This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bund
Explorer
‎2023-09-11 11:40 PM

How is anti-ransomware updated in Endpoint?

Hello, everyone.

 

 

I'm looking for what Anti-Ransomware references to make its scans work.


I'd like to know the mechanism by which anti-ransomware and forensics work.

I'm only using 'Sandblast agent anti-ransomware, Vehavioral Guard and Forensics'.

(I use R81.10-Take95.)


I understand that the existing GW imports engine updates through schedule updates.

What mechanism makes anti-romware work on endpoints like this?

Do you get updates using Sandblast agent dynamic update? I understand that this is done every 6 hours, is it possible to change the time? What does this get updates from?

https://support.checkpoint.com/results/sk/sk164695


I don't know even if I check this.
Please let me know exactly and kindly.

Thanks.

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend
‎2023-09-12 12:22 AM

sk164695 has it all:

Forensics and Anti-Ransomware can work offline without the need for update or connection to the Internet/Management.

Whereas:

Anti-Bot ... database continuously updates

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
bund
Explorer
‎2023-09-12 01:02 AM
In response to G_W_Albrecht

If so, how is it judged to be ransomware?
Is there a list that you refer to?
Or is it owned and installed by client version?
If not, do you communicate with the checkpoint service through the management server in real time and analyze it?

And is it impossible to change the frequency of dynamic updates of Sandblast agent?

0 Kudos
G_W_Albrecht
Legend Legend
Legend
‎2023-09-12 01:56 AM
In response to bund

If so, how is it judged to be ransomware? - Forensics, Behavioral Guard and Anti-Ransomware work together. Endpoint clients also communicate directly with CP Cloud for sending files to Cloud TE. Regarding updates, this is handled differently:

https://sc1.checkpoint.com/documents/R81.20/SmartEndpoint_OLH/EN/Content/Topics-EPSG-R81.20/SandBlas...

https://sc1.checkpoint.com/documents/R81.20/SmartEndpoint_OLH/EN/Content/Topics-EPSG-R81.20/Signatur...

https://sc1.checkpoint.com/documents/R81.20/SmartEndpoint_OLH/EN/Content/Topics-EPSG-R81.20/SandBlas...

https://sc1.checkpoint.com/documents/R81.20/SmartEndpoint_OLH/EN/Content/Topics-EPSG-R81.20/Endpoint...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events