Conflict between Check Point Endpoint Security and Cynet: Unable to Suppress Tamper Alerts

Cymone92 — Wed, 02 Oct 2024 12:37:20 GMT

Hi everyone,

I'm facing a challenging issue between Check Point Endpoint Security and Cynet on our network, and I'm hoping someone here might have some insights or solutions.

The Situation:

Exclusions Set: I've configured exclusions in both the Check Point and Cynet consoles for their respective XDR and antivirus components.

Persistent Alerts: Despite these exclusions, Cynet continues to generate anti-tamper alerts whenever Check Point's antivirus operates. This results in constant email notifications and alerts that are becoming quite disruptive.

Support Tickets: I've opened two tickets with Cynet and two with Check Point to resolve this, but the problem persists.

What We've Tried and Learned:

From Cynet Support:

They confirmed that anti-tamper alerts are treated as special alerts and cannot be silenced or excluded via allowlists.

Cynet cannot exclude an alert from the anti-tamper module, so the alerts and notifications will continue.

From Check Point Support:

They suggested upgrading the client and then uninstalling the Anti-Malware component of their E2 engine.

Check Point advises that their antivirus engine cannot run alongside third-party AV solutions and recommends disabling it to prevent triggering Cynet.

Our Attempts:

Allowlisting in Cynet: Created allowlist entries to prevent alerts regarding "attempt to terminate Cynet" from processes like Task Manager. Unfortunately, this didn't stop the alerts.

Communication with Both Supports: Both vendors seem to suggest that their products aren't fully compatible with third-party solutions in this context.

Exclusions in Check Point: Even after setting folder exclusions in Check Point, it seems to still scan those folders and attempts to interact with Cynet processes.

The Dilemma:

Cynet's Stance: Cannot silence anti-tamper alerts.

Check Point's Stance: Recommends disabling their antivirus component to avoid conflicts.

Our Goal: To have both security solutions running concurrently without constant false-positive alerts or having to disable essential components.

Questions

Has anyone experienced similar conflicts between Check Point Endpoint Security and Cynet?

Is there a way to configure either product to better coexist without disabling AV security features?

PS: Performance: We aren't experiencing performance issues or file access problems—it's primarily about the alerts.Versions: We're using up-to-date versions of both products where possible.Environment: The issue occurs across multiple tenants and client IDs within our organization.

Thank you in advance

Re: Conflict between Check Point Endpoint Security and Cynet: Unable to Suppress Tamper Alerts

PhoneBoy — Wed, 02 Oct 2024 20:07:30 GMT

Knowing what versions of all components are used and exactly what you’ve tried to configure (with screenshots) might be helpful.

Having said that, you have two products performing a similar task operating in the same privileged area of the OS kernel.
They also both have anti-tampering mechanisms in place to ensure malicious software doesn’t impact their ability to protect your systems.
Even if you manage to get this working, a change in either product might recreate the situation you’re trying to avoid (or worse).

Which raises the question: what is the business reason driving this request?

topic Conflict between Check Point Endpoint Security and Cynet: Unable to Suppress Tamper Alerts in Endpoint

Conflict between Check Point Endpoint Security and Cynet: Unable to Suppress Tamper Alerts

Re: Conflict between Check Point Endpoint Security and Cynet: Unable to Suppress Tamper Alerts