Threat Prevention

in Threat Prevention5 days ago (Show more)

EternalBlue: 1000s of machines still vulnerable

EternalBlue is the a software vulnerability in Microsoft's Windows operating system. It is "Windows SMB Remote Code Execution Vulnerability", and described in CVE-2017-144. The vulnerability exploits Microsoft server message block 1.0 (SMBv1) - a network file sharing protocol. It allows remote attackers to execute arbitrary code via crafted… (Show more)

Luis Borralho in Threat Prevention7 days ago (Show more)

Blocking TOR Exit nodes with scripting

Hello guys! I'm planning to block all of TOR exit nodes using Checkpoint scripts created for that purpose, see link below. How to block traffic coming from known malicious IP addresses My question is this.. Will these exit nodes be append to the SAM Rule, or when it updates the SAM Rule will it clean all my SAM Rules already created… (Show more)

1 replyShow more activity

Dameon Welch Abernathy

(to Luis Borralho) 7 days ago (Show more Show less)

That SK uses the fw samp mechanism, which is completely different from SAM rules. Note fw samp is SecureXL friendly and is more efficient than using SAM rules.

Actions

Olga Kuts in Threat Prevention2 weeks ago (Show more)

Block traffic coming from known malicious IP addresses

How can we block traffic coming from known dynamic list of malicious IP addresses using SmartConsole? (Not through the ssh console as described in sk103154)

3 repliesShow more activity

Dameon Welch Abernathy

(to Ryan St. Germain) 1 week ago (Show more Show less)

That's another possibility as well.

Actions

Varun Arora in Threat Prevention3 weeks ago (Show more)

Does 61000 support custom Threat indicators in any version

Threat Prevention has a option to add custom indicators from R77.20 and above. However, 61000 versions are R76SP.X. Does 61000 support the deployment of custom indicators in any version. We are running 61000 in R76SP.40 in VSX mode.

7 repliesShow more activity

Gera Dorfman

(to Varun Arora) 2 weeks ago (Show more Show less)

SNORT rules would be tricky and not optimal for such requirement. Meanwhile you can use fast packet drop feature - note that the configuration is on the gateway and not on the management. Check Fast Packet Drop feature in 61k Admin Guide…

Actions

Kaushal Varshney

in Threat Prevention3 weeks ago (Show more)

Petya stopped and analyzed by Anti Ransomware

A massive attack erupted on June 27 worldwide by a variant of Petya, a ransomware that encrypts the entire hard-drive rather than each file individually. This attack by Petya crippled many large banks, government offices and private companies worldwide. Check Point customers, using the SandBlast Agent with Anti-Ransomware technology, remain… (Show more)

2 repliesShow more activity

Jony Fischbein

(to Kaushal Varshney) 3 weeks ago (Show more Show less)

Great job guys!

Actions

Dameon Welch Abernathy

in Threat Prevention3 weeks ago (Show more)

IPS Self Help Guide for R80.10

This document helps IPS users answer the most common questions that arise when dealing with IPS issues. Also available in SecureKnowledge as: IPS Self Help Guide

Dameon Welch Abernathy

in Threat Prevention3 weeks ago (Show more)

Worldwide Outbreak of Petya Ransomware

A massive attack erupted today (June 27) worldwide, with a high concentration of hits in Ukraine – including the Ukrainian central bank, government offices and private companies. While the malware used is yet undetermined, some researchers are speculating it to be a variant of Petya, a ransomware that encrypts the entire hard-drive rather than… (Show more)

5 repliesShow more activity

Moti Sagey

(to Dameon Welch Abernathy) 3 weeks ago (Show more Show less)

IMPORTANT: A single infected system on the network possessing administrative credentials is capable of spreading this infection to all the other computers through WMI or PSEXEC. Meaning fully patched windows 10 can be infected

Actions

Henrik Noerr in Threat Prevention1 year ago (Show more)

rss feed of security advisories

Hi, Do you have a rss feed available security advisories regarding Check Point products? I think this is vital for monitoring new security issues. I have found a rss covering all the IPS protections at Check Point but that is information overload. The only provided methods of receiving Check Point specific advisories are by mail or by… (Show more)

3 repliesShow more activity

Luis Borralho in Threat Prevention3 months ago (Show more)

SNORT Rules and Checkpoint R77.30 IPS

Hello guys! I prepared a SNORT rule to drop DoS tools patterns like traffic, the rule is working fine, can you tell after how much time will the FW send the IP's attacking the network after matching the rule? Or is there a way to put in the snort rule a way like send to sam or not? Because I know that for snort there is snortsam a plugin… (Show more)

5 repliesShow more activity

Manage

Recent Activity