- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
Hello, does anyone know if there is an IPS Signature already made for Checkpoint we can download in our normal IPS updates for the BlackMatter Ransomware?
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
Or can we do a custom one with the info in the US Cert article?
There are no IPS signatures for any ransomware types, that falls into the domain of the Anti-virus blade which has several signatures for Black Matter. You will want to use those if you have the Anti-Virus blade enabled.
While IPS was kind of the "original Threat Prevention" and had lots of signatures for things like eDonkey/Gator/Nimda and such, all that got cleaned up in R80 as many IPS signatures got migrated into the "proper" blades as described here: sk103766: List of IPS Protections removed in R8X.x. Although IPS still has a signature for the EICAR test virus to this day which I find perplexing...
But anyway if you can't or don't want to use the Anti-Virus blade for this, your best bet is to create a custom SNORT signature for your IPS blade matching Black Matter, I'm sure you could probably locate the proper SNORT rule(s) for it with a bit of research. All of the above is covered in my new IPS/AV/ABOT Immersion video series as well as Custom Threat Indicators (strongly preferred over the much older SNORT-based signatures) which you can't use in this case because they only function with AV and ABOT.
Go to the ThreatWiki (https://threatwiki.checkpoint.com/threatwiki/public.htm) and search for blackmatter to get the protection names:
There are no IPS signatures for any ransomware types, that falls into the domain of the Anti-virus blade which has several signatures for Black Matter. You will want to use those if you have the Anti-Virus blade enabled.
While IPS was kind of the "original Threat Prevention" and had lots of signatures for things like eDonkey/Gator/Nimda and such, all that got cleaned up in R80 as many IPS signatures got migrated into the "proper" blades as described here: sk103766: List of IPS Protections removed in R8X.x. Although IPS still has a signature for the EICAR test virus to this day which I find perplexing...
But anyway if you can't or don't want to use the Anti-Virus blade for this, your best bet is to create a custom SNORT signature for your IPS blade matching Black Matter, I'm sure you could probably locate the proper SNORT rule(s) for it with a bit of research. All of the above is covered in my new IPS/AV/ABOT Immersion video series as well as Custom Threat Indicators (strongly preferred over the much older SNORT-based signatures) which you can't use in this case because they only function with AV and ABOT.
I've been asked to show proof of protection from "blackmatter"... is there a way to look these up the protections in AV/AB blade? not sure what they're called - i've tried w.32.blackmatter, and a few other variations, and couldn't find anything.
thanks.
I found the BlackMatter AV protections listed in the ThreatWiki but not able to search that is was applied either. https://threatwiki.checkpoint.com/threatwiki/public.htm
Go to the ThreatWiki (https://threatwiki.checkpoint.com/threatwiki/public.htm) and search for blackmatter to get the protection names:
Check Point Harmony Endpoint provides protection against this threat:
https://threatpoint.checkpoint.com/ThreatPortal/threat?threatType=publication&threatId=4561
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 66 | |
| 22 | |
| 7 | |
| 6 | |
| 5 | |
| 4 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY