Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copper

Sophos Antivirus Not Working on Checkpoint Gateway

I have 2 Checkpoint GWs on R80.10 in a VSX Cluster.. 

Security Team has reported a Critical Vulnerability Stating the following :

IP of CP GW is mentioned as the Remote Host here 

  • An antivirus application is installed on the remote host but its not working properly
  • Sophos antivirus for linux is installed on the remote host. However, there is a problem with the installation, either its services are not running or its engine/virus definitions are out of date.

However, the gateway is up to date with the latest IPS/Antibot and Antivirus Updates as verified from Smartconsole... How can i troubleshoot related to this sophos proxy , services etc? whether its updating correctly or not.

 

Thanks

10 Replies
Highlighted
Sapphire

Re: Sophos Antivirus Not Working on Checkpoint Gateway

I would troubleshoot the remote host, not the CP GW - or did i understand you wrong ?

Highlighted
Copper

Re: Sophos Antivirus Not Working on Checkpoint Gateway

They have mentioned the CP GW as the "Remote Host"
Highlighted
Employee+
Employee+

Re: Sophos Antivirus Not Working on Checkpoint Gateway

Hi,
There is no need to troubleshoot internal parts of the solution.
Not everything works by default therefore not all parts of the system are up-to-date at all times.

HTH
Highlighted
Sapphire

Re: Sophos Antivirus Not Working on Checkpoint Gateway

Open a Service Request with CP TAC to receive a satisfying answer for the customer !

0 Kudos
Highlighted
Admin
Admin

Re: Sophos Antivirus Not Working on Checkpoint Gateway

By what precise method is being determined?
If the gateway in question is NOT running the Anti-Virus blade then these components are not active—or necessarily updated—by design.
When the AV blade is active (if VSX, active on at least one VS), it is kept up to date.
If you find this is not the case, please open a TAC case.
0 Kudos
Highlighted
Copper

Re: Sophos Antivirus Not Working on Checkpoint Gateway

Security Team is using Nessus authenticated scans to determine all these.

Its a VSX Gateway and has antivirus Blade with all the latest updates..
Is there any way to check the current sophos version ?
0 Kudos
Highlighted
Admin
Admin

Re: Sophos Antivirus Not Working on Checkpoint Gateway

We do integrate a third party AV as part of our gateway solution.
However, it is not an independent component that can be used or updated independently of the gateway software itself.
Provided you are using the latest JHF and version of our code, you are using the latest available.
0 Kudos
Highlighted
Copper

Re: Sophos Antivirus Not Working on Checkpoint Gateway

Thank you for all your replies.
However i dont understand one thing..is Sophos antivirus an integrated part of Antivirus Blade and related updates ? If yes than how it is related to JHF because Antivirus keeps on updating regularly on a daily basis
0 Kudos
Highlighted
Sapphire

Re: Sophos Antivirus Not Working on Checkpoint Gateway

The only use of Sophos with CP is in EPSS clients - see sk68080: Supported Anti-Virus/Anti-Malware Vendors For Check Point Media Encryption Device/Media Sca...

One of our clients received the E2 EPS client version to support BitDefender thru the CP Local Office, so i now of this. But concerning the NGTP GWs, these use KAV ++

 

Highlighted
Admin
Admin

Re: Sophos Antivirus Not Working on Checkpoint Gateway

There are binary components (updated with the JHF) and there are signatures (updated automatically/regularly).