Showing results for 
Search instead for 
Did you mean: 
Post a Question

Zero Phishing

Hi there,I am facing problem while creating a report for blade:"Zero Phishing". I filtered for password reused but SmartView shows no data found. However, I can see there are some events within R80.20.You help will be appreciated. Thanks
CHINMAYA_NAIK inside Endpoint Security Products 2 hours ago
views 32 1

Ransomware Simulator Tool results showing Checkpoint Endpoint unable to detect known Ransomware

Hi Team,SetupOS: GAIA R80.20Client Package : E80.96 , E81.00 ,E80.97Windows Machine (Test): Windows 10 Pro, Windows 7 Pro, Windows 8 ProJumbo HotFix: Take_47Tools Name: knowbe4Link: When I ran this application and start scanning then see some different results.Results 1: Windows 7 with E81.00 package, Suddenly Anti-Malware blade is not worked and we unable to find the SAB agent on the taskbar.Results 2: Windows 10 and 8 with E80.96 package, The application is started initially but suddenly it terminated but we got 4 results and it's showing checkpoint SBA is not venerable. (Reason: Maybe SBA behave kowbe4 application done some unknown activity so SBA terminate this application).I exclude the three process "Ranstart.exe", "Starter.exe" and "Collector.exe".Then again I start scanning and see the below results after scanned completed.Out of 14, 4 is showing vulnerable.Anti Malware version: 201906191126Still, I need to check whether SBA is able to block those Ransomware or not but pls requesting everyone to look into this. I am sure that SBA will block those ransomware.Regards@CHINMAYA_NAIK

Any way to check process debug is still running ?

Hi Chekmates,Have a query on Process Debug. Do we have any way to check if the process debug is enables or not ( Just to know if its stopped ) ?For example , We ran debug on FWD process using "fw debug fwd on TDERROR_ALL_ALL=5". Any particular command to know if its running ? Understand it would write up logs on fwd.elg file. Apart from that any particular command to know if its still running ?
Vladimir inside Endpoint Security Products Tuesday
views 1374 16

Wildcards in custom Apps

I am attempting to whitelist a long list of domains used by the user awareness training campaign. And am seeing this: Can we get some clarity on why this is not working and how to get around this issue. The lab is 80.30EA, but the client is running 80.20. Thank you, Vladimir

Endpoint client and Windows 10 1903

Hi everyone,has anyone tried to upgrade windows 10 to the 1903 version and install the endpoint client? in the release notes of ver 80.94 and 80.96 I see that it is not mentioned and does not seem to be supported yet. does anyone have feedback?

Database Migration in VSX environment

Hi All, We have following two checkpoint serversMGMT-SERVER-1:OS: Gaia R80.20VSX Environment (On 2 HA appliances)Managing 6 Virtual Systems.Each VS-Gateway policy package having around 200 policies.MGMT-SERVER-2:OS: Gaia R80.10Only two firewall in HA Mode.2000 + Polices into single Policy package. Now we are planning to merge the database of both these management servers using Python toll“Python tool for exporting/importing a policy package or parts of it “ I need your help for following queries:Can we run this python tool into VSX environment?As OS version are different (R80.10 and R80.20). So is possible to export policy package from R80.10 management server and then import it directly to R80.20 OSAs we need to merge the policy package which having 2000+ policies, so is there any limitation on the basis of policy package size or number of policies.
Tony_Seely inside Endpoint Security Products Saturday
views 376 1

Secure Domain Logon Altering Windows Logon

Client: 80.87 / OS: Windows 7 EnterpriseWhen Secure Domain Logon (SDL) is enabled it alters the Windows logon screen with an additional button to launch the VPN. This works as intended. However if SDL is disabled on a device it was previously enabled on the Windows logon screen remains altered. The logon screen will no longer remember the last user automatically and instead presents the logon window with a button for the last user, a button for other user, and also a button for the Smart Card if the device has that capability.We'd like to disable the way SDL is altering the Windows logon screen when SDL is also disabled to return to our previous logon experience. I currently cannot find what registry keys are being altered by enabling SDL beyond "HKLM\SOFTWARE\Wow6432Node\CheckPoint\TRAC\IsInEncDomain" and "HKLM\SOFTWARE\Wow6432Node\CheckPoint\TRAC\SDLEnabled".I appreciate any suggestions you can provide.

