Create a Post
Showing results for 
Search instead for 
Did you mean: 

High Risk Applications

Can someone explain why Checkpoint flags an application as High Risk?

For example, Dashlane is a password manager with the highest rating found in PC Magazine and other Password Manager ratings give it a 9.9. Back in February 2017, they discover flaws in the password managers but these were fixed by the vendors. Could it be that the rating is due to these findings almost 2 years ago? (9 Popular Password Manager Apps Found Leaking Your Secrets ) 

Labels (3)
0 Kudos
5 Replies

You can always submit a re-classification request, if you see a need. 

0 Kudos

I think high risk could also imply the type of application that while used and supported by high staff is not high risk but could be high risk when used without the IT Departments permission.

0 Kudos

Thank you for your comments. I am trying another password manager BLUR and never got any high-risk messages.

I attribute that to the fact that Blur has never been hacked therefore there are no statistics on security issues with the app. Adam, your comment is very helpful and I am going to explain that to the manager, also Valery, you are right, I can submit a reclass for the product if we decide to use it.

0 Kudos

Hi Olga,

You can check the risk level and category on this CP site:

Dashlane is under category browser plugin, making it extra vulnerable. Just like LastPass. Both with risk high (4). So it looks like all password managers that works as a browser plugin is marked as high risk. BLUR is not on the list of Check Point AppWiki. 

For IPS protections, to get the severity of high this is required:

  • Vulnerability may lead to non-privileged remote code execution 
  • Vulnerability may affect important company assets 
  • Vulnerability can be easily exploited
  • The vulnerable software is significantly deployed in corporate environments
0 Kudos

Password Managers are in general considered a high-risk application for the following reason: They can be used to store organizational credentials in a repository not controlled by the organization.

If your organizations trusts a particular one, then explicitly allow it in the App Control policy.

It is currently not possible to reclassify the risk of a given application.