Serious Discussion Harmony Endpoint by Check Point

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
The cost will vary depending on the protection afforded. However for a single user figure ~50USD.

But before purchasing a ticket on the Harmony LoveTrain, one must consider if an Endpoint Solution is an optimal product for a lonely single user and holds any advantage over a tried and true solution like K. Also it may be found that cuties such as Qakbot may prove dis-Harmonious to this solution.
 

likeastar20

Level 9
Verified
Mar 24, 2016
423

NormanF

Level 9
Verified
Jan 11, 2018
404
The cost will vary depending on the protection afforded. However for a single user figure ~50USD.

But before purchasing a ticket on the Harmony LoveTrain, one must consider if an Endpoint Solution is an optimal product for a lonely single user and holds any advantage over a tried and true solution like K. Also it may be found that cuties such as Qakbot may prove dis-Harmonious to this solution.

What it comes to down to is whether you really need XDR and you could replace all your security products with it and not even have to harden Windows. Between Checkpoint Harmony, Kaspersky Endpoint Security Cloud Plus and Bit Defender GravityZone Enterprise, the monthly costs are manageable. Depends on what endpoint vendor you want to go with.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The cost will vary depending on the protection afforded. However for a single user figure ~50USD.

But before purchasing a ticket on the Harmony LoveTrain, one must consider if an Endpoint Solution is an optimal product for a lonely single user and holds any advantage over a tried and true solution like K. Also it may be found that cuties such as Qakbot may prove dis-Harmonious to this solution.
Endpoint security software is only as strong as your policy is. To avoid the disharmony, you can deploy the product with Kaspersky engine that has excellent script coverage. Or you can configure rules that reject *.js downloads as well as you can block wscript.exe from connecting (and other cute LOtLBins not needed to anyone). The choice is yours as admin. But if anybody expects to say “Alexa, set up my Antivirus for maximum security” and all settings to magically adjust ON A BUSINESS SOLUTION, they better get real and go with products such as Norton that do everything with 2 clicks.
 
Last edited:

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
that's what I did, ditto. Been installed on win10_VM +6.5 days, only "con" is I have not spent as much as I'd like with the Infinity manual, so good thing mostly default that it seems to offer great or comprehensive protection. Please report how installation (deployment) goes, what tweaks you make to default.
I can export my policies and provide them to you.
 
  • Thanks
Reactions: simmerskool

Dave Russo

Level 22
Verified
Top Poster
Well-known
May 26, 2014
1,149
I can export my policies and provide them to you. (sorry second half is my response not quote from Trident) Would I then be able to download your policy to a set up by me? I am not sure if your offer is just for your response to simmerskool ?

 
Last edited:
  • Like
Reactions: Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
@Dave Russo the policy will be provided to anyone who asks for it on a DM. In the infinity portal on top, there is “Import Policy”. It is a *.json file, you just need to supply it.

The @Shadowra test was conducted with part of my policy (if no changes were made later). The policy for threat prevention was provided but not for other components.

I advise people in a need of a strong security and not susceptible to speculations to deploy Harmony with the Kaspersky engine. For more information, anyone can always DM me, I check this website frequently even when I’m at work or out with mates. You can expect quick response.
 
Last edited:

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Okay, obviously there is interest to these policies so I am compiling an archive with the following:
  • Information on what’s Harmony, how it works, what’s inside and why. Comparison of Kaspersky and Sophos engines.
  • Deployment help, information, links to resources, including a free video course (not mandatory).
  • The necessary policies, including Application Control
  • Custom list of IoCs (Indicators of Compromise) which includes domains I’ve seen associated with SPAM and SCAM and not blocked by any defences (normally I am the one who goes around and reports these). This list will have to be updated once in a while. This is a small supplement to all protections.
  • Two sets of policies, one for maximum performance and one for maximum security.
  • Relevant explanations about the policies, including what’s changed, why and what threats will be better covered.
  • Instructions how to import the policies.

I will send everything to the users who already requested these policies when ready, later today.

