Serious Discussion Harmony Endpoint by Check Point

[Trident]

So it is its own AV? Sorry to ask again but you said "Yes" to a "or" question.

The NGAV (also known as static analysis) is developed by Check Point and layered with other engines.

 

[Xeno1234]

The NGAV (also known as static analysis) is developed by Check Point and layered with other engines.

Ok thank you

Yes, it is. By default it works on medium aggressivness as opposed to ZoneAlarm where it is not aggressive. Also, it is possible to ask support to enroll you into early availability models for NGAV and behavioural guard.

Is it possible to increase the aggressiveness of NGAV or is it always at Medium Aggressiveness.

 

[Trident]

Is it possible to increase the aggressiveness of NGAV or is it always at Medium Aggressiveness.

It is possible only through support but I’ve not done it myself. You can also ask to enable experimental models but it must be via support. You can’t do it yourself.

 

[lyldz]

Try jdownloader 2
İts blocked by harmony.interesting 2 years use it and never problems by this.

 

[Trident]

Try jdownloader 2
İts blocked by harmony.interesting 2 years use it and never problems by this.

It is detected by Eset as well. These are inferior programmes and I don’t see any reason why someone would wanna use them.

 

[NormanF]

It is possible only through support but I’ve not done it myself. You can also ask to enable experimental models but it must be via support. You can’t do it yourself.

Experimental mode is like beta. You can test new features becoming available. A monthly subscription to an endpoint product saves one the hassle of getting a renewal license every year and you still benefit from updated protection that's being added to the product.

 

[Trident]

Experimental mode is like beta. You can test new features becoming available. A monthly subscription to an endpoint product saves one the hassle of getting a renewal license every year and you still benefit from updated protection that's being added to the product.

Models, not mode. Models. Detection and protection machine learning models for static analysis, and behavioural guard will become available to you before they hit everyone else. These models are not quality tested (you will be the lab mouse) and may produce false positives. They may improve detection potentially.

 

[NormanF]

Models, not mode. Models. Detection and protection machine learning models for static analysis, and behavioural guard will become available to you before they hit everyone else. These models are not quality tested (you will be the lab mouse) and may produce false positives. They may improve detection potentially.

Sorry, I thought you misspoke! Anyway, good point that's how they can figure out what works and what doesn't work in the future. Getting the security algorithm right is important in making a product capable of providing the best endpoint protection against current and emerging malware threats.

 

[Shadowra]

Try jdownloader 2
İts blocked by harmony.interesting 2 years use it and never problems by this.

Yup

 

[simmerskool]

Yup

View attachment 276996

Isn't this detection the function of conservative business / enterprise config compared to home use AV, ie, not exactly false positives, but rather business conservative

 

[Trident]

Isn't this detection the function of conservative business / enterprise config compared to home use AV, ie, not exactly false positives, but rather business conservative

It is business conservative. Poor software like these 2 download managers, apart from being redundant (the browser can already do the download for you) open additional doors for exploits that the authors, judging by their poor websites, won’t really take care of. Just like Comodo with their CVEs. And these components are easy to be exposed to unsanitary content. You are just increasing the attack surface with them.

 

[cruelsister]

Just like Comodo with their CVEs

All of which quite old, long since patched and non-existent on current builds. Unlike:CPAI-2023-0479 - Check Point Software

 

[Trident]

All of which quite old, long since patched and non-existent on current builds. Unlike:CPAI-2023-0479 - Check Point Software

This vulnerability is in the Secure Gateway and a fix has been provided in a timely manner.
Unlike here, where there is no fix:

CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privil

CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.

www.cvedetails.com

Also, I believe you know Check Point is the vendor with the least number of vulnerabilities amongst the competition.

Spoiler

And they have the quickest response time. You can do you own CVE search as well.

I also want to make it clear that your Comodo fanboyism will not make it on any of my threads. Remember that.
I suggest you direct Comodo promotions elsewhere.

 

[Xeno1234]

In the event that you delete one of the Zero Day Document Folders that Checkpoint Places, will it come back? I know your not supposed to, however I had some empty ones and I wanted to clean up my files.

 

[Trident]

In the event that you delete one of the Zero Day Document Folders that Checkpoint Places, will it come back? I know your not supposed to, however I had some empty ones and I wanted to clean up my files.

They will be regenerated after you reboot.

 

[ForgottenSeer 100397]

I also want to make it clear that your Comodo fanboyism will not make it on any of my threads. Remember that.
I suggest you direct Comodo promotions elsewhere.

"No Comodo fanboys allowed—unless you bring Harmony-worshipping candles and incense!"

@Trident What is it about you that makes every Comodo user a fanboy?

 

[Trident]

@Trident What is it about you that makes every Comodo user a fanboy?

You are definitely one. Don't make me count all your posts and calculate in percentage how many of them are Comodo worshipping.

I am very familiar with the Comodo user base and fanboys.

 

[Xeno1234]

They will be regenerated after you reboot.

Alr ty

 

[Decopi]

I also want to make it clear that your Comodo fanboyism will not make it on any of my threads. Remember that.

To say that... it's like throwing holy water at Dracula
By definition, every fanatic is blindly convicted that his fanaticism will make Comodo perfect, even if the post is about Disneyland.

I suggest you direct Comodo promotions elsewhere.

One of the symptoms of fanboysm is that fanboys cannot deal with any comment about the product they blindly defend, even when the post is not about Comodo.

 

[NormanF]

This vulnerability is in the Secure Gateway and a fix has been provided in a timely manner.
Unlike here, where there is no fix:

CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privil

CVE-2022-34008 : Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder.

www.cvedetails.com

Also, I believe you know Check Point is the vendor with the least number of vulnerabilities amongst the competition.

And they have the quickest response time. You can do you own CVE search as well.

I also want to make it clear that your Comodo fanboyism will not make it on any of my threads. Remember that.
I suggest you direct Comodo promotions elsewhere.

Speaking of patching, what's your opinion of a patch management module on an endpoint security suite?

They will be regenerated after you reboot.

The folders will be there regardless of what you decide you want to keep in them. That's why they're named Zero Day Documents.