cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Tal_Eisner
inside Endpoint Security Products 39m ago
views 7 1 1
Employee+

Forrester names Check Point a Leader in Endpoint Security Suites

    Forrester Research, Inc. conducted an extensive, in-depth analysis of endpoint security features amongst 15 different enterprise cyber security solutions. They evaluated 25 criteria, including malware prevention, data security, mobile and a zero-trust framework alignment.Check Point’s SandBlast Agent supplies a comprehensive enterprise endpoint security solution, assuring organizations are protected from advanced zero-day attacks. Some key features of the solution include Threat Emulation, Threat Extraction, Anti-Ransomware, Zero-Phishing, and more.The criteria in which Check Point obtained the highest possible scores in Enterprise Endpoint Security were: Malware prevention Exploit prevention Secure configuration management Data security Mobile Zero-trust framework alignment Download the report to learn about Forrester’s evaluation of the endpoint security market and why Check Point was recognized as a leader.From the report:“Check Point’s focus on integrating the endpoint security capabilities with its network security portfolio has led to one of the tightest integrations between the two layers in this study, helping customers to enforce a Zero-Trust approach on their endpoint devices.”The Forrester Wave™: Endpoint Security Suites, Q3 2019
Sascha_Bremshey
Sascha_Bremshey inside Remote Access Solutions 5 hours ago
views 59 8

Office Mode: Algorithm behind "Unique per machine" (MAC address for DHCP allocation)

Hi,for special internal reasons we currently use "Calculate per user name", whit this the algorithm is clear:Take the <username> make MD5 hash and the first 12 chars is the MAC used for DHCP requests.Example:User: saschaMD5: a624a33f3501afdc109103d1bdf80840MAC: A6-24-A3-3F-35-01This gives us the opportunity to set static DHCP entries for every user.Now we think about to give static VPN-IPs via DHCP to any connecting machine.But we need to know the calculated MAC address before user connects.Tried with 3 different machines and got those MAC addresses5f:38:13:5c:cd:d99d:7b:a3:b6:d3:61aa:7c:47:4a:f3:bcI have no Idea how those MACs where calculated.Any hints from you? Thanks and best regards,Sascha
Chinmaya_Naik
Chinmaya_Naik inside Endpoint Security Products 5 hours ago
views 2196 4

How to recover the data on the encrypted Hard Disk (Full Disk Encryption)

Hii Team,Requirement: How to recover the data on the encrypted Hard Disk.I follow the sk105523 to make the below process.Step 01: Remove the HARD Drive from encrypted PC.Step 02: Connect to the Another PC (Example: HOST_A) through USB port by using a converter to access the Hard Drive (Encrypted PC).Note: HOST_A must have Endpoint Security Client installed with FD blade enabled. (E80.51 or Above)Step 03: GO to location "%programfiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption" on HOST_A.Note: You found the "FDE_Drive_Slaving.exe".After complete above step follows the below final step.Step 04: Open the "FDE_Drive_Slaving.exe" then select the Drive of encrypted PC and start to recover.NOTE: Make sure you open the FDE_Drive_Slaving.exe utility as an administrator, and once that is open connect the mounted drive.  Connecting the mounted drive before opening the FDE_Drive_Slaving.exe utility may sometimes not work correctly. (Thanks Steve_Lander for this information) Once the drive shows up on the list, you can click on it and unlock it with FDE credentials.Also Please suggest If any other simple procedure apart from using "Dynamic Mount Utility".Regards@Chinmaya Naik
TomShanti
TomShanti inside Remote Access Solutions 9 hours ago
views 553 16

Endpoint VPN: How does client get routing topology fom the VPN GW ?

 I know that the client calculates topology on connect and stores it in local trac.config file but where is this topology information stored on the gateway ? Thanks Tom
sharkbone
sharkbone inside Endpoint Security Products 10 hours ago
views 203 10

Screenmirroring (Miracast) connection error

We have had the scenario where our Screen mirroring via Miracast or any other technology works only after uninstalling Checkpoint VPN/Firewall software from the affected client. Research shows that most third party VPN solutions identify WiFi Direct (the underlying technology for Miracast/screensharing) as a "Split Tunnel" connection and deem it a risk to security so they disable the functionality.Are there alternative workarounds to this instead of totally uninstalling Checkpoint in order to get this working? We can only keep Checkpoint as our endpoint security solution (vpn / firewall) if we find a permanent solution to this problem or else management will be forced to turn to another solution. Refer to this post https://superuser.com/questions/1353896/miracast-connection-error-after-joining-ad-domain
Johannes_Schoen
Johannes_Schoen inside Remote Access Solutions 11 hours ago
views 71 2

Are OU user groups still supported in R80.10 mobile access portal

Hi Community,I was at a customer with a preexisting R77.30 enviroment and MobileAccess portal.We upgraded to R80.10.The MAB policy assigns the applications by an user-group object, which refers to an LDAP OU path.Typically, I only knew/auhtorized access with AD-Users or AD-Groups - so my question: Is that setup supported with R80.10?Best RegardsJohannes
Alex_Gilis
Alex_Gilis inside Endpoint Security Products 12 hours ago
views 76 2

Chrome 77 & Sandblast Agent

Since Chrome update to version 77, it's impossible to open PDF anymore when the Sandblast Agent extension is present and the user doesn't have admin rights. Clicking on a link supposed to open a PDF opens a new tab with an empty page and "About:blank" in the URL.If a user has admin rights, it works. If the tab is open in an incognito page, it works. Using IE (no agent there), it also works. Obviously, it's out of the question to give admin rights to the full user base. This behavior was seen with E80.92 & E81.30. If I uncheck "Protect web downloads" and choose "Do not emulate web content" in the policy for Antimalware & TP, nothing changes. Workaround now is to instruct users to go Incognito or use IE for some specific business-related websites, but it's not really handy. I couldn't find specific errors in the logs.Any idea before I make a TAC case?

