This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Cymone92
Explorer
‎2024-10-02 05:37 AM

Conflict between Check Point Endpoint Security and Cynet: Unable to Suppress Tamper Alerts

Hi everyone,

I'm facing a challenging issue between Check Point Endpoint Security and Cynet on our network, and I'm hoping someone here might have some insights or solutions.

The Situation:

Exclusions Set: I've configured exclusions in both the Check Point and Cynet consoles for their respective XDR and antivirus components.

Persistent Alerts: Despite these exclusions, Cynet continues to generate anti-tamper alerts whenever Check Point's antivirus operates. This results in constant email notifications and alerts that are becoming quite disruptive.

Support Tickets: I've opened two tickets with Cynet and two with Check Point to resolve this, but the problem persists.

What We've Tried and Learned:

From Cynet Support:

They confirmed that anti-tamper alerts are treated as special alerts and cannot be silenced or excluded via allowlists.

Cynet cannot exclude an alert from the anti-tamper module, so the alerts and notifications will continue.

From Check Point Support:

They suggested upgrading the client and then uninstalling the Anti-Malware component of their E2 engine.

Check Point advises that their antivirus engine cannot run alongside third-party AV solutions and recommends disabling it to prevent triggering Cynet.

Our Attempts:

Allowlisting in Cynet: Created allowlist entries to prevent alerts regarding "attempt to terminate Cynet" from processes like Task Manager. Unfortunately, this didn't stop the alerts.

Communication with Both Supports: Both vendors seem to suggest that their products aren't fully compatible with third-party solutions in this context.

Exclusions in Check Point: Even after setting folder exclusions in Check Point, it seems to still scan those folders and attempts to interact with Cynet processes.

The Dilemma:

Cynet's Stance: Cannot silence anti-tamper alerts.

Check Point's Stance: Recommends disabling their antivirus component to avoid conflicts.

Our Goal: To have both security solutions running concurrently without constant false-positive alerts or having to disable essential components.

Questions

Has anyone experienced similar conflicts between Check Point Endpoint Security and Cynet?

Is there a way to configure either product to better coexist without disabling AV security features?

PS: Performance: We aren't experiencing performance issues or file access problems—it's primarily about the alerts.Versions: We're using up-to-date versions of both products where possible.Environment: The issue occurs across multiple tenants and client IDs within our organization.

Thank you in advance

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2024-10-02 01:07 PM

Knowing what versions of all components are used and exactly what you’ve tried to configure (with screenshots) might be helpful.

Having said that, you have two products performing a similar task operating in the same privileged area of the OS kernel.
They also both have anti-tampering mechanisms in place to ensure malicious software doesn’t impact their ability to protect your systems.
Even if you manage to get this working, a change in either product might recreate the situation you’re trying to avoid (or worse).

Which raises the question: what is the business reason driving this request?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events