The Web Secure extension is included in ZoneAlarm AntiRansomware.
It incorporates Harmony Checkpoint honeypots.
It incorporates Harmony Checkpoint honeypots.
Harmony Endpoint Release Notes and Roadmaps
- Thread starter Trident
- Start date
- Feb 7, 2023
- 2,351
It includes more than just the honeypots, anti-ransomware includes the full cloud emulation for downloads and local files, which is the best weapon against ransomware. It also includes the full Endpoint Forensic Recorder engine (part of which is also Behavioural Guard) but it only reacts against ransomware. EFR uses a mixture of honeypots, local and cloud-based behavioural analysis.
The Extreme Security Package also includes reputation, offline reputation, Sophos (now with access to Live Protection), Anti-Bot and full behavioural guard.
- Feb 7, 2023
- 2,351
Announcing changes to Harmony Endpoint:
-Download and file emulation size limit boosted from 50 to 100MB.
-Added default-deny-like behaviour: download of files where emulation fails due to unknown password or exceeded size, can be suspended for added security.
-Added offline reputation: this is a 50MB database that contains fuzzy hashes of prevalent malicious files. There is no need for internet access to detect these files. Offline reputation is updated daily and used only when there is no connection.
-Added password-grabbing mechanism: archivers are now hooked so password is grabbed by the cloud emulator as user is typing it.
-Default engine changes: the default engine is no longer Kaspersky, it is now Sophos. The engine now scans all supported file formats, including scripts and shortcuts and also, has access to Sophos Live Protection (Sophos Cloud).
-It is now possible to run Harmony Endpoint without anti-malware engine* (in combination with Defender or other anti-malware solution), whilst still making use of all other blades.
*Though static analysis, online and offline reputation, and emulations remain available, manual scans are disabled. To run a scan, it will be necessary to use the anti-malware solution used. Engines will provide prevention only.
-Download and file emulation size limit boosted from 50 to 100MB.
-Added default-deny-like behaviour: download of files where emulation fails due to unknown password or exceeded size, can be suspended for added security.
-Added offline reputation: this is a 50MB database that contains fuzzy hashes of prevalent malicious files. There is no need for internet access to detect these files. Offline reputation is updated daily and used only when there is no connection.
-Added password-grabbing mechanism: archivers are now hooked so password is grabbed by the cloud emulator as user is typing it.
-Default engine changes: the default engine is no longer Kaspersky, it is now Sophos. The engine now scans all supported file formats, including scripts and shortcuts and also, has access to Sophos Live Protection (Sophos Cloud).
-It is now possible to run Harmony Endpoint without anti-malware engine* (in combination with Defender or other anti-malware solution), whilst still making use of all other blades.
*Though static analysis, online and offline reputation, and emulations remain available, manual scans are disabled. To run a scan, it will be necessary to use the anti-malware solution used. Engines will provide prevention only.
Last edited:
- Mar 17, 2023
- 496
"-It is now possible to run Harmony Endpoint without anti-malware engine (in combination with Defender or other anti-malware solution), whilst still making use of all other blades"
How do I accomplish that? Do I just uncheck the Antivirus blade from my client configuration and propagate it? or is there another method?
And well #####, regarding the NO Kaspersky, I was hoping to at least have the utility of KAV without the KSN now we are all back to running the janky Sophos module. Is there a way to switch back to KAV? I have no state secrets on my PC, if some spies want to see a collection of my Girls Gone Wifi then go ahead.
Oh and I thought the 100mb limit was always the case? I recall turning that on months ago...main reason why I went with checkpoint blade vs Zone alarm.
EDIT: Looks like lithify uk lost their rights to resale and their account got suspended.
Last edited:
- Feb 25, 2017
- 2,584
Those two points actually sound interesting. I get a slight need of wanting to test CheckPoint out. Would it be better to combine Harmony with another anti-malware solution, or is Sophos engine strong enough now?
