct.
Since I'm busy this weekend, the video will be out on Monday
(you have to give me time to edit the video )

 

[likeastar20]

Hello

I made a fight... Harmony vs DeepInstinct.
Since I'm busy this weekend, the video will be out on Monday
(you have to give me time to edit the video )

@Trident Doing a test like this means that the emulation module has no role to play, right?

 

[Kongo]

Hello

I made a fight... Harmony vs DeepInstinct.
Since I'm busy this weekend, the video will be out on Monday
(you have to give me time to edit the video )

Really appreciate your effort. I am looking forward to it. No spoilers please tho

 

[kev7]

please may i ask will checkpoint harmony endpoint also keep a eye on emails and protect them, in some way? thank you

 

[Trident]

@Trident how do you delete the emulation logs from your pc?

I think support needs to provide a tool.

@Trident Doing a test like this means that the emulation module has no role to play, right?

Yeah, if they were introduced through an archive. Downloads are emulated.

Hello

I made a fight... Harmony vs DeepInstinct.
Since I'm busy this weekend, the video will be out on Monday
(you have to give me time to edit the video )

I’m excited

 

[NormanF]

please may i ask will checkpoint harmony endpoint also keep a eye on emails and protect them, in some way? thank you

You'll have to subscribe to an add on to protect your mail and stmp and pop gateways.

 

[Trident]

You'll have to subscribe to an add on to protect your mail and stmp and pop gateways.

It works with various services via a cloud communicator (web plug-in).

 

[simmerskool]

fwiw I'm trying the ddg browser and at first glance it seems that Harmony anti-phishing does not work with it... (but that's not definitive just an initial observation)

 

[Trident]

fwiw I'm trying the ddg browser and at first glance it seems that Harmony anti-phishing does not work with it... (but that's not definitive just an initial observation)

What’s ddg browser? Only Chrome, Edge, Firefox and Brave support all capabilities. All other apps including unsupported browsers will be protected only by URL filtering and anti-bot but Zero-Phishing will not be available.

 

[simmerskool]

What’s ddg browser? Only Chrome, Edge, Firefox and Brave support all capabilities. All other apps including unsupported browsers will be protected only by URL filtering and anti-bot but Zero-Phishing will not be available.

DuckDuckGo Browser which is somehow utilizing Edge (my understanding).

 

[kev7]

thank you for your reply's, NormanF and Trident

 

[Dave Russo]

How much does this cost for a home user? I have good protection already, but the forum makes this program sound great (and my Av expires soon) if affordable, I am just concerned I would be lost setting the program up properly?