This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
adamec
Contributor
‎2024-01-09 07:46 AM

Harmony not catching Browser exploit in cpcheckme

Hi, we are testing Harmony endpoint complete in our organisation. I tried to turn on everything to prevent and turn on many defensive/preventive settings. But every time I run Check Me (cpcheckme.com) for Endpoint I always get Browser Exploit vulnerable. (see attached screenshot). Am i doing something wrong? we are deciding between ESET and Harmony. Or is there some best practice guide on how to configure Harmony endpoint for best security?

Any help much appreciated. Thanks

Preview file
42 KB
0 Kudos
16 Replies
G_W_Albrecht
Legend Legend
Legend
‎2024-01-09 07:58 AM

Look into sk115236:

Browser
Exploit		 Network & Cloud

This test checks if your network is protected against Cross-Site Scripting (XSS).

CheckMe simulates this test by connecting to:

http://files.cpcheckme.com/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E

Endpoint

This test checks if your browser is exploit by simulating a shellcode execution in the Internet Explorer.		 Improve your network security with Check Point Next Generation Threat Prevention and Endpoint Security that includes Intrusion Prevention System (IPS) and Anti Exploit blades.

Network & Cloud

Configure the IPS protections against Cross-Site Scripting (such as "Cross-Site Scripting Scanning Attempt") to "Prevent" mode.

    1. Enable the IPS blade and ensure that IPS protections are up to date.
    2. In case it is not possible to update the IPS protections to the latest release, enable the following IPS protection:

    Cross-Site Scripting Scanning Attempt


Endpoint

Enable Anti-Exploit on your Check Point Endpoint Security to improve your security risk against exploits.

Note that Anti-Exploit protection is available from version E80.83
CCSE / CCTE / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin
‎2024-01-09 11:36 PM

As already said, please check that you enabled Anti-Exploit feature in HE

0 Kudos
adamec
Contributor
‎2024-01-10 12:25 AM
In response to _Val_

@G_W_Albrecht @_Val_ Hi, so I checked and anti exploit is turned on to prevent. I have my rule base like on screenshot where rule number 0 is for my PC and rule number 1 is for entire organisation. 

And the problem still persist still the only bulnerable check is Browser Exploit. What else could be wrong?

 

Thanks in advance

 

 

 

 

Preview file
22 KB
Preview file
15 KB
0 Kudos
_Val_
Admin
Admin
‎2024-01-10 12:37 AM
In response to adamec

Just to make sure, your browser does show the Harmony Endpoint extension installed and active, right?

0 Kudos
adamec
Contributor
‎2024-01-10 12:43 AM
In response to _Val_

sure, harmony web protection extension is active in the browser.

0 Kudos
_Val_
Admin
Admin
‎2024-01-10 12:38 AM
In response to adamec

Also, can you please show the details about detected vulnerability? There might be some clues as well.

0 Kudos
adamec
Contributor
‎2024-01-10 12:47 AM
In response to _Val_

It looks like Anti-Exploit blade does not even generate anti logs. see screenshot

Preview file
15 KB
0 Kudos
_Val_
Admin
Admin
‎2024-01-10 12:52 AM
In response to adamec

Can you please open the relevant section in the CheckMe report? What does it say there?

0 Kudos
adamec
Contributor
‎2024-01-10 01:08 AM
In response to _Val_

 

Here yoou go

Preview file
109 KB
0 Kudos
_Val_
Admin
Admin
‎2024-01-10 01:18 AM
In response to adamec

Ok, triple-check that your Anti-Exploit is properly configured, does not have any exceptions, and that you pushed the policy to the HA client in question. 

If you still cannot figure it out, please open a TAC request to troubleshoot. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-01-10 01:11 AM

Is Harmony Endpoint (which version?) the only solution installed or is there also a 3rd party A/V in play here?

CCSM R77/R80/ELITE
0 Kudos
adamec
Contributor
‎2024-01-10 01:15 AM
In response to Chris_Atkinson

We used to have also ESET but for testing purposes we uninstalled ESET and currently only active and installed security solution is HArmony Endpoint version E87.62.2002

 

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-01-10 01:21 AM
In response to adamec

Ok maybe it wasn't uninstalled cleanly, see if sk154454 helps?

(Note may require TAC assistance if cloud managed to test this)

CCSM R77/R80/ELITE
0 Kudos
adamec
Contributor
‎2024-01-10 01:30 AM
In response to Chris_Atkinson

where should i connect to with GuiDBedit when we are using infinity portal -> harmony endpoint as a management?

Preview file
113 KB
0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2024-01-10 01:37 AM
In response to adamec

I believe TAC may need to do this on your behalf if Cloud managed.

Otherwise if ESET have a "cleaner / removal" tool maybe try that to ensure it's gone...

CCSM R77/R80/ELITE
0 Kudos
adamec
Contributor
‎2024-01-10 01:38 AM
In response to Chris_Atkinson

okay i will try to look for eset cleaner first then reboot and try again. If the issue still persist I m gonna contact TAC.

 

Thanks all for your help so far

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events