This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-08 12:55 PM

Threat Emulation and Threat Extraction testing resources

Is there a documented public test/procedure that can be used to test the TE and TEX blades?

 

I am thinking a site hosting testing files (benign) that will generate logs. Meaning that the blades will work with the files downloaded through the gateway, emulating and scrubbing.

Also useful/favourite commands, e.g.

cpview

tecli show statistics

cpstat threat-emulation -f general_statuses

cpstat threat-emulation -f contract

tecli show cloud quota

nslookup -query=SRV te.checkpoint.com

 

Note:

Please do not suggest CPCHECKME

 

0 Kudos
10 Replies
Lesley
MVP Gold
MVP Gold
‎2026-01-08 01:51 PM

This will be a challenge. There are some ''fake'' test virus out there like EICAR. But all vendors are already aware. I would build something in vmware, isolate it from the rest and use this as a test case to download and receive e-mails. EICAR you can send as attachment, then atleast you know you configured the basics correctly. If it arrives at the client you know something is up. Not sure if the e-mail provider will send it tho. 

Or what do you think something like this? https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-simulations?view=o3...

 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-09 01:32 AM
In response to Lesley

Thanks @Lesley 

I think that is more about testing Microsoft Defender security.

It would be nice to have an official test procedure (plus resources) that Check Point documents and maintains (outside of PoC and Partner demo (DemoPoint) tools).

 

I have found these two links and done minimal testing.

The results are good because they show that TE is working and scanning files. It finds malware and logs it, and it is not a Check Point associated repo (added bonus in this case).

 

https://github.com/rakeshcorp/sandbox-samples/tree/master/anti-vm

https://github.com/ytisf/theZoo - Use carefully, lab only

 

Time permitting I will look into this some more and see what can be used and added in here.

Preview file
69 KB
Preview file
30 KB
the_rock
MVP Diamond
MVP Diamond
‎2026-01-08 03:44 PM

Excellent post, Don. Im not personally aware of any other site, other than eicar, but would be awesome if this could be tested.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2026-01-08 04:48 PM

I usually test in lab using a test Word file (demo.doc) that was available when there was a test link for Threat Emulation in ThreatWiki. Does any one remember it? 🤔

I'm still wondering why the test link was removed from the site...

(1)
the_rock
MVP Diamond
MVP Diamond
‎2026-01-08 04:50 PM
In response to Tom_Hinoue

O yea, thats right, I remember that. 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2026-01-09 04:18 AM

I'm checking current accessibility but cpcheckme previously assisted in this regard.

CCSM R77/R80/ELITE
0 Kudos
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-09 04:23 AM
In response to Chris_Atkinson

Thanks Chris.

But that is in my avoid list.

CPCHECKME underwent the big makeover last year and it changed the way it worked (end user experience).

Also broke the CTPS course lab steps that used it before.

Long story short. I always had problems with it and had to use Firefox to be sure it would work. Then it got a facelist and because it is a Marketing department tool the message was - too bad, don't use it in labs.

That's my honest view. So I am looking for more valid technical testing tools.

 

0 Kudos
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-09 04:29 AM
In response to Chris_Atkinson

Another point.

It is http://checkme.checkpoint.com and not cpcheckme....  All part of the makeover....

Right now it is http (as above) and NOT https.  

Not at all confusing..

Don_Paterson
MVP Gold
MVP Gold
‎2026-01-09 04:37 AM
In response to Chris_Atkinson

That note I added to not suggest CPCHECKME/CHECKME was to avoid this noise.

I just ran it and it triggers IPS, AV and AB but not TE and TEX.

That made it great for CTPS course labs because those first three blades are covered in that course.

Putting the training aside, the real-world testing would want to cover all the blades and offer a few examples of each.

Preview file
65 KB
0 Kudos
Don_Paterson
MVP Gold
MVP Gold
‎2026-01-09 04:41 AM
In response to Don_Paterson

The Endpoint executable download test triggers TE on the gateway but it was the Endpoint test and not the Network test..

Preview file
111 KB
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events