It is a common practice in business products third party engines and feeds to be commissioned. It is not cheap, specially for Check Point. They are paying for threat intelligence feeds, third-party engines (2 of them at a time as Bitdefender always runs on the cloud) and the Check Point Threat Operations team is still hundreds of people. The whole company consists of 6K people staff.
I was downloading the other day Epson printer drivers, obviously emulated by Harmony. It added about a minute to the download and needless to say I haven’t cried. Unless there is something lifesaving in that executable/script you download, I don’t see how the waiting is a problem. Nevertheless, whoever doesn’t wanna wait can turn emulation off or install something else.
Oops, I'll wait, I took 9 months to be born, why wouldn't I wait 2 or 3 minutes?
Btw hi buddy, what's up? see spoiler, I'm back.
You should try Harmony my friend. It’s like a much more Elite version of ZoneAlarm…Oops, I'll wait, I took 9 months to be born, why wouldn't I wait 2 or 3 minutes?
I was quite patient, not sure what you mean.
The extension is intended for admins to make sure only trusted content is being downloaded. You can’t expect workers to be experts. If anyone knows better then they can decide to turn it off.
You have a older version - newer versions allow 50mb (and thats just for emulation). You also have anti-malware which doesnt have a file size limit.
You can’t train them and even if you do, they will not be experts. Malware and attack’s don’t have one shape and form, you never know how and where it will come from. Many people have no clue about malware and it is not necessary to do — you can’t expect an English teacher or a hotel receptionist, or the bar manager to recognise malware links in emails for example. It they were experts on that, they would be working at NortonLifeLock. And even the one understand malware are still vulnerable to supply chain attack and many others. Remember how Kaspersky’s iPhone was hacked not too long ago and their security solution alerted them to anomaly?
fwiw, I like the checkpoint harmony browser extension, sends me reasonable popups and I'm not seeing any big delays. So I read the comments to the contrary with a shrugoff, to each his own.
There is a free version of it but it only provides Zero Phishing and CDR and modifies search engine to Yahoo (disgusting). It doesn’t provide the search indicators, malicious website blocking, emulation and password reuse protection. The extension itself is available as standalone product called Harmony Browse and that’s £22 a year. It is also included with Harmony Total meaning Chromebooks for example that don’t have full EDR available, won’t be counted as a station. Unless you wanna install Harmony Mobile via the Play Store which is also quite good.fwiw, I like the checkpoint harmony browser extension, sends me reasonable popups and I'm not seeing any big delays. So I read the comments to the contrary with a shrugoff, to each his own.
If you dont mind me asking, did you test 1 redline or multiple? In remediation it says 8 terminated process and 415 files quarriented.
One of the detections (gen.win.processhollowing) seems to be a generic detection for code injection via process hollowing (run process -> pause process -> replace portion of process memory with malicious code -> resume process). Seeing a process hollowing detection by behavioural blocking is quite unusual, many AVs are totally blind to that. Some can catch initial scripts early by using local emulator in memory but the emulator doesn’t have all day, it’s only got milliseconds and by using a JS with useless math operations and malicious actions somewhere in the middle, local emulator can easily be bypassed (unlike full blown emulation in the cloud that has the time).
