This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ShemHunter
Participant
‎2024-10-17 09:02 AM

Edited local.scv

I wrote a regular script to check the folder for updates (after launching, it checks and outputs to me the file at the endpoint, the date and time of the last update of the folder).

 

I entered the name of this script in the Script Run line, as well as in SCVGlobalParams.

 

However, the end client does not pass the verification, an error appears that it does not comply with the policy.

How do I add a parameter to local.scv so that it runs and checks with this script for the latest update in the folder?

 

That is, when the client connects, a script must be run, which, after execution, outputs information to a file (date + time).

I need to configure local.scv so that it runs the script first, and then accesses the folder and checks its latest update.

 

Or option 2, I need to configure local.scv to check the folder (also, for the date and time of the last update), how do I add a parameter to the file so that it checks the folder, and if everything is fine, it would allow the client to connect, if not, it would disable it, and output an error with the parameter "Update this folder, it has not been updated in the last 2 weeks."

 

I will add my entire local.scv file to the application to show what I did.

 

I would like to know if everything is written correctly or not.

 

An example of my file in attachments.

 

Thank's!

 

Preview file
9 KB
15 Replies
the_rock
MVP Gold
MVP Gold
‎2024-10-17 10:06 AM

I reviewed what you posted and looks right to me. I will download the file and double check later, but glancing at it quickly, looks good.

Andy

0 Kudos
ShemHunter
Participant
‎2024-10-17 10:17 AM
In response to the_rock

Hi @the_rock 
I'm glad that you answered me :)

I can download the script itself, and in it I just specified a random folder where I dropped the information so that this folder was updated What is the essence of my mission: I can't check my antivirus for database updates, so I want to specify the folder or folders where information about updated databases is uploaded.

Therefore, I need to do this either through a script (which will check the folder with updated information and will upload it to a separate folder and check it using local.scv)

Or just specify a folder that will be updated as information becomes available and I need local.scv to check this folder for updates, if it corresponds, then the client connection would take place, if not, then I would give him a signature, something like "your databases are not updated."

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-10-17 10:47 AM
In response to ShemHunter

No problem 🙂

Btw, if you wish to run it as a script, you can simply move it to the fw, run chmod on it, then dos2unix to convert it and then ./filename as a script.

Andy

0 Kudos
ShemHunter
Participant
‎2024-10-17 10:54 AM
In response to the_rock

I didn't quite understand what you were talking about)

I have this script in my local machine where checkpoint mobile is installed and I check it using compliance rules (that is, I edit the local.scv file), in case we misunderstood each other 🙂

Here is my script, it is written for Powershell, I can rewrite it for bat

Preview file
385 KB
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2024-10-17 10:57 AM
In response to ShemHunter

Sorry, I was more referring if you had txt file on the fw and wanted to run it as a script.

Andy

0 Kudos
ShemHunter
Participant
‎2024-10-18 05:42 AM
In response to the_rock

Still, I need help.

 

maybe I need to write some other script so that it checks? 

 

or is there some setting in the local.scv file that will allow me to check the folder for updates?

0 Kudos
PhoneBoy
Admin
Admin
‎2024-10-18 12:09 PM
In response to ShemHunter

The available SCV checks are here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C...
To do what you're asking for likely requires a script.

You can also debug to see what is happening on the gateway side by following the kernel debug procedure: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityGateway_Guide/Conten...
For Step 8, the command to use is: fw ctl debug -m fw + scv

0 Kudos
Ricki_Juntak
Participant
‎2025-02-13 07:35 AM
In response to PhoneBoy

Hi PhoneBoy,

Can you share to me the document about list or like compatibility for SCV, what SCV can check from client.

I need to show the list to customer for makesure they can use vpn remote acces to do the vpn posturing using gateway

------

I see from your suggest link like with SCV we only support check for AV brand like only on the list?

Type of Anti-Virus. For example, "Norton", "VirusScan", "McAfee", "OfficeScan", or "ZoneLabs".

 

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-13 04:07 PM
In response to Ricki_Juntak

Everything SCV can check should be in the documentation I linked.
Yes, checks for specific AV is limited, but you can also use Windows Security Monitor (which supports more AVs).

0 Kudos
Ricki_Juntak
Participant
‎2025-02-16 11:56 PM
In response to PhoneBoy

@PhoneBoy  Thank you for reply,

for me this feature is new, I dont have any experience how to config.

can you share how to detect di kaspersky using windows security monitor

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-17 03:41 PM
In response to Ricki_Juntak

It's in the documentation I linked previously.

0 Kudos
Ricki_Juntak
Participant
‎2025-02-19 07:11 PM
In response to PhoneBoy

Can you share signature for all brand Anti virus we can use for script SCV? like kaspersky, bitfinder, or more

cause on  link just example type of Anti-Virus. For example, "Norton", "VirusScan", "McAfee", "OfficeScan", or "ZoneLabs".

0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-20 05:37 AM
In response to Ricki_Juntak

Windows Security Monitor can look for any installed AV, Firewall, or Spyware program.
You can require specific ones by setting VirusProtectionInstalledPrograms, NetworkFirewallInstalledPrograms, and/or SpywareProtectionInstalledPrograms in the local.scv file, as shown here: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C... 
To get the exact name of an installed product, see: https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_RemoteAccessVPN_AdminGuide/C... 

Outside of using Windows Security Monitor, we only support what is listed in the documentation.

0 Kudos
ShemHunter
Participant
‎2024-10-21 05:39 AM

@PhoneBoy @the_rock 

Hello everyone

I managed to get rid of some errors thanks to the configuration in global parameters.

One mistake remains:Verification script has detemined that your configuration does not meet policy requirements.

I added the output to the script 0 - the folder has been updated, 1 - not updated.

If I run the script without scv, then it gives me 0 and in fact it should be checked and connect me, but it(local.scv) does not do this.

Where to look?

Even if the output was words like "folder updated", my compliance policy still did not let the user through.

Thank you in advance.

0 Kudos
(1)
PhoneBoy
Admin
Admin
‎2024-10-21 01:36 PM
In response to ShemHunter

We're looking for the exit code of the script, not the output.
In conditions where the script "fails" (i.e. it's not a user you want to let in), then the script should execute exit 1 (at least in bash, but I assume it's the same/similar in other shells).

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events