I understand the urgency, please allow me to answer some of your concerns.
We do investigate all vulnerabilities, once announced, especially those relevant to our products, one way or another. Log4j impact is huge, it is a critical CVE with lots of implications. Hence we did provide an immediate response to that one. There are also other similar cases, for each CVE that may affect our products.
The issue with Kaspersky is, it does not have any actionable information security researches can work with. There are intelligence (as in military intelligence) and allegations that some of very specific Kaspersky products were used to gather intelligence on foreign governments and individuals. It is important to note, those allegations were maid about certain very specific Kaspersky own endpoint security products, and they do not mention any third party, Check Point, or otherwise. Such statements may and most probably do have merit, but all the articles I personally viewed over the last two years, those statements were made without body of proof.
USA did flag Kaspersky based on the mentioned incidents/claims back in 2018 and also banned it from use in any of the federal offices. At the same time, acting on that concern, we started removing parts Kaspersky SKD based solutions from our own products.
The last remaining product family with Kaspersky SDK is Harmony, and yet again, we do provide Kaspersky free alternative to those customers who do not want or are not allowed by law to use Kaspersky in any form.
I am glad you mentioned Log4j, because unlike that specific vulnerability, our researched do not have any technical actionable information that would indicate Kaspersky SKD use poses a security threat. I do stress the fact we review all third party code before using it in our products. That includes all parts of our offerings, and we take this very seriously.
For that matter, we are unable to make any actual statement of Kaspersky to be a direct verifiable security threat. We just do not have the proof. But not just us, there are no actual CVEs that would indicate the code we use from them is a threat.
This does not mean Kaspersky SDK is safe. It only means, there is no proof it is not. We did review it, and we did not find any sign of misuse or compromise, but there is always a room for a mistake. Because of that, we provide the only information we see 100% accurate, actionable and verifiable.
If you want or need to have Kaspersky-free security products, the mentioned SKs are the information sources you are looking for. We do understand that security concerns should be addressed. Hence, EPS without Kaspersky can be easily provisioned for you through the official channels.
Finally, if you search the community, you will find at least a dozen of discussions related to this topic, some of them years old, with the same SKs and reasonings as we mention today.
I hope this makes sense. If you need any additional assistance, let me know.