This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
FGA_Sys_And_Net
Participant
‎2022-09-15 02:03 AM

Enterprise Endpoint Security BitLocker encryption feature

Hello,

We have the latest version of Enterprise Endpoint Security (86.60) and one of the recent features is to block all use of BitLocker to protect the PC as much as possible. Which is a good thing.

 

AHTP-24319

"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.

 

We have a Dell Command Update program that allows us to update the drivers and the Bios of the computers. When updating the firmware, it's mandatory to suspend the BitLocker protection, it is managed automatically.

The problem is that Check Point blocks this action.

I would like to allow the Dell Command Update program as a legitimate application and it seems there is an option in the latest Endpoint version, but I don't see any option.

 

AHTP-25171

Endpoint Client now blocks against more encryption programs that may be used to encrypt a drive as part of a Ransomware attack. Programs that are used for legitimate purposes can be allowed by excluding the encryptor's signature. The feature is controlled by the "Block Bitlocker Encryption" option in the Endpoint management.

 

Our Endpoint server is On premise (r81.10)

Any idea?

 

Thanks and kind regards,

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
‎2022-09-19 04:49 PM

When I look at the E86.50 release SK, I see the following:

AHTP-24319

"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.

 

I suspect there is no way to exclude a specific program at the moment.
Might be worth a TAC case to confirm.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events