Sandblast Browser on top?

Dear Community,I got a general question for the SA Webbrowser extension:I assumed, that the browser extension would be installed on top of a normal Sandblast agent.But sk108695 states, it's not recommended for other browsers then Chrome.Does anyone of you gathered experience/best practices with this?Is a browser download, phishing attempt etc. intercepted even if the browser extension is not installed, but the Sanblast Agent?Looking forward to your reply.Best RegardsJohannes

VSX Failover

Hi Team , Can someone suggest me how to switch my VSX firewall without any downtime .I am planning to Hot fix installation on primary firewall before this I need to make my secondary firewall make active so not impact on my BusinessSomeone suggest me if I Use ClusterXL admin down command not use in VSX mode .I am use R80.10 version in checkpoint firewall .Thanks in advance for replay my query .

Endpoint Security client cannot register to the server.The security ID of this machine was not found

Hi Team,Endpoint Server: OPENOS: R80.20 Hotfix: Take_47Client Package: E80.96 and E81.00Host Machine OS: Windows 7 Pro (64 bit) , Windows 10 Pro (64 bit), Windows 8 Pro (64 bit)On Windows 8 Pro: No issue working fine with E80.96 package.Issue: We face the issue with Windows10 and 7.We try both client package E80.96 and E81.00 and after installed showing error "Endpoint Security client cannot register to the server. The security ID of this machine was not found"Could someone address what is the exact issue?We removed the Third Party Antivirus from Windows 10 and also 7 but still struggling we unable to communicate with Endpoint Server.Also, what are those dependencies that need to care before installing SBA?Pls help to resolved this issue. @CHINMAYA_NAIK
Pliops12 inside Endpoint Security Products Thursday
views 951 3

VPN Access

Hi, Im looking for solution for my company.Currently we have remote access to the office via VPN Client and everything working fine.I want to allow to a specific user access via VPN but to another subnet and not to the "Office Mode Network" subnet that every employee connecting to by default.Or when this user connecting through VPN he allow to access only to DMZ Network and block his traffic to office by Access Policy. Thanks!
Hawkeye_Parker inside Endpoint Security Products a week ago
views 756 3

R77.30 version gateway writes logs on fwd.elg files eventhough Debug is disabled.

Hi All ,Need your advise on reason for why below logs are filling up fwd.elg file.Usually contents should be written to the .elg file if any debug is enabled.But seeing these weird logs written up frequently. RemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_delRemoveFilesFromCLDir: Failed to open dir /opt/CPsuite-R77/fw1/log//cl_del
paul inside Endpoint Security Products a week ago
views 1078 7

SandBlast Agent stuck "Loading"

I'm trying to install the Check Point SandBlast Agent for Browsers on Windows Server 2008 R2. I'm unable to get it to work properly.(MSI) Installation went fine and when I open the "Manage Add-ons" dialog in IE11 I see both "CheckPoint.SandBlast" (version 990.58.12.0) and "Check Point SandBlast" (version 990.058.012.0), both enabled, both 32-bit and loaded.When I click the "Check Point SandBlast" button (or "Tools|Check Point SandBlast"), a pop-up dialog is displayed showing "HTML"-code. When I disable ESC (Enhanced Security Configuration) the pop-up dialog is displayed correctly, only it is stuck "Loading".Enhanced Protected Mode is not enabled (Internet Options Advanced Tab) and Internet Zone Security-Level is set to "Medium-High" (Default).I'm trying to implement SandBlast as a POC.
Nilesh_Sonkusa1 inside Endpoint Security Products a week ago
views 1020 2

configure Proxy Arp on VSX cluster firewall

Hi Team ,Can someone explain me how to configure Proxy Arp for Static NAT Public IP on R80.10 VSX Cluster firewall .My Cluster is active passive mode .I am go through SK30197 but not understand .
Nilesh_Sonkusa1 inside Endpoint Security Products a week ago
views 3202 16

How to install Hotfix on R80.10 VSX

Hi Team ,Is any document for Video available for how to install hotfix on R80.10 VSX mode .