- Feb 7, 2023
- 2,351
It was 50MB instead of 15 in ZoneAlarm and was then boosted to 100, for which you can thank me.
Just like for the default-deny behaviour, where not-emulated files are automatically discarded.
Kaspersky remains available under software deployment, for people who wish to use Check Point with Kaspersky engine. The Kaspersky Threat Intelligence Feeds are also part of Threat Cloud, so a lot of malicious files will be detected via fuzzy hashes, even if there is no Kaspersky engine installed locally.
Yes, to run it with Defender or other anti-malware (for example Avast only with AV component installed), just the anti-malware blade needs to be unchecked.
I have been running it with the Sophos engine all along. Gotta admit I am not hating it.
- Feb 7, 2023
- 2,351
The Sophos engine by itself is weaker than Kaspersky, there is no doubt there. But then when you add Threat Cloud with all the feeds, emulation with 60+ proprietary engines (and Bitdefender, which was used locally before Sophos), EFR, Anti-Bot (now with DNS filtering as well) and static analysis, the difference is melted.
Sophos however, has very very unnoticeable impact, even the updates are tiny, as now they are entirely incremental.
To add to that, I have created a few neat Application Control rules which would terminate execution of sophisticated malware, similar to how DI is doing it.
- Feb 25, 2017
- 2,584
Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit?
- Feb 7, 2023
- 2,351
I have been testing it all along. No chance for infection.Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit?
- Feb 25, 2017
- 2,584
Don't make me weak. Deep Instinct subscription is still available for 10 months
- Feb 25, 2017
- 2,584
I guess running Deep Instinct with Harmony is overkill tho. Probably not an option. I'll see what the future brings
- Feb 7, 2023
- 2,351
I am also working on a feature called ScamAssassin (trademark already pending registration) that will terminate remote access tools (and block their websites) such as TeamViewer, UltraViewer, AnyDesk and others.Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit?
- Feb 25, 2017
- 2,584
Definitely create a thread for that. Sounds interesting
- Feb 7, 2023
- 2,351
We didn’t really lack on scripts (by we I mean Check Point and us, MSSPs), CP was always very aggressive wherever obfuscation is used. For example, Win.PS.STRMNPL.A-C cover powershell scripts where string manipulation algorithms are used (such as replace and others). The fileless malware prevention is definitely very powerful.Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit?
Where we lack a bit (and I’ve fixed it) is *.js malware.
- Feb 25, 2017
- 2,584
- Mar 17, 2023
- 496
So what security and threat emulation will be retained in anti-malware scanner is unchecked...i.e. I would like to use ESET as my main?
So you find Sophos Lighter than KAV? Also what App rules to mirror DI did you create?>
So you find Sophos Lighter than KAV? Also what App rules to mirror DI did you create?>
- Feb 7, 2023
- 2,351
Yeah, Sophos as well creates some detections that target obfuscation but these are very weak. Emulation, as well as EFR (possibly anti-bot as well) would deal with these. But I have prohibited execution.O
oh, I meant Sophos by lacking behind. Don't get that wrong.
- Feb 7, 2023
- 2,351
The File Protection blade includes Online, Offline Reputation, Emulation for downloads, local files and Static Analysis. All that will remain, plus other blades like Application Control, Firewall, Full Disk Encryption, Anti-Bot and URL filtering, and everything else that you want to use.
- Mar 17, 2023
- 496
Do it! DO IT ! YOU KNOW YOU WANT TO!!!! DON"T WORRY YOUR WIFE WON"T MIND! YOU DON"T HAVE TO LET HER KNOW! It's JUST one more anti-malware solution! What could it hurt?I guess running Deep Instinct with Harmony is overkill tho. Probably not an option. I'll see what the future brings
Last edited:
- Feb 7, 2023
- 2,351
@cartaphilus , Lithify keeps selling under Checkpoint.direct. Whilst I am working to get them, Bitdefender and Deep Instinct (potentially Trend Micro as well) as a partner, you guys will have to deal with them 
Similar threads
