cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

How to block Hashes of malware by IPS signature

Hi experts,

Is there any way in checkpoint IPS (R80.20) to block Hashes of malware. Please share your experience.

Sample of Hashes of malware

04fb0ccf3ef309b1cd587f609ab0e81e
0b2e07205245697a749e422238f9f785
272537bbd2a8e2a2c3938dc31f0d2461
dd792f9185860e1464b4346254b2101b
fcfab508663d9ce519b51f767e902806
5b26f5c7c367d5e976aaba320965cc7f

 

Regards,

Rahul

 

 

0 Kudos
2 Replies

Re: How to block Hashes of malware by IPS signature

Hashes are used by AV to quickly check files, and you can use your own hashes, too. See here how to achieve that: sk142452: Configuring Anti-Virus over MTA to enforce hash(MD5) exceptions for all files

0 Kudos
Employee+
Employee+

Re: How to block Hashes of malware by IPS signature

Hi Rahul,
Why IPS?
The correct way is to use AV & AB blades and the Threat Indicators feature (https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_ThreatPrevention_AdminGui...)
0 Kudos