You’ve got the passion and enthusiasm of a thousand teenage fangirls combined! You can finally put that “Harmony Fanboy” t-shirt to good use!
Harmony Endpoint by Check Point
- Thread starter Trident
- Start date
- Feb 7, 2023
- 2,349
Yeah, I got passion, enthusiasm and I know how to handle fanboyism. And I am not just Harmony fanboy, I like CrowdStrike, Palo Alto, Symantec, Sentinel One and many others. Almost everything, except for Comodo. Sorry.
Xeno1234
Level 14
- Jun 12, 2023
- 684
Trident is sorry, Comodo, but you’re not getting any of his fanboy love!
You both politely pointed out vulnerabilities in products. Your fanboy remark was needless and tasteless. That was my point.
- Feb 7, 2023
- 2,349
My remarks are based on knowing many of you well. I've watched all of you. Not for a day or two.
When somebody chimes in speaking about vulnerabilities in a product that is not even actively discussed (nobody here talks about Quantum), not knowing the total number of CVEs and response time (or pretending not to know most likely) and at the same time uses a product plagued with holes and bugs widely discussed... you can only call it fanboyism. And maybe 2-3 users may believe and put thumbs, and reputation signs on such posts, but I am not gonna do the same.
And this behaviour + cheap deception attempts won't work well on my threads.
By now you should've realised it.
Hi @rhythm , with all due respect, it seems that you joined this forum now in 2023, and maybe you don't know, but for years "Comodo" was always a topic discussed with too much emotion and subjectivity.
But, the real problem happened (around) 3 years ago, when Comodo stopped its updates, upgrades, and it was abandoned full of serious bugs. Today Comodo is a software that cannot even be officially declared "Windows 11 compatible".
In this context, the number of Comodo users evaporated, nowadays left only a few... the fanboys/girls... who remind me those Japanese abandoned on Islands during World War II, without anyone notifying them that "The War Is Over".
I'm not trying to convince you of anything. I'm just explaining you the context of this forum, hopping that you wont take any comment personally.
As for @Trident , he doesn't need me to defend him, he has a huge knowledge and expertise related to security software (and other subjects). Yeah, he is (a bit) passionate and enthusiastic (I like that!), but he is very objective. I personally learned a lot from him, and I hope you'll learn too.
But, the real problem happened (around) 3 years ago, when Comodo stopped its updates, upgrades, and it was abandoned full of serious bugs. Today Comodo is a software that cannot even be officially declared "Windows 11 compatible".
In this context, the number of Comodo users evaporated, nowadays left only a few... the fanboys/girls... who remind me those Japanese abandoned on Islands during World War II, without anyone notifying them that "The War Is Over".
I'm not trying to convince you of anything. I'm just explaining you the context of this forum, hopping that you wont take any comment personally.
As for @Trident , he doesn't need me to defend him, he has a huge knowledge and expertise related to security software (and other subjects). Yeah, he is (a bit) passionate and enthusiastic (I like that!), but he is very objective. I personally learned a lot from him, and I hope you'll learn too.
Xeno1234
Level 14
- Jun 12, 2023
- 684
If Threat Emulation is so good, why does it miss alot of things.
For example, in Malware Analysis forums, alot of the recent ones arent detected by emulation, but are detected by Triage.
For example, in Malware Analysis forums, alot of the recent ones arent detected by emulation, but are detected by Triage.
- Feb 7, 2023
- 2,349
There was one sample there that I saw not detected. I haven't seen any other. If you are talking about the stealers, they are very large and exceed the size. Nevertheless, they were still detected by Harmony even though they were missed by a lot of other products.
Xeno1234
Level 14
- Jun 12, 2023
- 684
Oh yeah, I looked and they exceeded the size. I wonder if other online sandboxes would have got it since checkpoint didnt. It seems it has good but not great anti-anti vm technology.
- Feb 7, 2023
- 2,349
It has great evasion resistance actually. The resistance is discussed technique by technique on evasions.checkpoint.com and Anti-Debug Tricks
There they discuss ways for malware to detect VMs and deliver different behaviour. I still haven't found samples that evade the analysis. They do evade Eset LiveGuard and Avast Cyber Capture though.
Xeno1234
Level 14
- Jun 12, 2023
- 684
Then what about the one that it missed? I dont see how a sandbox wouldnt detect something but behavior detection would it if isnt sandbox evasive
- Feb 7, 2023
- 2,349
You need to understand the types of sandboxes. Triage is a sandbox that provides on-demand analysis ONLY and as such, it can include aggressive static analysis engines. Triage decisions do not affect production systems at all and it is the same with any.run and others. They have high detection rates and very high false positives rate too. Check Point SandBlast, Palo Alto WildFire, CrowdStrike Falcon Sandbox, Eset LiveGuard are sandboxes that do affect production systems. They can't include these aggressive static analysis because they will delete half of your files.
Hope you understand now.
Xeno1234
Level 14
- Jun 12, 2023
- 684
Ahh. But its still malware. Is it just cause its less aggressive and doesnt detect it or no?You need to understand the types of sandboxes. Triage is a sandbox that provides on-demand analysis ONLY and as such, it can include aggressive static analysis engines. Triage decisions do not affect production systems at all and it is the same with any.run and others. They have high detection rates and very high false positives rate too. Check Point SandBlast, Palo Alto WildFire, CrowdStrike Falcon Sandbox, Eset LiveGuard are sandboxes that do affect production system. They can't include these aggressive static analysis because they will delete half of your files.
Hope you understand now.
- Feb 7, 2023
- 2,349
It's still malware but one can afford to call a lot of stuff "malware" which is the case with any.run. Upload 10 files there and it will classify 9 of them malware. The other one needs to have very high accuracy because. So yeah, this is why this particular sample wasn't detected by Check Point but was detected by Triage.
- Feb 7, 2023
- 2,349
No idea, if you go through this thread which became long largely due to your posts, 2 of them every time, you’ll see there is a lot detected. The malware analysis forum, there is nothing to test there
Just browse around.
- Feb 7, 2023
- 2,349
There is only one way to find out
To answer your question about BitLocker setting, yeah. It’s safe to leave on defaults.
@NormanF, I haven’t tried the posture management yet. Will do soon.
I understand that you have a point to make, but I would urge you to use more respectful language. It would be better to state your opinion without attacking others. It would be more productive to report your content than to have this kind of conversation.
Similar threads
