Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
adamec
Contributor

Harmony not catching Browser exploit in cpcheckme

Hi, we are testing Harmony endpoint complete in our organisation. I tried to turn on everything to prevent and turn on many defensive/preventive settings. But every time I run Check Me (cpcheckme.com) for Endpoint I always get Browser Exploit vulnerable. (see attached screenshot). Am i doing something wrong? we are deciding between ESET and Harmony. Or is there some best practice guide on how to configure Harmony endpoint for best security?

Any help much appreciated. Thanks

0 Kudos
16 Replies
G_W_Albrecht
Legend Legend
Legend

Look into sk115236:

Browser
Exploit
Network & Cloud

This test checks if your network is protected against Cross-Site Scripting (XSS).

CheckMe simulates this test by connecting to:

http://files.cpcheckme.com/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E

Endpoint


This test checks if your browser is exploit by simulating a shellcode execution in the Internet Explorer.
Improve your network security with Check Point Next Generation Threat Prevention and Endpoint Security that includes Intrusion Prevention System (IPS) and Anti Exploit blades.

Network & Cloud

Configure the IPS protections against Cross-Site Scripting (such as "Cross-Site Scripting Scanning Attempt") to "Prevent" mode.

    1. Enable the IPS blade and ensure that IPS protections are up to date.
    2. In case it is not possible to update the IPS protections to the latest release, enable the following IPS protection:

    Cross-Site Scripting Scanning Attempt


Endpoint

Enable Anti-Exploit on your Check Point Endpoint Security to improve your security risk against exploits.

Note that Anti-Exploit protection is available from version E80.83
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
_Val_
Admin
Admin

As already said, please check that you enabled Anti-Exploit feature in HE

0 Kudos
adamec
Contributor

@G_W_Albrecht @_Val_ Hi, so I checked and anti exploit is turned on to prevent. I have my rule base like on screenshot where rule number 0 is for my PC and rule number 1 is for entire organisation. 

And the problem still persist still the only bulnerable check is Browser Exploit. What else could be wrong?

 

Thanks in advance

 

 

 

 

0 Kudos
_Val_
Admin
Admin

Just to make sure, your browser does show the Harmony Endpoint extension installed and active, right?

0 Kudos
adamec
Contributor

sure, harmony web protection extension is active in the browser.

0 Kudos
_Val_
Admin
Admin

Also, can you please show the details about detected vulnerability? There might be some clues as well.

0 Kudos
adamec
Contributor

It looks like Anti-Exploit blade does not even generate anti logs. see screenshot

0 Kudos
_Val_
Admin
Admin

Can you please open the relevant section in the CheckMe report? What does it say there?

0 Kudos
adamec
Contributor

 

Here yoou go

0 Kudos
_Val_
Admin
Admin

Ok, triple-check that your Anti-Exploit is properly configured, does not have any exceptions, and that you pushed the policy to the HA client in question. 

If you still cannot figure it out, please open a TAC request to troubleshoot. 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Is Harmony Endpoint (which version?) the only solution installed or is there also a 3rd party A/V in play here?

CCSM R77/R80/ELITE
0 Kudos
adamec
Contributor

We used to have also ESET but for testing purposes we uninstalled ESET and currently only active and installed security solution is HArmony Endpoint version E87.62.2002

 

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Ok maybe it wasn't uninstalled cleanly, see if sk154454 helps?

(Note may require TAC assistance if cloud managed to test this)

CCSM R77/R80/ELITE
0 Kudos
adamec
Contributor

where should i connect to with GuiDBedit when we are using infinity portal -> harmony endpoint as a management?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

I believe TAC may need to do this on your behalf if Cloud managed.

Otherwise if ESET have a "cleaner / removal" tool maybe try that to ensure it's gone...

CCSM R77/R80/ELITE
0 Kudos
adamec
Contributor

okay i will try to look for eset cleaner first then reboot and try again. If the issue still persist I m gonna contact TAC.

 

Thanks all for your help so far

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events