Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dominic
Participant
Participant

Hi team, 

Please advice the if it possible to add the missing hash value on checkpoint database.

I tried to search under "threat tools" the existence of the attached screenshot but is not available.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
There is no mechanism to add your own SHA-1 hash prior to R80.40 that I am aware of.
That said, looking the SHA-1 hash up on VirusTotal, you can find the relevant MD5 hash and add that instead.
See:
https://www.virustotal.com/gui/file/564944a262af0c10fda43475ab24558fc873dabc12e61ee79f46863ffccedba3...

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
Sorry I'm not clear what you're asking here.
What is this hash in relation to?
0 Kudos
Dominic
Participant
Participant
I was inquiring if the below hash value can be added to checkpoint manually. I also shared an image on the same.
please let me know.

SHA-1
6d4f453dd7c48075a2205b9529cc725a769cf00a
0 Kudos
PhoneBoy
Admin
Admin

I assume you mean blocking said hash using Threat Prevention blades.
If you mean something else, please elaboate.

To import one or more hashes, they must be placed in a file (CSV or STIX), then imported.
Refer to the following screenshot for where to do that:

Screen Shot 2020-04-05 at 8.29.58 PM.png

Refer to the documentation for the correct format of this file: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...
Note that in releases prior to R80.40, only MD5 hashes are supported.
R80.40 supports SHA-1 and SHA-256 hashes.

0 Kudos
Dominic
Participant
Participant
Hi PhoneBoy,

Since prior versions to R80.40 doesn't support SHA-1 and SHA-256 hashes, does it also mean I cannot add them manually?
Reason being that these are already existing malware that I need to block in my network.
0 Kudos
PhoneBoy
Admin
Admin
There is no mechanism to add your own SHA-1 hash prior to R80.40 that I am aware of.
That said, looking the SHA-1 hash up on VirusTotal, you can find the relevant MD5 hash and add that instead.
See:
https://www.virustotal.com/gui/file/564944a262af0c10fda43475ab24558fc873dabc12e61ee79f46863ffccedba3...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events