This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ikokkoris
Contributor
‎2023-08-02 02:56 AM
Jump to solution

HARMONY ENDPOINT DIGITAL SIGNATURED FILES

Hello,

I have noticed that Treat Extraction removes digital signatures from pdf documents (.cleaned) and makes them being invalid.

In Threat Prevention Policy -> Web & Files Protection -> Advanced Settings -> Download Protection -> Extract potential malicious elements -> Elements to Extract, everything is checked. 

Is there any chance digital signatures fall under one of these categories and after unchecking them, digital signatures are not removed from Threat Extracted  pdf files?

I know that I can only emulate these files or just exclude the relevant URLs, but it is not suittable in my case.

 

 Regards,

Ioannis

Labels
0 Kudos
1 Solution

Accepted Solutions
ikokkoris
Contributor
‎2023-08-22 12:43 AM
In response to PhoneBoy
Jump to solution

Hi,

As informed from TAC, we excluded the relevant URLs from Threat Emulation and the problem is solved.

View solution in original post

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2023-08-04 03:25 AM
Jump to solution

I do not think it si possible. However, there should be an option to request an original file.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-08-21 04:18 PM
Jump to solution

If we left the digital signature in there, it would be invalid since the file served to the user is different from it's original and the signature is based on the file contents.
This means we would have to generate a new digital signature for the cleaned file.
This is probably an RFE and if this is a hard requirement, I suggest engaging with your local Check Point office.

0 Kudos
ikokkoris
Contributor
‎2023-08-22 12:43 AM
In response to PhoneBoy
Jump to solution

Hi,

As informed from TAC, we excluded the relevant URLs from Threat Emulation and the problem is solved.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top