Serious Discussion Harmony Endpoint by Check Point

[Trident]

I've already told him several times what I thought of him.
And that these tests are clearly nonsense...

Basically, it launches a script that will bombard the antivirus with file executions. Except that an engine can't handle everything at once, and may clumsily authorize the launch of malware it knows about (as we see in his video on AgentTesla detection, Kaspersky calls it Agentla ... this also happens with the Expiro virus).
This "gang-band" behavior is not an antivirus test worthy of the name.

Yeah but still, both were tested this way and one won.

 

[Xeno1234]

Yeah but still, both were tested this way and one won.

Thats true but then again Kaspersky was 100% overloaded, but checkpoint still won and I think its better tbh seeing that

 

[likeastar20]

I've already told him several times what I thought of him.
And that these tests are clearly nonsense...

Basically, it launches a script that will bombard the antivirus with file executions. Except that an engine can't handle everything at once, and may clumsily authorize the launch of malware it knows about (as we see in his video on AgentTesla detection, Kaspersky calls it Agentla ... this also happens with the Expiro virus).
This "gang-band" behavior is not an antivirus test worthy of the name.

I like the method where you scan the folder and after you execute what is left. BTW, there is a script on github similar to the one in the video: GitHub - bun39/MalTester-2.0: Test your malware samples against antimalware solutions, similar to malex.py

 

[Shadowra]

In that case however, what about other scripts? Dont they do the same? Or are they just a bit slower?

They all do.
The best thing to do is to scan the folder and run the files not recognized by the anti-malware analysis.

 

[Xeno1234]

Checkpoint can use Kaspersky's engine right?

 

[Shadowra]

Checkpoint can use Kaspersky's engine right?

There's a version with Kaspersky and one with Sophos.
It also uses its own flow engines, those of Cisco Talos and those of Kaspersky (for emulation).
And I think ZoneAlarm also has them in NextGen. Yesterday I managed to reproduce the same emulation as Harmony.

 

[Xeno1234]

There's a version with Kaspersky and one with Sophos.
It also uses its own flow engines, those of Cisco Talos and those of Kaspersky (for emulation).
And I think ZoneAlarm also has them in NextGen. Yesterday I managed to reproduce the same emulation as Harmony.

Where do you get the version with Kaspersky, cause I assume its better, right?

 

[Shadowra]

Where do you get the version with Kaspersky, cause I assume its better, right?

When I picked up my version of Harmony, I got it straight away.
You can switch to Sophos in the Harmony console, but I'm not interested. I trust Kaspersky more than Sophos.

 

[Trident]

There's a version with Kaspersky and one with Sophos.
It also uses its own flow engines, those of Cisco Talos and those of Kaspersky (for emulation).
And I think ZoneAlarm also has them in NextGen. Yesterday I managed to reproduce the same emulation as Harmony.

Local anti-malware can be Kaspersky or Sophos.
It uses its own engines + feeds from Kaspersky and Cisco Talos.
Yes, ZoneAlarm is just a rebrand of Harmony Endpoint, majority of the program code is the same. However, Harmony emulates files up to 50 MB and ZoneAlarm emulates files up to 15 MB.

 

[Razza]

Am going to start a trial for Harmony later tonight, I've been playing around with ZoneAlarm nextgen in a VM, might as well play with Harmony more setting to play around with .


Any recommendations on setting to change from the default config

 

[Xeno1234]

Am going to start a trial for Harmony later tonight, I've been playing around with ZoneAlarm nextgen in a VM, might as well play with Harmony more setting to play around with .


Any recommendations on setting to change from the default config

I set it to Strict config its just a quick little button press on the management page it just turns on more detection modules

 

[Xeno1234]

Its asking me for an administrator password, whats that?

 

[lyldz]

Am going to start a trial for Harmony later tonight, I've been playing around with ZoneAlarm nextgen in a VM, might as well play with Harmony more setting to play around with .


Any recommendations on setting to change from the default config

i think reasonable settings were shared on previous pages. take a look.

 

[Xeno1234]

How do I do this too lol

 

[Xeno1234]

Local anti-malware can be Kaspersky or Sophos.
It uses its own engines + feeds from Kaspersky and Cisco Talos.
Yes, ZoneAlarm is just a rebrand of Harmony Endpoint, majority of the program code is the same. However, Harmony emulates files up to 50 MB and ZoneAlarm emulates files up to 15 MB.

What do you mean by Local Malware Engine, is it both signatures and also their scanning technology and behavior blocker?

 

[vonvon]

Is harmony heavy for the system ?

 

[Xeno1234]

Is harmony heavy for the system ?

Depends, if your actively doing tasks yet, but idle not really

 

[simmerskool]

Is harmony heavy for the system ?

it runs snappily for me but it appears to use more RAM than others. it has at least 11 agents running under name checkpoint, maybe others.

 

[vonvon]

Thank you. The ram does not matter to me, the use of the cpu more

 

[simmerskool]

Thank you. The ram does not matter to me, the use of the cpu more

on my system, very little cpu used.