topic Re: HARMONY ENDPOINT DIGITAL SIGNATURED FILES in Endpoint

HARMONY ENDPOINT DIGITAL SIGNATURED FILES

ikokkoris — Wed, 02 Aug 2023 09:56:47 GMT

Hello,

I have noticed that Treat Extraction removes digital signatures from pdf documents (.cleaned) and makes them being invalid.

In Threat Prevention Policy -> Web & Files Protection -> Advanced Settings -> Download Protection -> Extract potential malicious elements -> Elements to Extract, everything is checked.

Is there any chance digital signatures fall under one of these categories and after unchecking them, digital signatures are not removed from Threat Extracted pdf files?

I know that I can only emulate these files or just exclude the relevant URLs, but it is not suittable in my case.

Regards,

Ioannis

Re: HARMONY ENDPOINT DIGITAL SIGNATURED FILES

_Val_ — Fri, 04 Aug 2023 10:25:28 GMT

I do not think it si possible. However, there should be an option to request an original file.

Re: HARMONY ENDPOINT DIGITAL SIGNATURED FILES

PhoneBoy — Mon, 21 Aug 2023 23:18:00 GMT

If we left the digital signature in there, it would be invalid since the file served to the user is different from it's original and the signature is based on the file contents.
This means we would have to generate a new digital signature for the cleaned file.
This is probably an RFE and if this is a hard requirement, I suggest engaging with your local Check Point office.

Re: HARMONY ENDPOINT DIGITAL SIGNATURED FILES

ikokkoris — Tue, 22 Aug 2023 07:43:44 GMT

Hi,

As informed from TAC, we excluded the relevant URLs from Threat Emulation and the problem is solved.