Serious Discussion Harmony Endpoint by Check Point

[cruelsister]

The cost will vary depending on the protection afforded. However for a single user figure ~50USD.

But before purchasing a ticket on the Harmony LoveTrain, one must consider if an Endpoint Solution is an optimal product for a lonely single user and holds any advantage over a tried and true solution like K. Also it may be found that cuties such as Qakbot may prove dis-Harmonious to this solution.

 

[likeastar20]

How much does this cost for a home user? I have good protection already, but the forum makes this program sound great (and my Av expires soon) if affordable, I am just concerned I would be lost setting the program up properly?

I bought it from here: Buy Check Point Harmony Endpoint.. Monthly payments - Check Point Direct, monthly, not managed.

 

[NormanF]

The cost will vary depending on the protection afforded. However for a single user figure ~50USD.

But before purchasing a ticket on the Harmony LoveTrain, one must consider if an Endpoint Solution is an optimal product for a lonely single user and holds any advantage over a tried and true solution like K. Also it may be found that cuties such as Qakbot may prove dis-Harmonious to this solution.

What it comes to down to is whether you really need XDR and you could replace all your security products with it and not even have to harden Windows. Between Checkpoint Harmony, Kaspersky Endpoint Security Cloud Plus and Bit Defender GravityZone Enterprise, the monthly costs are manageable. Depends on what endpoint vendor you want to go with.

 

[Trident]

The cost will vary depending on the protection afforded. However for a single user figure ~50USD.

But before purchasing a ticket on the Harmony LoveTrain, one must consider if an Endpoint Solution is an optimal product for a lonely single user and holds any advantage over a tried and true solution like K. Also it may be found that cuties such as Qakbot may prove dis-Harmonious to this solution.

Endpoint security software is only as strong as your policy is. To avoid the disharmony, you can deploy the product with Kaspersky engine that has excellent script coverage. Or you can configure rules that reject *.js downloads as well as you can block wscript.exe from connecting (and other cute LOtLBins not needed to anyone). The choice is yours as admin. But if anybody expects to say “Alexa, set up my Antivirus for maximum security” and all settings to magically adjust ON A BUSINESS SOLUTION, they better get real and go with products such as Norton that do everything with 2 clicks.

 

[NormanF]

I bought it from here: Buy Check Point Harmony Endpoint.. Monthly payments - Check Point Direct, monthly, not managed.

All of them you manage yourself after the reseller sets up an account for you. With Symantec and McAffee, you can run their endpoint software for free unmanaged. If you need an online console, you have to buy a licence.

 

[simmerskool]

I bought it from here: Buy Check Point Harmony Endpoint.. Monthly payments - Check Point Direct, monthly, not managed.

that's what I did, ditto. Been installed on win10_VM +6.5 days, only "con" is I have not spent as much as I'd like with the Infinity manual, so good thing mostly default that it seems to offer great or comprehensive protection. Please report how installation (deployment) goes, what tweaks you make to default.

 

[Trident]

that's what I did, ditto. Been installed on win10_VM +6.5 days, only "con" is I have not spent as much as I'd like with the Infinity manual, so good thing mostly default that it seems to offer great or comprehensive protection. Please report how installation (deployment) goes, what tweaks you make to default.

I can export my policies and provide them to you.

 

[Dave Russo]

I can export my policies and provide them to you. (sorry second half is my response not quote from Trident) Would I then be able to download your policy to a set up by me? I am not sure if your offer is just for your response to simmerskool ?

​

 

[Trident]

@Dave Russo the policy will be provided to anyone who asks for it on a DM. In the infinity portal on top, there is “Import Policy”. It is a *.json file, you just need to supply it.

The @Shadowra test was conducted with part of my policy (if no changes were made later). The policy for threat prevention was provided but not for other components.

I advise people in a need of a strong security and not susceptible to speculations to deploy Harmony with the Kaspersky engine. For more information, anyone can always DM me, I check this website frequently even when I’m at work or out with mates. You can expect quick response.

 

[Trident]

Okay, obviously there is interest to these policies so I am compiling an archive with the following:

• Information on what’s Harmony, how it works, what’s inside and why. Comparison of Kaspersky and Sophos engines.
• Deployment help, information, links to resources, including a free video course (not mandatory).
• The necessary policies, including Application Control
• Custom list of IoCs (Indicators of Compromise) which includes domains I’ve seen associated with SPAM and SCAM and not blocked by any defences (normally I am the one who goes around and reports these). This list will have to be updated once in a while. This is a small supplement to all protections.
• Two sets of policies, one for maximum performance and one for maximum security.
• Relevant explanations about the policies, including what’s changed, why and what threats will be better covered.
• Instructions how to import the policies.

