Serious Discussion Harmony Endpoint by Check Point

simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,612
Trident said:
I’ve not deployed full disk encryption... Compliance and FDE are not necessary to a home user.
Click to expand...
fwiw, ditto that was my initial thought, have not deployed full disk encryption, I'd like to have (develop) a deeper understanding of 4 defaults + firewall before going beyond.
fwiw2, yesterday or last night I noticed my cpu chugging along at 46% & 33%, and it was Harmony forensics. Not sure what it was doing, but it was doing it for awhile without any input from me.
PS when when I say Harmony feels light at keyboard, I mean the system is snappy responsive, no sense of slowdown or delay.
PS2 have not spent much time with reports yet at deployed +2.5 days, not aware of any events :) but maybe report would explain the forensics cpu load :unsure:
 
  • Like
Reactions: Nevi, [correlate] and Trident
Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
likeastar20 said:
@Trident Which engine did you choose between Kaspersky and Sophos?
Click to expand...
I’ve chosen Sophos due to the reduced disk activity. Sophos divides their database in 2 parts. One part is about 250 MB and that’s modified only once a month. For the remaining 30 days it operates with 2-3 MB (copying the old one and creating a new one). It’s a very smart update mechanism. It also has cleaner detection names than Kaspersky.

It’s important to mention that Sophos engine has a very broad coverage of threats so it’s a good idea to remove the tick from “Skip archives and non-executables”.
 
simmerskool

simmerskool

Level 37
Verified
Top Poster
Well-known
Apr 16, 2017
2,612
Trident said:
I’ve chosen Sophos due to the reduced disk activity. Sophos divides their database in 2 parts. One part is about 250 MB and that’s modified only once a month. For the remaining 30 days it operates with 2-3 MB (copying the old one and creating a new one). It’s a very smart update mechanism. It also has cleaner detection names than Kaspersky.

It’s important to mention that Sophos engine has a very broad coverage of threats so it’s a good idea to remove the tick from “Skip archives and non-executables”.
Click to expand...
A reason to tweak. Where's Waldo? I'm trying to imagine where to find that "tick" in the Infinity portal ;) Don't tell me, I need a challenge today :ROFLMAO: If I don't find it in 10 hours or so, I'll howler for help. And maybe I'll surprise myself and find it in a minute or 2... :ROFLMAO::ROFLMAO:
 
  • HaHa
  • Like
Reactions: Nevi, kev7 and Trident
Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
NormanF said:
Their Quantum product for the corporate environment is impressive! We can see the trickle down benefit of new security innovation to the endpoint user where small businesses and individuals will be protected from emerging zero day threats in a timely and cost-effective manner.
Click to expand...
This innovation affects harmony as well. For example the new AI engine that blocks machine-generated domains and DNS tunnelling attacks is on the ThreatCloud, so we benefit from that as well. The Zero-Phishing is getting implemented on Quantum now but it was available prior to that on Harmony and ZoneAlarm.
 
  • Like
Reactions: kev7 and simmerskool
N

NormanF

Level 9
Verified
Jan 11, 2018
404
Trident said:
This innovation affects harmony as well. For example the new AI engine that blocks machine-generated domains and DNS tunnelling attacks is on the ThreatCloud, so we benefit from that as well. The Zero-Phishing is getting implemented on Quantum now but it was available prior to that on Harmony and ZoneAlarm.
Click to expand...

Like the new browser extension. It does two things: figure out a threat and block it and perform secure downloads. If the file allowed however, exceeds a certain size, that will be handled by your normal browser download window. I'd like to see the limitation resolved in a future update.
 
Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
NormanF said:
Like the new browser extension. It does two things: figure out a threat and block it and perform secure downloads. If the file allowed however, exceeds a certain size, that will be handled by your normal browser download window. I'd like to see the limitation resolved in a future update.
Click to expand...
The limitation of 50 MB was recently raised, it used to be 15. They may raise again in the future, but apart from the cloud emulation, there is a local one as well. Also, even files not downloaded through the browser or extension are sent for emulation as well.

The extension also cleans up documents from executable content, but even without the extension, they will be cleaned up as well.
 
  • Like
Reactions: Nevi, kev7 and simmerskool
N

NormanF

Level 9
Verified
Jan 11, 2018
404
Trident said:
The limitation of 50 MB was recently raised, it used to be 15. They may raise again in the future, but apart from the cloud emulation, there is a local one as well. Also, even files not downloaded through the browser or extension are sent for emulation as well.

The extension also cleans up documents from executable content, but even without the extension, they will be cleaned up as well.
Click to expand...

Downloads of more than 50 MB can't be securely handled and these are usually software downloads. For example, Checkpoint's own customised software packages are in the region of 800-900 MB.
 
Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
NormanF said:
Downloads of more than 50 MB can't be securely handled and these are usually software downloads. For example, Checkpoint's own customised software packages are in the region of 800-900 MB.
Click to expand...
These will be handled by other components later on if they are malware. For example PrivateLoader which is inflated seems not to be a problem for CheckPoint. It is a problem for Norton, Defender and many others.
 
  • Like
Reactions: simmerskool
L

likeastar20

Level 9
Verified
Mar 24, 2016
422
Trident said:
The biggest feed provider is Kaspersky (McAfee for their business products is subscribed to Kaspersky too), second biggest is Cisco Talos (many vendors are subscribed to Cisco). Many other vendors supply certain sort of feeds, like Avast for example supplies code signatures blacklist. Other vendors provide spam emails. It’s a lot of external data in ThreatCloud.
Click to expand...
Interesting. And for their sandbox?(You mentioned BitDefender, what else?)
 
  • Like
Reactions: Trident

Similar threads

Trident
    • +Reputation
    • Thanks
New Update Announcing End of Life for Kaspersky Engine in Harmony Endpoint
Replies
14
Views
1,252
Other security for Windows, Mac, Linux
Trident
Trident
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review CheckPoint Harmony Endpoint Security 2024
Replies
40
Views
3,495
Video Reviews - Security and Privacy
Vitali Ortzi
Vitali Ortzi
Vitali Ortzi
    • Like
    • +Reputation
Serious Discussion [Extension]Checkpoint harmony web protection
Replies
20
Views
1,099
Web Extensions
Vitali Ortzi
Vitali Ortzi

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top