This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
David_C1
Advisor
‎2023-04-28 07:24 AM

Microsoft Application objects for OneDrive and Oulook

There seems to be a certain amount of application signature bloat for Microsoft services, or perhaps someone can shed some light on the differences between the highlighted applications below:

OneDrive.jpg

Outlook.jpg

This has always confused me, but became a problem after a recent lifecycle and upgrade of one of our clusters. Under R80.40, we were allowing Outlook traffic using the application "Microsoft-Outlook-web". After a lifecycle, which included an upgrade to R81.10, Outlook traffic was blocked and was classified by application "Office365-Outlook-web." Why two different applications for what seems to be the same thing? Check Point's documentation on this (e.g. sk110679) is pretty bare and hasn't been updated in almost 2 years. Any other documentation I'm missing?

Dave

0 Kudos
3 Replies
the_rock
Legend
Legend
‎2023-04-28 07:38 AM

You are not missing anything and yes, I agree 100% about the documentation about it.  Anyway, I had same situation with customer on R81.10 and we had to allow whatever was listed there, even TAC said there was really no other good workaround.

0 Kudos
David_C1
Advisor
‎2023-04-28 07:46 AM
In response to the_rock

Thank you for the corroboration.

Another point of confusion for me, if I allow the application "Office365 OneDrive-web", does this also allow "Office365 OneDrive-web-upload" and "Office365 OneDrive-web-remove"? Or if I allow "Microsoft Outlook-web", does this also allow "Microsoft Outlook-webupload" and "Microsoft Outlook-web-download". I believe the answer is yes. How about if I allow the application "Microsoft Services" does this allow everything Microsoft? What is really needed is documentation around parent/child application signatures, i.e. what applications include other applications.

Dave

0 Kudos
the_rock
Legend
Legend
‎2023-04-28 07:49 AM
In response to David_C1

Funny you ask that question, because my customer asked TAC exact same one and they said yes to both, BUT guy also said to be safe,we should test each one and see the results, so that answer did not instill confidence, at leats for me : - ). So, we did test and it turned out to be the case, what your assumption is.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Thu 25 Apr 2024 @ 10:00 AM (CEST)

    The Anatomy of a Cloud Hack by NotSoSecure - EMEA Session

    Thu 25 Apr 2024 @ 06:00 PM (IDT)

    The Anatomy of a Cloud Hack by NotSoSecure - America Session
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap
    Virtual

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap
    Virtual

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices
    Virtual

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    Virtual

    Thu 02 May 2024 @ 10:00 AM (CEST)

    CheckMates Live BeLux: How Can Check Point AI Copilot Assist You?
    Virtual

    Thu 02 May 2024 @ 04:00 PM (CEST)

    CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WAN
    CheckMates Events