topic Re: Corporate Password Exposed in Endpoint

Corporate Password Exposed

64Bit — Fri, 28 Feb 2020 12:33:13 GMT

We have added two sites (vxrails) to SandBlast Agent Threat Extraction, Emulation and Anti-Exploit settings but we are still getting the same pop up when accessing one of our vxrails web console sites. Is there any where else we should be adding these sites as trusted corporate domain sites?

Re: Corporate Password Exposed

PhoneBoy — Sat, 29 Feb 2020 04:26:42 GMT

I'd get the TAC involved here.

Re: Corporate Password Exposed

RoD — Sat, 29 Feb 2020 08:33:47 GMT

I have using for trading stocks a lot off password for my trading software on my pc and laptops.

I do not want that Endpoint or any other CheckPoint software, check on or remember any of my password or user name.

Please tell me is it possible to complete disable this feature ?

Re: Corporate Password Exposed

PhoneBoy — Sun, 01 Mar 2020 02:27:14 GMT

The Password Reuse feature of Zero Phishing only remembers hashed versions of passwords on sites you've marked as internal to your organization.
It is never stored in plaintext anywhere.

In the screenshot provided by the original poster, you can see where to change this setting (it can be "Off").

Re: Corporate Password Exposed

RoD — Sun, 01 Mar 2020 07:33:34 GMT

Thank you 😀

Re: Corporate Password Exposed

64Bit — Thu, 05 Mar 2020 00:26:52 GMT

The issue was with Chrome. Even though browser cache was reset my machine would still show same message. Alternative browsers and a other machines showed that the Zero Phishing setting where being applied correctly. Since typing in the password rather than using remembered passwords in chrome seemed to have fixed the issue but that might have just been a coincidence.