Serious Discussion Harmony Endpoint by Check Point

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I've already told him several times what I thought of him.
And that these tests are clearly nonsense...

Basically, it launches a script that will bombard the antivirus with file executions. Except that an engine can't handle everything at once, and may clumsily authorize the launch of malware it knows about (as we see in his video on AgentTesla detection, Kaspersky calls it Agentla ... this also happens with the Expiro virus).
This "gang-band" behavior is not an antivirus test worthy of the name.
Yeah but still, both were tested this way and one won. 😀
 

likeastar20

Level 9
Verified
Mar 24, 2016
423
I've already told him several times what I thought of him.
And that these tests are clearly nonsense...

Basically, it launches a script that will bombard the antivirus with file executions. Except that an engine can't handle everything at once, and may clumsily authorize the launch of malware it knows about (as we see in his video on AgentTesla detection, Kaspersky calls it Agentla ... this also happens with the Expiro virus).
This "gang-band" behavior is not an antivirus test worthy of the name.
I like the method where you scan the folder and after you execute what is left. BTW, there is a script on github similar to the one in the video: GitHub - bun39/MalTester-2.0: Test your malware samples against antimalware solutions, similar to malex.py
 
  • Like
Reactions: Shadowra

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,630
Checkpoint can use Kaspersky's engine right?

There's a version with Kaspersky and one with Sophos.
It also uses its own flow engines, those of Cisco Talos and those of Kaspersky (for emulation).
And I think ZoneAlarm also has them in NextGen. Yesterday I managed to reproduce the same emulation as Harmony.
 

Xeno1234

Level 14
Jun 12, 2023
684
There's a version with Kaspersky and one with Sophos.
It also uses its own flow engines, those of Cisco Talos and those of Kaspersky (for emulation).
And I think ZoneAlarm also has them in NextGen. Yesterday I managed to reproduce the same emulation as Harmony.
Where do you get the version with Kaspersky, cause I assume its better, right?
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
There's a version with Kaspersky and one with Sophos.
It also uses its own flow engines, those of Cisco Talos and those of Kaspersky (for emulation).
And I think ZoneAlarm also has them in NextGen. Yesterday I managed to reproduce the same emulation as Harmony.
Local anti-malware can be Kaspersky or Sophos.
It uses its own engines + feeds from Kaspersky and Cisco Talos.
Yes, ZoneAlarm is just a rebrand of Harmony Endpoint, majority of the program code is the same. However, Harmony emulates files up to 50 MB and ZoneAlarm emulates files up to 15 MB.
 
Last edited:

Razza

Level 4
Verified
Well-known
Aug 12, 2014
165
Am going to start a trial for Harmony later tonight, I've been playing around with ZoneAlarm nextgen in a VM, might as well play with Harmony more setting to play around with :).


Any recommendations on setting to change from the default config
 

Xeno1234

Level 14
Jun 12, 2023
684
Am going to start a trial for Harmony later tonight, I've been playing around with ZoneAlarm nextgen in a VM, might as well play with Harmony more setting to play around with :).


Any recommendations on setting to change from the default config
I set it to Strict config its just a quick little button press on the management page it just turns on more detection modules
 

lyldz

Level 3
Verified
Well-known
Jun 4, 2016
139
Am going to start a trial for Harmony later tonight, I've been playing around with ZoneAlarm nextgen in a VM, might as well play with Harmony more setting to play around with :).


Any recommendations on setting to change from the default config
i think reasonable settings were shared on previous pages. take a look.
 

Xeno1234

Level 14
Jun 12, 2023
684
1687994141702.png

How do I do this too lol
 

Xeno1234

Level 14
Jun 12, 2023
684
Local anti-malware can be Kaspersky or Sophos.
It uses its own engines + feeds from Kaspersky and Cisco Talos.
Yes, ZoneAlarm is just a rebrand of Harmony Endpoint, majority of the program code is the same. However, Harmony emulates files up to 50 MB and ZoneAlarm emulates files up to 15 MB.
What do you mean by Local Malware Engine, is it both signatures and also their scanning technology and behavior blocker?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top