Create a Post
Showing results for 
Search instead for 
Did you mean: 

Advanced Investigation & Remediation Using Harmony Endpoint TechTalk: Video, Slides, and Q&A

Hunting cyber threats is a complex task. When under attack, an effective investigation and timely remediation are crucial to minimize the damage and keep your business safe.

  • Full video is available to CheckMates members.
  • Slides are available to CheckMates members.

Selected Q&A is below.

Could u pls show us later how to look up (In Threathunt area?) for past connectivity of an endpoint to a certain ip?

It is very simple. Just choose Destination IP and type the IP. Yoni will show how to select any field to select from the list during the demo.

What is the difference between the old Endpoint Security and the new Harmony?

Harmony Endpoint is the new branding for Endpoint Security and SandBlast Agent. There are no functional differences. Future versions of the product will reflect the new branding.

What to do if customer complains about scans reduce drastically pc performance, because use mechanical disk instead of SSD?

Scans can be disabled and scheduled, so this is in the customer's hand.

What version of the Web Console is the Forensic tab in. I do not see it in my console.

What you're actually seeing is the Forensics report, which can be downloaded from the relevant event in SmartView. It is a ZIP file that can be extracted and viewed in a web browser.

One thing I dislike is there isn't enough information on unknown stuff. I see daily that 'cdnloader' is blocked but no idea what it is. I think it's an ad network but there is no detail on it.

The latest version of Forensics is showing an attack description. In addition, Forensics is also enriching automatically with our ThreatCloud.

What AV engines are used?

Most of our Threat Prevention technologies are developed in-house. For AV in particular, it depends on the precise version you're using. 

Is there an ETA for Harmony Endpoint for Macbooks with M1 (ARM) chips, please?

Currently Q2 2021, subject to change.

How is Harmony Endpoint deployed versus Harmony Connect? SandBlast Agent was always too cumbersome to set up and deploy.

We have greatly improved the process of installing, including having a 250KB initial download that will handle the rest. With dynamic packages that also only install the parts that the user wants, the process has been greatly improved.

How could one transition from SandBlast to Harmony (new GUI etc)? If possible, would the SandBlast license be compatible Harmony?

The GUI that was shown in the demo was in Infinity Portal and should be available now. For on-premise use, you should be using R81 Management. The Harmony branding will not be applied to the UI until later versions. Existing licenses/SKUs should continue to work. 

I see that the latest client has the ability to uninstall other AVs, notably Symantec, using some CLI switches. Does that work well?

Yes, it does. 🙂

If you have both Symantec Client and Harmony Client installed, Would there be a conflict? Would it affect the PC performance?

Yes, depending on what is activated. We actually have built-in integration with Symantec and Forensics. Symantec detections will trigger Forensics to get the report for full Incident Analysis.

If the unprotected PC's are not running the Harmony Client, what mechanism is being used to capture the data for unprotected PC's? Is there some other sensors on the network?

There are no unprotected PCs in the demo. Only zips that were downloaded from Outlook that were initially not detected to be malicious. 

What about OS X support / are there limitations compared to Windows 10 support?

With a few exceptions, most features of Harmony Endpoint--particularly the ones covered in this session--are also supported on Mac.

Will any of the activity be integrated into Infinity SOC?

When you download and run the lightweight agent from Infinity SOC, you can get similar information. Integrating your existing on-premise management with Infinity SOC is on the roadmap.

Are these features included in the Harmony Basic?

Yes! Threat Hunting is 7 days retentions by default.

When will be the release of Check Point XDR solution?

Planned for later in 2021.

onedrive.exe has been detected as "Active Attacks" in Threat Hunting, even if it is the true Microsoft OneDrive process. What can we do about that ?

It's not about Threat hunting, it is coming from an engine. Simply apply an exclusion and then it should no longer be an issue.

For two of my users, images in DOCX files received through GMAIL on Chrome are frequently being removed from the attached files. If this is due to a false positive, how can I recover the images for the end user?

The user can use the browser extension to ask for the original file. It is a very easy to use flow.

How does the Harmony portal connect to an unprotected PC on my LAN or on a VPN connection to remediate files?

We can only automatically remediate clients running Harmony Endpoint. For clients that are not, there is a lightweight agent that can be manually downloaded.

It's a little vague as to when you need Endpoint vs. Connect.

Is the portal/console for Endpoint Harmony essentially it's own SIEM to where SmartEvent won't be needed anymore for certain events? And will you be able to use or have to use SmartEvent for notifications of events?

What we showed in the demo was the version managed from Infinity Portal. Similar capabilities also exist on-premise and can leverage SmartEvent. Integration between these two options is planned.

How well does Harmony Endpoint Work with a Splunk SIEM System

We can export data to Splunk and other third party SIEMs.

Is cloud-based mgmt (infinity portal) still included in the Base Pricing?

Yes, it is included in current SKUs.

Are threat hunting is plan to be supported on on-premise management?

It's in our roadmap.

0 Replies


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events