This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arun_R
Collaborator
‎2018-03-30 06:08 AM

Sandblast Agent machines got rebooted automatically

Hi Team,

I recently implemented Endpoint Sandblast Agent for one of my client company where I have faced a challenge after installing Sandblast Agent.

Out of some client machines, few machines got rebooted automatically soon after installed sandblast Agent. 

There is no clue why it has rebooted so I decided to uninstall the Sandblast on one machine and though the machine was rebooted. I installed some third party Anti-VIrus(Norton antivirus)  and found some bugs on the client machine(which already exist on the machine). 

As soon as found the bug I removed and tried to installed SA(Sandblast Agent) once again and till now the machine is not rebooted. 

I am very surprised the way how the issue got fixed, I tried the same all problematic machines and all are fixed in the same manner. 

Note: Used Sandblast Agent blade: Forensic, Anti-ransomware, extraction and emulation.

Do anyone have an idea why sandblast Agent has not remediated the existing bugs on the client machine.

Regards,

Arun.R

7 Replies
PhoneBoy
Admin
Admin
‎2018-03-30 03:46 PM

Look at it this way: tools like SandBlast Agent, traditional AV, and malware operate at a similar level in the system.

If the malware was there first, it can potentially block these tools from working (or hide from them).

Also keep in mind that SandBlast Agent is specifically looking at files and EXEs entering the machine.

If the malicious files were already there before SBA is installed, it's not going to see them.

This is why SBA should be deployed in conjunction with a traditional Anti-Virus that does periodic scans.

Arun_R
Collaborator
‎2018-03-30 04:20 PM
In response to PhoneBoy

Thanks for your update Dameon. Is there is any specific traditional Anti-Virus that we can use on SBA client machine.?

One more query is that should We need to keep the Anti-Virus software on the client machine even after deploying the SBA on the respective machine.

- Arun.R

0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-30 04:27 PM
In response to Arun_R

Check Point has an AV that comes with some of our endpoint licensing bundles.

We've also tested with some third party AV as well: SandBlast Integration with Third Party Anti-Virus Vendors 

AV and SBA look for different things and operate on different principles.

It's recommended to have both as part of a multi-layer prevention strategy.

Arun_R
Collaborator
‎2018-03-30 04:48 PM
In response to PhoneBoy

Dear Dameon,

Thanks for your update on this.

Based on the update of your that gave me the impression of Anti-Malware blade in Checkpoint Endpoint Security Management Server license bundles and also some third-party AV vendor(If no Anti-malware been used).

Once again thanks for spending your time spends with me on this query, which gave a new experience/lesson for further SBA implementation.

- Arun.R

0 Kudos
Arun_R
Collaborator
‎2018-03-30 04:51 PM
In response to PhoneBoy

Dear Dameon,

In addition to my last update, Is there is any knowledge base quote this " I.e best recommendation/Practice to use AV along with SBA.?

- Arun.R  

0 Kudos
PhoneBoy
Admin
Admin
‎2018-03-30 06:40 PM
In response to Arun_R

The SBA package does not include Anti-malware (AV) but if you buy the Complete package, it is included.

As far as I know, there isn't an SK that says you should deploy both technologies as most customers do this already.

The reason we sell SBA without AV is many customers already have a preferred AV vendor.

0 Kudos
Arun_R
Collaborator
‎2018-03-30 06:51 PM
In response to PhoneBoy

Dear Dameon,

Thanks for the update.

It improves my performance in SBA implementation.

Once again thanks for your's assist.

-ArunHari.R

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events