https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26163#M288 <HTML><HEAD></HEAD><BODY><P><A href="https://blog.checkpoint.com/2018/06/13/introducing-cadet-ai-technology-in-action/">https://blog.checkpoint.com/2018/06/13/introducing-cadet-ai-technology-in-action/</A></P><P>這個先進的ML技術可大大強化TE對於未知惡意程式的模擬效率與準確度，也是Check Point結合AI用於資安防禦技術的開端! 相信接下來會有更多的AI應用於SandBlast/Threat Prevention中。</P></BODY></HTML> Mon, 18 Jun 2018 16:03:18 GMT Danny_Yang 2018-06-18T16:03:18Z https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26159#M284 <HTML><HEAD></HEAD><BODY><P>Hi, 請留意目前最新的TE engine 7更新資訊。(版本: 57.99002577)</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk95235">sk95235 Threat Emulation Engine Update - What's New?</A></P><P></P><P style="margin: 0in 0in 0pt;"><STRONG style=": ; color: #000000; text-decoration: underline; font-size: medium; font-family: Calibri;">What’s New:</STRONG></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #ff0000; font-family: Calibri; font-size: medium;">CADET (Context-Aware&nbsp;Detection and&nbsp;Elimination of&nbsp;Threats)</SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">CADET improves Threat Emulation precision by incorporating all existing Threat Emulation features in Machine Learning (ML) mode. ML is tuned to improve accuracy, increasing the number of threats detected and reducing the number of false positives. </SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;"><EM>Currently, CADET focuses on executable files, and applies only to cloud emulations</EM>.</SPAN></P><P style="margin: 0in 0in 0pt;"><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">&nbsp;</SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;"><SPAN style="color: #ff0000;">Threat Prevention by file source URL.</SPAN> </SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000; font-family: Calibri; font-size: medium;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">Improved Static Macro analyzer. Improved detection of malicious macros in Office documents.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000; font-size: medium; font-family: Calibri;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">Improved executable file analysis performance by approximately 40%.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000; font-size: medium; font-family: Calibri;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;"><SPAN style="color: #ff0000;">YARA for all file support – Early Availability</SPAN>. This feature is currently off by default. To enable, see </SPAN><A href="http://supportcontent.checkpoint.com/solutions?id=sk123156"><SPAN style="color: #0000ff; text-decoration: underline; font-size: medium; font-family: Calibri;">sk123156</SPAN></A><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000; font-size: medium; font-family: Calibri;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-size: medium; font-family: Calibri;">New anti-evasion techniques. </SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #0000ff; font-size: medium; font-family: Calibri;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #ff0000; font-family: Calibri; font-size: medium;">Additional features in Threat Emulation reports:</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN><SPAN style="font-size: medium;"><SPAN style="background: white; font-family: Calibri;">Added &nbsp;</SPAN><SPAN style="background: white; font-family: 'Courier New';">tecli</SPAN><SPAN style="background: white; font-family: Calibri;"> command for configuring the malicious file password.</SPAN></SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN><SPAN style="background: white; font-size: medium; font-family: Calibri;">Added HTTP attack vector which includes the download source URL and its reputation.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN><SPAN style="background: white; font-size: medium; font-family: Calibri;">Added time stamp to the attack vector. </SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN><SPAN style="background: white; font-size: medium; font-family: Calibri;">Added the option to download packet capture.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN><SPAN style="background: white; font-size: medium; font-family: Calibri;">Show the entire file path for archive/dropped/embedded descendants.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: 'Courier New';">o</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp; </SPAN><SPAN style="background: white; font-size: medium; font-family: Calibri;">Show emulation video instead of static screenshots.</SPAN></SPAN></P><P style="margin: 0in 0in 0pt 0.75in;"><SPAN style="color: #000000; background: white; font-size: medium; font-family: Calibri;">&nbsp;</SPAN></P><P style="margin: 0in 0in 0pt 0.5in; text-indent: -0.25in;"><SPAN style="color: #000000;"><SPAN style="font-size: medium; font-family: Symbol;">·</SPAN><SPAN style="font-family: 'Times New Roman','serif'; font-size: 7pt;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">Improved Cloud Emulation queue wait time by approximately 50%.</SPAN></P><P style="margin: 0in 0in 0pt;"><SPAN style="color: #000000; font-family: Calibri; font-size: medium;">&nbsp;</SPAN></P><P><SPAN style="font-size: 15px;"><BR /></SPAN></P><P></P><P><SPAN style="font-size: 15px;"><STRONG style=": ; color: #000000; background: white; font-size: medium; font-family: Calibri,Century Gothic;">&nbsp;</STRONG></SPAN></P><P><SPAN style="color: #000000; font-size: medium; font-family: Times New Roman;"> </SPAN></P></BODY></HTML> Fri, 25 May 2018 04:02:44 GMT https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26159#M284 Danny_Yang 2018-05-25T04:02:44Z https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26160#M285 <HTML><HEAD></HEAD><BODY><P>AI技術應用已經整合至TE Engine中了!</P></BODY></HTML> Fri, 25 May 2018 04:04:43 GMT https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26160#M285 Danny_Yang 2018-05-25T04:04:43Z https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26161#M286 <HTML><HEAD></HEAD><BODY><P>目前KB資訊尚未更新，後續可參考詳細說明。</P></BODY></HTML> Fri, 25 May 2018 04:05:44 GMT https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26161#M286 Danny_Yang 2018-05-25T04:05:44Z https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26162#M287 <HTML><HEAD></HEAD><BODY><P>Latest update:</P><P>TE Engine 7.1.1(Engine:57.990002623)</P><P>開始可支援自訂YARA Rule(開源的惡意程式特徵碼工具)</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portaleventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123156">https://supportcenter.checkpoint.com/supportcenter/portaleventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk123156</A></P></BODY></HTML> Mon, 18 Jun 2018 15:58:51 GMT https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26162#M287 Danny_Yang 2018-06-18T15:58:51Z https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26163#M288 <HTML><HEAD></HEAD><BODY><P><A href="https://blog.checkpoint.com/2018/06/13/introducing-cadet-ai-technology-in-action/">https://blog.checkpoint.com/2018/06/13/introducing-cadet-ai-technology-in-action/</A></P><P>這個先進的ML技術可大大強化TE對於未知惡意程式的模擬效率與準確度，也是Check Point結合AI用於資安防禦技術的開端! 相信接下來會有更多的AI應用於SandBlast/Threat Prevention中。</P></BODY></HTML> Mon, 18 Jun 2018 16:03:18 GMT https://community.checkpoint.com/t5/Chinese-%E4%B8%AD%E6%96%87/Threat-Emulation-Engine-Update-7/m-p/26163#M288 Danny_Yang 2018-06-18T16:03:18Z