How are we able to push this as an MSP to all tenants?

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/... 

apparantly i still dont have access to all tenant's "smart exclusions"
do you know how i can activate that part?

And what happened to the previous categorization "Riskware" for this type of software? The Antimalware policy had the possibility of not detecting it. does this no longer apply to E2?

Im honestly unsure how checkpoint expect us to whitelist this

Everytime i right click in the eventlogs to automatically add it to global exclusion it just created a exclusion with a SHA1 value..
it does this everytime(with a different value)
So that exclusion isnt worth much

The certificate used to sign the application should be excluded from Forensics Monitoring.

The certificate used for signing?? That’s a new one for me. Is there any examples somewhere perhaps?

Endpoint is not my strong suit 🙂
However, it appears this is where you set it for "legacy" exclusions (specifically for Forensics > Anti-Ransomware and Behavioral Guard): https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/... 

Would you expect that can work?

but how do i get the certificate when app is being blocked

According to the internal notes of the SK documenting AnyDesk as PUA, yes.
Suggest engaging with the TAC here.

Maybe a workaround, install anydesk and make an exception to the installed path "c:\Program files\AnyDesk......".
How do you install it when it is blocked? You can temporarly disable the protection with these settings on every client.

yep i can disable security features. But.. that seems really out of boundary that its should even be considered just because you wanna install some software. Check Point should have a feaseable solution to installation/whitelisting software without having to disable security feature before installing 🙂

and if i need to "re-deploy" Anydesk to computer, i cant mass disable features on all endpoint og remotely re-enable again 🙂

I totally agree with you, that was the reason why I started this post in the first place.
Since no one provided a global solution, we had to this workarounds 😞

You can mass disable and reenable through Software Deployment- Policy - see screenshot

auuuh that way of disabling 😮 . didnt that cause a lot of havoc ?

that way is literally uninstalling blades & then re-installing them afterwards 😮

Indeed, it was not the optimal solution 😞 , but a quick resolution was necessary.

have you checked your harmony endpoint reports?

all my harmony reports are screwed now, and data is now worthless. it still triggers detection's on anydesk and thereby making all my malware/infection reports useless because it keep triggering.

Have you tryed this exception with certificate ?

Yes.. and it works,  but it still reports as detected none the less. It bypasses but it still does a detection and therefore killing my data/reporting.. are yours gone from the logs if you check?

And here the exception with SMART exceptions