Endpoint client server IP change

Hi,Is there any way to change management server IP in Endpoint Client?or can we add a secondary source to update the database?ThanksBalakrishna 

Change of authorization(CoA) in remote VPN

Hi Folks, Can we do Change of authorization (CoA) in remote access VPN as we want to perform a test case where in the end users connects through Checkpoint VPN but the compliance of the system is checked via Checkpoint Endpoint security egent installed in a Laptop. Please suggest.Checkpoint current version is r77.30  Regards,Viru  
Kul
Kul inside Remote Access Solutions Friday
views 79 1

HTTP parsing error occurred, blocking request (as configured in engine settings).

Hello everyone ,I have 3 firewalls located at branch offices .And one at head quarter.I have site to site vpn configured .And all branches needs to access a server located at the head office .My issue is i have been having issue with one firewall at the branch.I can access the server but unable to print locally  .i checked the log and it says HTTP parsing error occurred, blocking request (as configured in engine settings).i followed sk106288.i changed the value here vi $FWDIR/boot/modules/fwkern.conf asws_ignore_http_resp_wo_req_error=0ws_strict_parsing=0 Still then it keeps working and after few hours again i get the same issue .sometimes i even lose the vpn connection .Also to mention i have all the hot fixes updatedsometimes there is vpn and i can connect to server but cant print .I have been working on this for several days but still the same issue 

How to exclude IP addresses in SB4B for Chrome.

Hi Team,I have EPM 80.30 and agent 81.30 with sandblast for Chrome plugin is installed automatically. However I exlcuded certain domains under AntiRansomware. Threat Extraction blade since the browser was stopping certain PDF files and creating lot of issues.However after exlcuding domain things have started working fine. Now my wuery is the agent is creating an issue for internal portals as well which are being accessed using IP addresses.http://172.16.8.7/interna/agent.aspxIf I exlcude the IP addresses the log shows the exceptions hence wanted to know if there are other ways to bypass the IP addresses from scanning? TIABlason R 
Tom_Kendrick
inside SandBlast Agent Friday
views 93 2
Employee

Mitre ATT&CK view added to SandBlast Agent Forensic reports available in upcoming E81.40

One of the many new features that will be available in E81.40 is an updated SandBlast Agent Forensic report. For this, we have to thank our wonderful R&D Team at HQ for making this happen! The new Forensic report contains: Mitre ATT&CK screen: Showing links back to the Framework RDP Focus: Use the Ryuk RDP Report (Overview and General Screen provide RDP Details) Injections: Use the Ryuk RDP Report (Shown in both Mitre Screen and Tree Views) Privilege Escalation: Use Cerber or Sodinokibi (Shown in both Mitre Screen and Tree Views) Current Ransomware affecting US Municipalities: Ryuk, Sodinokibi and Robinhood               Some of these samples have been put online, which you can take a look at: Report Use Case Link Ryuk RDP RDP/Injections https://forensics.checkpoint.com/ryuk_rdp/ Sodinokibi Ransomware Current https://forensics.checkpoint.com/sodinokibi/ Robinhood Ransomware Current https://forensics.checkpoint.com/robinhood/ Astaroth Fileless Current https://forensics.checkpoint.com/astaroth/ Bad Rabbit Blog / Well Known Ransomware https://forensics.checkpoint.com/badrabbit/ Cerber Blog / Well Known Ransomware https://forensics.checkpoint.com/badrabbit/ Pokemongo Blog https://forensics.checkpoint.com/pokemongo/ CTB-Faker Blog https://forensics.checkpoint.com/ctb-faker/ Wannacry Blog/ Well Known Ransomware https://forensics.checkpoint.com/wannacryptor2_1/ Ranscam Blog/ Well Known Ransomware https://forensics.checkpoint.com/ranscam/    

Route-based VPN issue with DAIP third party device (Cisco 1921)

Hello,I've configure one of my CP cluster to do route-based VPN instead domain-based.A ticket is open but it seems CP don't really understand the issue. So my configuration is:- Cluster CP (OpenServer) R80.10 Take 214- Cisco 1921 IOS 15.5 (4G modem with IPSec support APN/public IP) My need is a route-based VPN between my Cluster and this router. My issue is: all is working fine if i set the public IP for this third party device, GRE over IPsec is working fine. If i set this object in DAIP, with wan interface configured as Dynamic IP in its topology, IPsec tunnel is up but there is no GRE traffic inside. On the CP log tracker, the "VPN peer Gateway" field have the right name (rt-lte-xxx) and public IP when i set public IP on the object, but in DAIP mode, only 0.0.0.19 is visible, nothing else.I think Checkpoint can't retrieve the object name/dynamic IP address when packet is routing thought VTI interface.Anyone here is able to route-based VPN trafic with Third party object in DAIP mode? Thanks.  

How to create script to see active endpoint users.

Hi Everyone,Can one help me to create script to see active endpoint users in Check Point R80. Thanks in advance for your kind support. 
Juraj_Sakala
Juraj_Sakala inside Remote Access Solutions Thursday
views 608 5 1

Different encryption domain per group

Hello,Is there any solution for defining remote access encryption domain per user group? I know that I am able to limit traffic by access rules, but I want that some users can't view internal infrastructure information.Thanks in advance