topic Re: Harmony not catching Browser exploit in cpcheckme in Endpoint

Harmony not catching Browser exploit in cpcheckme

adamec — Tue, 09 Jan 2024 15:46:04 GMT

Hi, we are testing Harmony endpoint complete in our organisation. I tried to turn on everything to prevent and turn on many defensive/preventive settings. But every time I run Check Me (cpcheckme.com) for Endpoint I always get Browser Exploit vulnerable. (see attached screenshot). Am i doing something wrong? we are deciding between ESET and Harmony. Or is there some best practice guide on how to configure Harmony endpoint for best security?

Any help much appreciated. Thanks

Re: Harmony not catching Browser exploit in cpcheckme

G_W_Albrecht — Tue, 09 Jan 2024 15:58:25 GMT

Look into sk115236:

Browser
Exploit

Network & Cloud

This test checks if your network is protected against Cross-Site Scripting (XSS).

CheckMe simulates this test by connecting to:

http://files.cpcheckme.com/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E

Endpoint

This test checks if your browser is exploit by simulating a shellcode execution in the Internet Explorer.

Improve your network security with Check Point Next Generation Threat Prevention and Endpoint Security that includes Intrusion Prevention System (IPS) and Anti Exploit blades.

Network & Cloud

Configure the IPS protections against Cross-Site Scripting (such as "Cross-Site Scripting Scanning Attempt") to "Prevent" mode.

Enable the IPS blade and ensure that IPS protections are up to date.
In case it is not possible to update the IPS protections to the latest release, enable the following IPS protection:

Cross-Site Scripting Scanning Attempt

Endpoint

Enable Anti-Exploit on your Check Point Endpoint Security to improve your security risk against exploits.

Note that Anti-Exploit protection is available from version E80.83

Re: Harmony not catching Browser exploit in cpcheckme

_Val_ — Wed, 10 Jan 2024 07:36:58 GMT

As already said, please check that you enabled Anti-Exploit feature in HE

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 08:25:26 GMT

@G_W_Albrecht @_Val_ Hi, so I checked and anti exploit is turned on to prevent. I have my rule base like on screenshot where rule number 0 is for my PC and rule number 1 is for entire organisation.

And the problem still persist still the only bulnerable check is Browser Exploit. What else could be wrong?

Thanks in advance

Re: Harmony not catching Browser exploit in cpcheckme

_Val_ — Wed, 10 Jan 2024 08:37:06 GMT

Just to make sure, your browser does show the Harmony Endpoint extension installed and active, right?

Re: Harmony not catching Browser exploit in cpcheckme

_Val_ — Wed, 10 Jan 2024 08:38:08 GMT

Also, can you please show the details about detected vulnerability? There might be some clues as well.

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 08:43:09 GMT

sure, harmony web protection extension is active in the browser.

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 08:47:25 GMT

It looks like Anti-Exploit blade does not even generate anti logs. see screenshot

Re: Harmony not catching Browser exploit in cpcheckme

_Val_ — Wed, 10 Jan 2024 08:52:40 GMT

Can you please open the relevant section in the CheckMe report? What does it say there?

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 09:08:12 GMT

Here yoou go

Re: Harmony not catching Browser exploit in cpcheckme

Chris_Atkinson — Wed, 10 Jan 2024 09:11:18 GMT

Is Harmony Endpoint (which version?) the only solution installed or is there also a 3rd party A/V in play here?

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 09:15:38 GMT

We used to have also ESET but for testing purposes we uninstalled ESET and currently only active and installed security solution is HArmony Endpoint version E87.62.2002

Re: Harmony not catching Browser exploit in cpcheckme

_Val_ — Wed, 10 Jan 2024 09:18:51 GMT

Ok, triple-check that your Anti-Exploit is properly configured, does not have any exceptions, and that you pushed the policy to the HA client in question.

If you still cannot figure it out, please open a TAC request to troubleshoot.

Re: Harmony not catching Browser exploit in cpcheckme

Chris_Atkinson — Wed, 10 Jan 2024 09:28:27 GMT

Ok maybe it wasn't uninstalled cleanly, see if sk154454 helps?

(Note may require TAC assistance if cloud managed to test this)

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 09:30:42 GMT

where should i connect to with GuiDBedit when we are using infinity portal -> harmony endpoint as a management?

Re: Harmony not catching Browser exploit in cpcheckme

Chris_Atkinson — Wed, 10 Jan 2024 09:37:32 GMT

I believe TAC may need to do this on your behalf if Cloud managed.

Otherwise if ESET have a "cleaner / removal" tool maybe try that to ensure it's gone...

Re: Harmony not catching Browser exploit in cpcheckme

adamec — Wed, 10 Jan 2024 09:38:48 GMT

okay i will try to look for eset cleaner first then reboot and try again. If the issue still persist I m gonna contact TAC.

Thanks all for your help so far