Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
C0LDW1R3D
Explorer
Jump to solution

Bitlocker VS Ransomware Protection

Hi,

So to start off our endpoint protection of Checkpoint is on version 86.5 - As we all know from this version "Block Bit locker encryption tools" is on by Default.

What was the release date of E86.50?

I have read everywhere that you have to disable this in "Behavioral Guard & Anti Ransomware" set from Default to Off - run Bit Locker and then turn back on.

This doesn't seem like the safest thing to do, as this is basically disabling ransomware protection for the entire workstation workforce.

To clarify, is Block volume Encryption Tools, the main tool to prevent the encryption of ransomware attacks? Or is there another policy blocking a ransomware attack?

 

Or is this feature only to block the use of bitlocker like tools?

 

 

 

Thanks

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

E86.50 clients were released roughly 6 months ago.
You can see the release dates and supported timeframes for all our products here: https://www.checkpoint.com/support-services/support-life-cycle-policy/

We have numerous methods for detecting…and preventing Ransomware.
Having said that, we noticed a number of threat actors using Bitlocker to ransomware victim’s computers.
This is why we have developed a way to block attempts to do that and have enabled them by default.
This feature only needs to be disabled long enough for the device to be encrypted by legitimate means.

I believe the best practice is to not do this for the entire install base at once, but rather do it for blocks of users at a time.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

E86.50 clients were released roughly 6 months ago.
You can see the release dates and supported timeframes for all our products here: https://www.checkpoint.com/support-services/support-life-cycle-policy/

We have numerous methods for detecting…and preventing Ransomware.
Having said that, we noticed a number of threat actors using Bitlocker to ransomware victim’s computers.
This is why we have developed a way to block attempts to do that and have enabled them by default.
This feature only needs to be disabled long enough for the device to be encrypted by legitimate means.

I believe the best practice is to not do this for the entire install base at once, but rather do it for blocks of users at a time.

C0LDW1R3D
Explorer

Thanks Phoneboy for your reply.

For giving a details explanation of why.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events