Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

Sophos Antivirus Not Working on Checkpoint Gateway

I have 2 Checkpoint GWs on R80.10 in a VSX Cluster.. 

Security Team has reported a Critical Vulnerability Stating the following :

IP of CP GW is mentioned as the Remote Host here 

  • An antivirus application is installed on the remote host but its not working properly
  • Sophos antivirus for linux is installed on the remote host. However, there is a problem with the installation, either its services are not running or its engine/virus definitions are out of date.

However, the gateway is up to date with the latest IPS/Antibot and Antivirus Updates as verified from Smartconsole... How can i troubleshoot related to this sophos proxy , services etc? whether its updating correctly or not.

 

Thanks

10 Replies
G_W_Albrecht
Legend
Legend

I would troubleshoot the remote host, not the CP GW - or did i understand you wrong ?

CCSE CCTE CCSM SMB Specialist
LostBoY
Advisor

They have mentioned the CP GW as the "Remote Host"
TP_Master
Employee
Employee

Hi,
There is no need to troubleshoot internal parts of the solution.
Not everything works by default therefore not all parts of the system are up-to-date at all times.

HTH
G_W_Albrecht
Legend
Legend

Open a Service Request with CP TAC to receive a satisfying answer for the customer !

CCSE CCTE CCSM SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin

By what precise method is being determined?
If the gateway in question is NOT running the Anti-Virus blade then these components are not active—or necessarily updated—by design.
When the AV blade is active (if VSX, active on at least one VS), it is kept up to date.
If you find this is not the case, please open a TAC case.
0 Kudos
LostBoY
Advisor

Security Team is using Nessus authenticated scans to determine all these.

Its a VSX Gateway and has antivirus Blade with all the latest updates..
Is there any way to check the current sophos version ?
0 Kudos
PhoneBoy
Admin
Admin

We do integrate a third party AV as part of our gateway solution.
However, it is not an independent component that can be used or updated independently of the gateway software itself.
Provided you are using the latest JHF and version of our code, you are using the latest available.
0 Kudos
LostBoY
Advisor

Thank you for all your replies.
However i dont understand one thing..is Sophos antivirus an integrated part of Antivirus Blade and related updates ? If yes than how it is related to JHF because Antivirus keeps on updating regularly on a daily basis
0 Kudos
G_W_Albrecht
Legend
Legend

The only use of Sophos with CP is in EPSS clients - see sk68080: Supported Anti-Virus/Anti-Malware Vendors For Check Point Media Encryption Device/Media Sca...

One of our clients received the E2 EPS client version to support BitDefender thru the CP Local Office, so i now of this. But concerning the NGTP GWs, these use KAV ++

 

CCSE CCTE CCSM SMB Specialist
PhoneBoy
Admin
Admin

There are binary components (updated with the JHF) and there are signatures (updated automatically/regularly).

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events