cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
SandBlast Agent

SandBlast Agent is Check Point's Endpoint Protection and Threat Prevention solution.

Jan_Kleinhans
Jan_Kleinhans inside SandBlast Agent yesterday
views 53 2

Sandblast Agent for Browsers Licensing

Hello,how to license SBA4B? At the moment we have Security Gateways with TE Cloud subscription.Can we install and use the SBA4B for free or do we need a license per PC?Best regards,Jan
Nbto
Nbto inside SandBlast Agent Friday
views 95 1

Environment actualization - order of devices update

Hello, Im planning to update my CHP enviroment from R77.30 to R80.xx. But the question is what's the order of update devices. Should I update first MGMT, next FW and then SandBlast ? Or it doesn't matter ? Thanks mates,Nbto
Ami_Barayev1
inside SandBlast Agent Wednesday
views 116
Employee+

Endpoint Security / SandBlast Agent Newsletter - Version – E82.00

Hi all,   We recently released SandBlast Agent E82.00!   E82.00 introduces new features, stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk163233   BitLocker Management from SmartEndpoint BitLocker is a very popular full volume encryption feature included with Microsoft Windows versions. Due to its popularity we have integrated the management of BitLocker into SmartEndpoint to ease its operation to our customers and enable single management experience for endpoint security services. BitLocker management is available for data protection license endpoints with Full Disk Encryption service enabled. Note that single encryption method is supported, either Check’s Point Full Disk Encryption or BitLocker with the ability to switch between the two using Crossgrade Functionality. More information is available at BitLocker Management Administration Guide.   BitLocker management requirements: Endpoint Operating System –  Windows 10 Pro and Enterprise editions E82.00 R80.30 with the BitLocker Management Hotfix sk163297       New Detection Techniques E82.00 introduces new enhancements to the Behavioral Guard to detect and prevent complex Meterpreter/reverse shell and RDP Brute Force attacks. Reverse shell attacks obtain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution which is very complex to detect.   The detections is currently deployed is silent mode and will be activated in a later stage.   Important Note: If you’re participating in a POC, security lab evaluation or penetration test of SandBlast Agent, please contact us to activate these detection enhancements as we know pen-testers love such attacks J   VPN's Post Disconnect FeatureThe post disconnect script feature allows users to run scripts on client computers after disconnections from gateways. Please refer to the Revision History of Remote Access for Windows Administration Guide.     Best Ami.B  
Baasanjargal_Ts
Baasanjargal_Ts inside SandBlast Agent a week ago
views 233 2

How to choose Sandblast Agent Cloud Management server location.

I can't choose which one is better, in portal.checkpoint.com Sandblast Agent Cloud Management has 2 server location. US and Europe, Which city located that servers. I don't know which is better with us.
Baasanjargal_Ts
Baasanjargal_Ts inside SandBlast Agent 2 weeks ago
views 228 2

siblSandblast Endpoint stop for temporary

Hello,Is it possible to stop temporary Sandblast Agent Endpoint. /From endpoint or From SmartEndpoint server/
Lincoln_Webber
Lincoln_Webber inside SandBlast Agent 2 weeks ago
views 295 2

Sandblast Agent and Symantec Co-existence

Guys,Are there any known compatibility issues with deploying Sandblast Agent to machines with Symantec Endpoint Security?
Ami_Barayev1
inside SandBlast Agent 4 weeks ago
views 193
Employee+

SandBlast Agent Catalina macOS - early availability during Nov'

Hi all, Follow up Catalina macOS release, please note that we are working on a new endpoint client to support Catalina macOS. An early availability version is planned to be released during early November. Our motivation is to expedite the availability of the release to even prior to November, we will update once it will be ready.
Baasanjargal_Ts
Baasanjargal_Ts inside SandBlast Agent a month ago
views 247 2

Sandblast agent Endpoint installation error

Is it possible to deploy Sandblast agent Endpoint by Standalone deployement (without Endpoint server;).I have download Standalone client downloaded. And trying to install Master_FULL_x64 exe file. But it gives that error.
Mattia_Marini
Mattia_Marini inside SandBlast Agent 2019-10-10
views 317 7

VPN Site Endpoint

Hi All,is possible to add a VPN Site configured in a client installed by Initial Client using Smart Endpoint R80.30 ?I know that this is possibile using an exported packages, but i cannot do it using initial client.Thanks 
Miguel_Barrios
Miguel_Barrios inside SandBlast Agent 2019-10-10
views 262 2

