I was testing checkpoint yesterday and I am wondering, why were some files not sent for threat emulation (the emulation outside of the extension) These files were under 50mb and were types that were supported by the engine.
According to AV Comparatives, Harmony lacks a hook for the Kernal Space, and cannot monitor API calls within the Kernel. Is this true, and if so, what impact does this have on its detection capabilities?
Harmony utilizes many methods. You have threat emulation, threat reputation, Kaspersky /Sophos and CheckPoint Harmony local anti malware engines, and a anti-ransomware component which places honeypot files on the PC, and if they are modified, it remediates the infection.
The Honey Pot Component is the last line of defense, and is bypassed by anti-honeypot ransomware.