It’s all under CIH (Community in Harmony Project).
This intelligence is provided as a gesture of good will to members of the MalwareTips community, who actively contribute to the community and wish to defend their devices better. I reserve my rights to reject provision of this intelligence to users who are not contributing to this community and/or exhibit SPAM-like behaviour, or appear to not be interested in Harmony.
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
To avoid the disharmony, you can deploy the product with Kaspersky engine that has excellent script coverage
The point I attempted to make. As proper use of Harmony comes with the expectation of above average user knowledge for proper deployment, one should expect the protection to exceed that of K without the addition of whack-a-mole (reactive) rule sets.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The point I attempted to make. As proper use of Harmony comes with the expectation of above average user knowledge for proper deployment, one should expect the protection to exceed that of K without the addition of whack-a-mole (reactive) rule sets.
The product is deployed by default with Kaspersky, it requires additional tweaks to switch to Sophos. I switched because of Sophos engine's smarter update process (and because I am interested in how it works) but Kaspersky engine is way better.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,788
The point I attempted to make. As proper use of Harmony comes with the expectation of above average user knowledge for proper deployment, one should expect the protection to exceed that of K without the addition of whack-a-mole (reactive) rule sets.
fwiw, I originally deployed with Kaspersky (although somewhat unknowingly) later switched to Sophos (aka DHS compliant), and there's a Harmony warning note that you can easily switch from Kas to Sophos, BUT once you do it is more difficult to switch back to Kas for some reason. @Trident probably understands why and howto...
 

NormanF

Level 9
Verified
Jan 11, 2018
404
The warning is because you cannot deploy Kaspersky if you're on a government contract or working for it in the United States or the European Union.

Be sure you understand before you switch to a compliant AV provider like Sophos.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
fwiw, I originally deployed with Kaspersky (although somewhat unknowingly) later switched to Sophos (aka DHS compliant), and there's a Harmony warning note that you can easily switch from Kas to Sophos, BUT once you do it is more difficult to switch back to Kas for some reason. @Trident probably understands why and howto...
Also, I want to make something quite clear. Those Qakbot little js files that are not detected if the solution is ran with Sophos are not the point of entry.
Qakbot is now spread via malicious OneNote files and other malicious documents. All documents are always cleaned from executable content. This will render them unable to download the malicious *.js file. In addition, various Behavioural Guard rules would prevent OneNote from calling other LoTLBins. So the statement that the product doesn't cover Qakbot is wrong.
 

piquiteco

Level 14
Verified
Top Poster
Well-known
Oct 16, 2022
624
The product is deployed by default with Kaspersky, it requires additional tweaks to switch to Sophos. I switched because of Sophos engine's smarter update process (and because I am interested in how it works) but Kaspersky engine is way better.
BD, Trend Micro, CIS also did not detect that stealer malware, I could not run put it into action because I am on the real machine. Kasperky, MS-Defender detected it as soon as I extracted the RAR file. Probably most AVS will not detect it, only when running. Now even Webroot, which they say is crappy, detects it as W32.Malware.Gen :LOL:
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
BD, Trend Micro, CIS also did not detect that stealer malware, I could not run put it into action because I am on the real machine. Kasperky, MS-Defender detected it as soon as I extracted the RAR file. Probably most AVS will not detect it, only when running. Now even Webroot, which they say is crappy, detects it as W32.Malware.Gen :LOL:
I did run it with ZoneAlarm which is way more gentle and it was detected. The thing is ZA does not scan anything over 20 MB and the file is 60MB. However, on Harmony Endpoint I have removed the size limitation. The file is detected pre-execution.
 

Sandbox Breaker

Level 11
Verified
Top Poster
Well-known
Jan 6, 2022
530
BD, Trend Micro, CIS also did not detect that stealer malware, I could not run put it into action because I am on the real machine. Kasperky, MS-Defender detected it as soon as I extracted the RAR file. Probably most AVS will not detect it, only when running. Now even Webroot, which they say is crappy, detects it as W32.Malware.Gen :LOL:
CIS automatically would have contained the stealer.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top