Whatever vendor you choose, you get a level of protection configured to your needs. Trident asks if the stuff in the home and business products is more or less the same, why install a business application like Harmony? The short answer is granularity because of all the tweak options available. There's lots of room for customisation from the range of features offered. Some people may need/want it because on the home end of the security market, only the necessary features are included as you go up a product tier and its pretty much locked down and preconfigured.
Harmony Endpoint by Check Point
- Thread starter Trident
- Start date
Whatever vendor you choose, you get a level of protection configured to your needs. Trident asks if the stuff in the home and business products is more or less the same, why install a business application like Harmony? The short answer is granularity because of all the tweak options available. There's lots of room for customisation from the range of features offered. Some people may need/want it because on the home end of the security market, only the necessary features are included as you go up a product tier and its pretty much locked down and preconfigured.
- Feb 7, 2023
- 2,349
I never asked that, I asked about Bitdefender which offers nothing on top of the home products (almost). The configuration options shown by @likeastar20 on the GZ portal were minimal. Bitdefender is a home-first brand and they should stay “in their river” where small players like them belong. They may have nailed those AV-Test useless tests but to protect a business, a lot more than that is needed.
The equivalent to Harmony for home users is ZoneAlarm and that’s put into a mild mode and totally striped out of configuration. It doesn’t scan archives and non-executables, doesn’t scan scripts and doesn’t perform web filtering outside of the web browser. It handles only high confidence detections from anti-bot and static analysis and doesn’t treat riskware/PUPs.
Anti-bot is there but it doesn’t hold connections until they are authorised, it allows the connection and continues to inspect in the background.
Emulation is limited to 15MB.
There is no Kaspersky option and all engines are much older (86.67.19 vs 87.30).
So all Harmony Endpoint extras aside and roughly comparing just the threat prevention engines, Harmony is on a totally different level than ZA.
- Jan 6, 2022
- 520
Yeah. Also where in infinity portal can I submit files. I've been using the old page forever
- Feb 7, 2023
- 2,349
Submitting threats requires contacting support or sending an email to cpr@checkpoint.com. Submitting files for emulation, you can just drag them on top of the browser. Make sure you allow the extension to access local files first.
- Jan 6, 2022
- 520
- Feb 7, 2023
- 2,349
That’s how you can clean any old document using threat extraction (CDR) too.
- Jan 6, 2022
- 520
- Apr 16, 2017
- 2,610
but until I saw your post about this, I had no reason to give this much thought. I've been busy with some other stuff past few days and have not spent enough time going thru the infinity manual to feel "comfortable" with the mostly default settings. For protection that offers so much, it is surprisingly light at keyboard, no slowdowns, I like the alerts while surfing.
- Feb 7, 2023
- 2,349
Unlike ZoneAlarm, there are search indicators as well. I suggest you perform few changes. The most important one is to enable scanning of scripts in websites. This detects malware such as Magecart that is injected in web pages with vulnerable architecture behind them (not in ZoneAlarm). You can perform other important changes as wll, simply by changing the policy to “strict”.
- Apr 16, 2017
- 2,610
thanks for sharing the legacy UI, I like how it looks as posted but have not changed it yet.
I vaguely recall I may have done that re scripts, but I'll doublecheck tonight.
- Jan 6, 2022
- 520
How the hell do they manage that. I know it now scans local html files for phishing but didn't know this
- Feb 7, 2023
- 2,349
They send web scripts for emulation I noticed. Threat emulation seems to contain few signatures, Bitdefender one JS.Trojan.Cryxos and the Check Point one mentions Magecart. This is another thing they are leaders at, accurately identifying the malware family.
Scanning local files is needed, I noticed attacks where HTML phishing page is added to attachments instead of being linked. They’ve probably implemented it in response to that.
- Jan 6, 2022
- 520
Yeah they scan local html files now.
@Trident Harmony Mobile also prevents Bluetooth attacks. Check Point is insane! Even if you pop (hack) a device, the device anomaly and integrity alerts will flag... Furthermore you can isolated and block that device from accessing your environment.
Checkpoint is Holistic and Defense in Depth to the CORE!
Customized Harmony Mobile on hardened Pixels with Google Silicon feels nice
Last edited:
2 questions
I believe its threat emulation using the sandbox has a limited file size of 50MB. Correct me if I'm wrong. I'm downloading movies in GB or at least a few hundred MB for a movie. So does the sandbox works in this instance?
It mentions Port Protection. Refers to firewall or USB port protection?
Thanks
I believe its threat emulation using the sandbox has a limited file size of 50MB. Correct me if I'm wrong. I'm downloading movies in GB or at least a few hundred MB for a movie. So does the sandbox works in this instance?
It mentions Port Protection. Refers to firewall or USB port protection?
Thanks
- Feb 7, 2023
- 2,349
Threat emulation doesn’t support video formats, they can only contain exploits. There is additional exploit protection based on monitoring memory operations (1) and also, based on behaviour + network events also known as ThreatSpect engine/Anti-Bot (2). The 73 file types supported by emulation are listed in the first post of this thread.
If “skip archives and non-executables” is disabled, movie files will be scanned for exploits with the anti-malware engine (Sophos or Kaspersky) as well.
Media Encryption and Port protection refers to data leakage protection and the icon is a tap with a ban on it. It disables usage of physical ports and encrypts portable devices with a password in case they are lost/stolen.
There is network port protection in firewall as well.
So you are saying file formats not supported by threat emulation will be scanned. Will this scan be automatic or manual? Also, if files are downloaded, by say IDM or other similar 3rd-party downloading programs, will the files be scanned as well, automatic or manual? Scan after download, upon access or what?
If I'm not wrong I don't remember seeing my BTS scan movie files after downloading using IDM nor upon access.
- Feb 7, 2023
- 2,349
Documents pass through the Content Disarm and Reconstruction (regardless how they are downloaded) which simultaneously removes ALL executable content (with the malware inside if there is such) such as macros, ole objects and others. They are also emulated and if emulation concludes they are safe, the original version becomes available to download. Check Point says majority of customers never download original versions.
Other downloads up to 50 MB get emulated and not scanned anymore if emulation concludes they are safe.
Everything not supported by Content Disarm and Reconstruction, and emulation will be scanned with anti-malware engine and its reputation will be checked in ThreatCloud where various companies supply feeds of malicious hashes. Behaviour will then be monitored by Behavioural Guard, Anti-Exploit, Anti-Ransomware and finally, Anti-Bot will block communications that seem malicious.
Btw, the anti-ransomware restoration module has a very granular configuration. You can choose file extensions that will be covered and you can specify maximum file size.
Last edited:
Can a movie file be checked for reputation? And a home-made movie can also be checked for reputation?
- Feb 7, 2023
- 2,349
That would be pointless. Kaspersky, Cisco Talos or other feed providers must see the file to put it on blacklist. There is no way your movie will be uploaded by Kaspersky and hence it will be pointless to calculate reputation of video files. Kaspersky and Sophos (in the extremely rare cases movie is malicious) will create the necessary signatures or the exploit will be blocked by components mentioned in a previous post.
@Trident
Your Quote
Btw, the anti-ransomware restoration module has a very granular configuration. You can choose file extensions that will be covered and you can specify maximum file size.
Unquote
Files Backup/Restore vs System Backup/Restore
I'm not in favor of files backup/restoration. I prefer system backup/restore.
Your Quote
Btw, the anti-ransomware restoration module has a very granular configuration. You can choose file extensions that will be covered and you can specify maximum file size.
Unquote
Files Backup/Restore vs System Backup/Restore
I'm not in favor of files backup/restoration. I prefer system backup/restore.
Similar threads