I will send everything to the users who already requested these policies when ready, later today.

It’s all under CIH (Community in Harmony Project).
This intelligence is provided as a gesture of good will to members of the MalwareTips community, who actively contribute to the community and wish to defend their devices better. I reserve my rights to reject provision of this intelligence to users who are not contributing to this community and/or exhibit SPAM-like behaviour, or appear to not be interested in Harmony.

 

[Digmor Crusher]

That seems like a lot of work, many here will appreciate it. Thanks.

 

[cruelsister]

To avoid the disharmony, you can deploy the product with Kaspersky engine that has excellent script coverage

The point I attempted to make. As proper use of Harmony comes with the expectation of above average user knowledge for proper deployment, one should expect the protection to exceed that of K without the addition of whack-a-mole (reactive) rule sets.

 

[Trident]

The point I attempted to make. As proper use of Harmony comes with the expectation of above average user knowledge for proper deployment, one should expect the protection to exceed that of K without the addition of whack-a-mole (reactive) rule sets.

The product is deployed by default with Kaspersky, it requires additional tweaks to switch to Sophos. I switched because of Sophos engine's smarter update process (and because I am interested in how it works) but Kaspersky engine is way better.

 

[simmerskool]

The point I attempted to make. As proper use of Harmony comes with the expectation of above average user knowledge for proper deployment, one should expect the protection to exceed that of K without the addition of whack-a-mole (reactive) rule sets.

fwiw, I originally deployed with Kaspersky (although somewhat unknowingly) later switched to Sophos (aka DHS compliant), and there's a Harmony warning note that you can easily switch from Kas to Sophos, BUT once you do it is more difficult to switch back to Kas for some reason. @Trident probably understands why and howto...

 

[NormanF]

The warning is because you cannot deploy Kaspersky if you're on a government contract or working for it in the United States or the European Union.

Be sure you understand before you switch to a compliant AV provider like Sophos.

 

[Trident]

fwiw, I originally deployed with Kaspersky (although somewhat unknowingly) later switched to Sophos (aka DHS compliant), and there's a Harmony warning note that you can easily switch from Kas to Sophos, BUT once you do it is more difficult to switch back to Kas for some reason. @Trident probably understands why and howto...

Also, I want to make something quite clear. Those Qakbot little js files that are not detected if the solution is ran with Sophos are not the point of entry.
Qakbot is now spread via malicious OneNote files and other malicious documents. All documents are always cleaned from executable content. This will render them unable to download the malicious *.js file. In addition, various Behavioural Guard rules would prevent OneNote from calling other LoTLBins. So the statement that the product doesn't cover Qakbot is wrong.

 

[piquiteco]

The product is deployed by default with Kaspersky, it requires additional tweaks to switch to Sophos. I switched because of Sophos engine's smarter update process (and because I am interested in how it works) but Kaspersky engine is way better.

BD, Trend Micro, CIS also did not detect that stealer malware, I could not run put it into action because I am on the real machine. Kasperky, MS-Defender detected it as soon as I extracted the RAR file. Probably most AVS will not detect it, only when running. Now even Webroot, which they say is crappy, detects it as W32.Malware.Gen

 

[Trident]

BD, Trend Micro, CIS also did not detect that stealer malware, I could not run put it into action because I am on the real machine. Kasperky, MS-Defender detected it as soon as I extracted the RAR file. Probably most AVS will not detect it, only when running. Now even Webroot, which they say is crappy, detects it as W32.Malware.Gen

I did run it with ZoneAlarm which is way more gentle and it was detected. The thing is ZA does not scan anything over 20 MB and the file is 60MB. However, on Harmony Endpoint I have removed the size limitation. The file is detected pre-execution.

 

[Sandbox Breaker]

BD, Trend Micro, CIS also did not detect that stealer malware, I could not run put it into action because I am on the real machine. Kasperky, MS-Defender detected it as soon as I extracted the RAR file. Probably most AVS will not detect it, only when running. Now even Webroot, which they say is crappy, detects it as W32.Malware.Gen

CIS automatically would have contained the stealer.

 

[Trident]

CIS automatically would have contained the stealer.

The stealer was signed together with all files it drops and downloads. So no, it wouldn't have.