SandBlast Agent Installation with Endpoint Connect VPN

Hi CheckMates,I have a customer that has SandBlast Agent - Full Package (AB + FRNC + TE + TEX) with a particular case depoying this agent in a few users.This few users had the Check Point VPN client already installed (to connect to a third party Checkpoint Gw) and when we try to deploy and install the Endpoint Security package, the following error appears: we solved this error previously in another client by enabling the "Endpoint Connect VPN" blade in the deployment tab of SmartEndpoint (as mentioned in the error), but in this particular case the icon is gray (disabled) and can't enable it (maybe some license is missing??)Is there a way to solve this issue? I need to install SBA and also keep the VPN agent but don't understand why these Check Point products are incompatible with each other
chico
chico inside SandBlast Agent 2019-09-27
views 304 5

sandblast icap on R80.20

Hello,I configured the ICAP server on checkpoint R80.20, we use a F5 BIG-IP as a client ICAP. I configured the icap_uri value as mentionend on the checkpoint documentation "/sandblast" but with this value I get the error log"24/Sep/2019:17:12:58 +0200, ICAPserver ICAPclient REQMOD sanblast 404After configured the icap_uri value "avscan" the scan work pretty well24/Sep/2019:16:55:24 +0200, ICAPserver ICAPclient REQMOD avscan?allow204=on&sizelimit=off&mode=simple 200Tue Sep 24 16:55:24 2019, 492/3921324944, VIRUS DETECTED: Unknown , http client ip: x.x.x.x, http user: -So someone could tell me why the value "sanblast" seems doesn't work ? Best regards, 
Chinmaya_Naik
Chinmaya_Naik inside SandBlast Agent 2019-09-26
views 195 1

Endpoint agents shows disconnected & unable to reach cloud MGMT when connected through Proxy

Hi Team,I have a query regarding Sandblast Agent.Endpoint Server is hosted on Cloud.We have a scenario where we have two networks so basically, one network (NETWORK_1) with Proxy and another network (NETWORK_2) without proxy. Did the Sandblast Agent have functionality that automatically detects and goes through Proxy?Because if I am going to connect the NETWORK_2 then Sandblast_Agent show connected but showing disconnected when we connect through (NETWORK_1).As I am not sure but Is this right that Sandblast Agent automatically take the proxy address from Browser ?Basically, we are using PAC file for Proxy.Thank YouRegards@Chinmaya_Naik 
Tom_Kendrick
inside SandBlast Agent 2019-09-20
views 247 2
Employee+

Mitre ATT&CK view added to SandBlast Agent Forensic reports available in upcoming E81.40

One of the many new features that will be available in E81.40 is an updated SandBlast Agent Forensic report. For this, we have to thank our wonderful R&D Team at HQ for making this happen! The new Forensic report contains: Mitre ATT&CK screen: Showing links back to the Framework RDP Focus: Use the Ryuk RDP Report (Overview and General Screen provide RDP Details) Injections: Use the Ryuk RDP Report (Shown in both Mitre Screen and Tree Views) Privilege Escalation: Use Cerber or Sodinokibi (Shown in both Mitre Screen and Tree Views) Current Ransomware affecting US Municipalities: Ryuk, Sodinokibi and Robinhood               Some of these samples have been put online, which you can take a look at: Report Use Case Link Ryuk RDP RDP/Injections https://forensics.checkpoint.com/ryuk_rdp/ Sodinokibi Ransomware Current https://forensics.checkpoint.com/sodinokibi/ Robinhood Ransomware Current https://forensics.checkpoint.com/robinhood/ Astaroth Fileless Current https://forensics.checkpoint.com/astaroth/ Bad Rabbit Blog / Well Known Ransomware https://forensics.checkpoint.com/badrabbit/ Cerber Blog / Well Known Ransomware https://forensics.checkpoint.com/badrabbit/ Pokemongo Blog https://forensics.checkpoint.com/pokemongo/ CTB-Faker Blog https://forensics.checkpoint.com/ctb-faker/ Wannacry Blog/ Well Known Ransomware https://forensics.checkpoint.com/wannacryptor2_1/ Ranscam Blog/ Well Known Ransomware https://forensics.checkpoint.com/ranscam/    
Yossi_Hasson
inside SandBlast Agent 2019-09-08
views 139 1
Employee

BlueKeep exploit is weaponized: Check Point customers remain protected.

The notorious BlueKeep vulnerability has been escalated from a theoretical, critical vulnerability, to an immediate, critical threat. While BlueKeep’s devastating potential was always known, it was a theoretical threat, as there was no working exploit code. That code was released into the wild when the open source Metasploit penetration testing framework released a Bluekeep exploit module on September 6. Unfortunately, the Metasploit toolset is used by both security practitioners and cybercriminals alike. By publishing the BlueKeep exploit code hackers were essentially provided with weaponized, working code that enables the creation of a dangerous worm. How serious is the threat? If a single unpatched Windows machine with network admin access is running on a network, the attacker may have access to all in-use credentials to all systems on the network, whether they are running Windows, Linux, MacOS or NetBIOS. In effect, this scenario means that a single, infected Windows machine can completely own a network. Check Point’s BlueKeep protections for network and endpoint, released several months ago, protect against the new weaponized version of this attack. Check Point customers who have implemented these protections remain protected. We recommend all customers to take immediate action to make sure they are protected: Install the Microsoft patch on all vulnerable Windows systems Enable Check Point’s IPS network protection for BlueKeep Implement Check Point’s endpoint protection for BlueKeep