New Update Harmony Endpoint Release Notes and Roadmaps

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
The Web Secure extension is included in ZoneAlarm AntiRansomware.

It incorporates Harmony Checkpoint honeypots.
It includes more than just the honeypots, anti-ransomware includes the full cloud emulation for downloads and local files, which is the best weapon against ransomware. It also includes the full Endpoint Forensic Recorder engine (part of which is also Behavioural Guard) but it only reacts against ransomware. EFR uses a mixture of honeypots, local and cloud-based behavioural analysis.

The Extreme Security Package also includes reputation, offline reputation, Sophos (now with access to Live Protection), Anti-Bot and full behavioural guard.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Announcing changes to Harmony Endpoint:
-Download and file emulation size limit boosted from 50 to 100MB.
-Added default-deny-like behaviour: download of files where emulation fails due to unknown password or exceeded size, can be suspended for added security.
-Added offline reputation: this is a 50MB database that contains fuzzy hashes of prevalent malicious files. There is no need for internet access to detect these files. Offline reputation is updated daily and used only when there is no connection.
-Added password-grabbing mechanism: archivers are now hooked so password is grabbed by the cloud emulator as user is typing it.
-Default engine changes: the default engine is no longer Kaspersky, it is now Sophos. The engine now scans all supported file formats, including scripts and shortcuts and also, has access to Sophos Live Protection (Sophos Cloud).
-It is now possible to run Harmony Endpoint without anti-malware engine* (in combination with Defender or other anti-malware solution), whilst still making use of all other blades.

*Though static analysis, online and offline reputation, and emulations remain available, manual scans are disabled. To run a scan, it will be necessary to use the anti-malware solution used. Engines will provide prevention only.
 
Last edited:

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
541
Announcing changes to Harmony Endpoint:
-Download and file emulation size limit boosted from 50 to 100MB.
-Added default-deny-like behaviour: download of files where emulation fails due to unknown password or exceeded size, can be suspended for added security.
-Added offline reputation: this is a 50MB database that contains fuzzy hashes of prevalent malicious files. There is no need for internet access to detect these files. Offline reputation is updated daily and used only when there is no connection.
-Added password-grabbing mechanism: archivers are now hooked so password is grabbed by the cloud emulator as user is typing it.
-Default engine changes: the default engine is no longer Kaspersky, it is now Sophos. The engine now scans all supported file formats, including scripts and shortcuts and also, has access to Sophos Live Protection (Sophos Cloud).
-It is now possible to run Harmony Endpoint without anti-malware engine (in combination with Defender or other anti-malware solution), whilst still making use of all other blades.
"-It is now possible to run Harmony Endpoint without anti-malware engine (in combination with Defender or other anti-malware solution), whilst still making use of all other blades"

How do I accomplish that? Do I just uncheck the Antivirus blade from my client configuration and propagate it? or is there another method?

And well #####, regarding the NO Kaspersky, I was hoping to at least have the utility of KAV without the KSN now we are all back to running the janky Sophos module. Is there a way to switch back to KAV? I have no state secrets on my PC, if some spies want to see a collection of my Girls Gone Wifi then go ahead.

Oh and I thought the 100mb limit was always the case? I recall turning that on months ago...main reason why I went with checkpoint blade vs Zone alarm.

EDIT: Looks like lithify uk lost their rights to resale and their account got suspended.
 
Last edited:

Kongo

Level 37
Verified
Top Poster
Well-known
Feb 25, 2017
2,603
-Default engine changes: the default engine is no longer Kaspersky, it is now Sophos. The engine now scans all supported file formats, including scripts and shortcuts and also, has access to Sophos Live Protection (Sophos Cloud).
-It is now possible to run Harmony Endpoint without anti-malware engine* (in combination with Defender or other anti-malware solution), whilst still making use of all other blades.
Those two points actually sound interesting. I get a slight need of wanting to test CheckPoint out. Would it be better to combine Harmony with another anti-malware solution, or is Sophos engine strong enough now?
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Oh and I thought the 100mb limit was always the case? I recall turning that on months ago...main reason why I went with checkpoint blade vs Zone alarm.
It was 50MB instead of 15 in ZoneAlarm and was then boosted to 100, for which you can thank me.
Just like for the default-deny behaviour, where not-emulated files are automatically discarded.

Kaspersky remains available under software deployment, for people who wish to use Check Point with Kaspersky engine. The Kaspersky Threat Intelligence Feeds are also part of Threat Cloud, so a lot of malicious files will be detected via fuzzy hashes, even if there is no Kaspersky engine installed locally.

Yes, to run it with Defender or other anti-malware (for example Avast only with AV component installed), just the anti-malware blade needs to be unchecked.

I have been running it with the Sophos engine all along. Gotta admit I am not hating it.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Those two points actually sound interesting. I get a slight need of wanting to test CheckPoint out. Would it be better to combine Harmony with another anti-malware solution, or is Sophos engine strong enough now?
The Sophos engine by itself is weaker than Kaspersky, there is no doubt there. But then when you add Threat Cloud with all the feeds, emulation with 60+ proprietary engines (and Bitdefender, which was used locally before Sophos), EFR, Anti-Bot (now with DNS filtering as well) and static analysis, the difference is melted.

Sophos however, has very very unnoticeable impact, even the updates are tiny, as now they are entirely incremental.

To add to that, I have created a few neat Application Control rules which would terminate execution of sophisticated malware, similar to how DI is doing it.
 

Kongo

Level 37
Verified
Top Poster
Well-known
Feb 25, 2017
2,603
The Sophos engine by itself is weaker than Kaspersky, there is no doubt there. But then when you add Threat Cloud with all the feeds, emulation with 60+ proprietary engines (and Bitdefender, which was used locally before Sophos), EFR, Anti-Bot (now with DNS filtering as well) and static analysis, the difference is melted.
Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit? :unsure:
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit? :unsure:
I am also working on a feature called ScamAssassin (trademark already pending registration) that will terminate remote access tools (and block their websites) such as TeamViewer, UltraViewer, AnyDesk and others.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Thanks for letting me know. It was always lacking behind with script protection. Did you already test that a little bit? :unsure:
We didn’t really lack on scripts (by we I mean Check Point and us, MSSPs), CP was always very aggressive wherever obfuscation is used. For example, Win.PS.STRMNPL.A-C cover powershell scripts where string manipulation algorithms are used (such as replace and others). The fileless malware prevention is definitely very powerful.

Where we lack a bit (and I’ve fixed it) is *.js malware.
 

Kongo

Level 37
Verified
Top Poster
Well-known
Feb 25, 2017
2,603
O
We didn’t really lack on scripts (by we I mean Check Point and us, MSSPs), CP was always very aggressive wherever obfuscation is used. For example, Win.PS.STRMNPL.A-C cover powershell scripts where string manipulation algorithms are used (such as replace and others). The fileless malware prevention is definitely very powerful.
oh, I meant Sophos by lacking behind. Don't get that wrong. 😅
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
So what security and threat emulation will be retained in anti-malware scanner is unchecked...i.e. I would like to use ESET as my main?
The File Protection blade includes Online, Offline Reputation, Emulation for downloads, local files and Static Analysis. All that will remain, plus other blades like Application Control, Firewall, Full Disk Encryption, Anti-Bot and URL filtering, and everything else that you want to use.
 

cartaphilus

Level 11
Verified
Top Poster
Well-known
Mar 17, 2023
541
I guess running Deep Instinct with Harmony is overkill tho. Probably not an option. I'll see what the future brings (y)
Do it! DO IT ! YOU KNOW YOU WANT TO!!!! DON"T WORRY YOUR WIFE WON"T MIND! YOU DON"T HAVE TO LET HER KNOW! It's JUST one more anti-malware solution! What could it hurt?

emp.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top