cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Adnan_Pajalic
Adnan_Pajalic inside SandBlast Agent 2 weeks ago
views 681 5 1

R77.30 sandblast to new virtual machine

Hello,i have a customer that have r77.30 management server with sandblast. It is currently running in vmplayer as a virtual machine.We want it to migrate to ESX as a new virtual management center running r77.30.My question is , how much problems can i encounter if i make a clean install of r77.30 with sandblast if we have around 200 workstations with sandlast agents running.Do i need to reinstall agents with new server or will they automatically be registered if the IP address of management center remains the same ?
Herson_A
Herson_A inside SandBlast Agent 2 weeks ago
views 60 1

Sandblast Agent

Good morning all,I would like to know why is the Check point Endpoint Agent taking too much of the cpu usage on client endpoint, is it normal? the machine in the attachment is running slow since I've installed SandBlast Angent.Thanks in advance.
Ami_Barayev1
inside SandBlast Agent 2 weeks ago
views 76 1
Employee

Endpoint Security / SandBlast Agent Newsletter - Version – E81.10

We recently released SandBlast Agent E81.10. E81.10 introduces new features, stability and quality improvements. A complete list of improvements can be found on the release Secure Knowledge sk155792 Enterprise Endpoint Security E81.10 Windows Clients. Support for windows 10 19H1 E81.10 supports Windows 10 19H1 (version 1903), the latest version. Please note that Anti-Malware support with Windows 10 19H1 requires a server hotfix. Please refer to sk141033 for more information. Optimized Agent Package Size E81.10 introduces 32-bit and 64-bit download packages for the Threat Prevention Client (SBA/Threat Prevention services and Anti-Malware). The new package size is reduced from ~680MB to ~245MB. Note that the Threat prevention package includes an initial set of Anti-Malware signatures. The complete set updates right after the client connects to the update server. We continue to work on optimizing the package size and plan to introduce in the next releases even smaller package and dynamic updates which will improve dramatically the deployments package size. Stay tuned. J BlueKeep (CVE-2019-0708) Microsoft has announced that a critical vulnerability exists in Remote Desktop Services (RDS) relevant to several Windows products, including Windows 7 and Windows Server 2008 R2. The vulnerability allows either Remote Code Execution or Denial of Service attacks when any unauthenticated user communicates with the machine. SandBlast Agent Provide protection against BlueKeep vulnerability using SBA Anti-Exploit technology. Additional information on how to protect against BlueKeep: How to protect RDP servers from CVE-2019-0708 (BlueKeep) sk154732 SandBlast Agent Protects Against BlueKeep RDP Vulnerability New Threat Emulation Report E81.10 now supports by default the new Threat Emulation report with improved UI. Additional intelligence data enables better understanding of the malicious file and its effect on the machine. The new report format has server version requirements: All R80.30 versions are acceptable. The R80.20 version must be R80.20M2 or R80.20 Jumbo Hotfix 4. Customers who use server version 77.30.03 must use the SmartLog version released with Endpoint Security E80.92 or higher.
CHINMAYA_NAIK
CHINMAYA_NAIK inside SandBlast Agent 3 weeks ago
views 273 4 1

Ransomware Simulator Tool results showing Check Point Endpoint unable to detect known Ransomware

Hi Team, SetupOS: GAIA R80.20Client Package : E80.96 , E81.00 ,E80.97Windows Machine (Test): Windows 10 Pro, Windows 7 Pro, Windows 8 ProJumbo HotFix: Take_47 Tools Name: knowbe4 Link: https://www.knowbe4.com/ransomware KB: https://support.knowbe4.com/hc/en-us/articles/229040167 Issue: When I ran this application and start scanning then see some different results. Results 1: Windows 7 with E81.00 package, Suddenly Anti-Malware blade is not worked and we unable to find the SAB agent on the taskbar. Results 2: Windows 10 and 8 with E80.96 package, The application is started initially but suddenly it terminated but we got 4 results and it's showing checkpoint SBA is not venerable. (Reason: Maybe SBA behave kowbe4 application done some unknown activity so SBA terminate this application). I exclude the three process "Ranstart.exe", "Starter.exe" and "Collector.exe". Then again I start scanning and see the below results after scanned completed. Out of 14, 4 is showing vulnerable. Anti Malware version: 201906191126 Still, I need to check whether SBA is able to block those Ransomware or not but pls requesting everyone to look into this. I am sure that SBA will block those ransomware. Regards @CHINMAYA_NAIK
Baasanjargal_Ts
Baasanjargal_Ts inside SandBlast Agent 2019-06-12
views 578 2

Checkpoint Sandblast appliance PoC

Hello,How to make Sandblast TE1000x appliance PoC safe way without affecting customer's Production network. Customer has Email server in their local network. In my opinion, i need Mirror mode deployment. But in this situation we need also make EMAIL emulation. I don't know what configs will be made on their local email server side.If anyone has a PoC guide document latest version. Please share.
Ami_Barayev1
inside SandBlast Agent 2019-06-03
views 443
Employee

Endpoint Security / SandBlast Agent Newsletter - Version – E80.97

Hi all, We recently released SandBlast Agent E80.97 Complete list of improvements can be found on the release Secure Knowledge Enterprise Endpoint Security E80.97 Windows Clients sk154432 E80.97 provides protection against the critical Windows Remote Desktop Protocol (RDP) vulnerability, as defined in CVE-2019-0708 AKA BlueKeep BlueKeep (CVE-2019-0708) Microsoft has announced that a critical vulnerability was found in Remote Desktop Services (RDS) relevant to several Windows products, including Windows 7 and Windows Server 2008 R2. The vulnerability allows either Remote Code Execution or Denial of Service attacks by just communicating with the machine by any unauthenticated user. SandBlast Agent Provide protection against BlueKeep vulnerability using SBA Anti-Exploit technology. This protection is available in the following releases: E80.97 – Enterprise Endpoint Security E80.97 Windows Clients sk154432 CFG release over E81.00 – interested customers should contact support team to get this CFG release Available in the next official release E81.10 As always, we highly recommend installing the relevant Microsoft security patch. Additional information on how to protect against BlueKeep: How to protect RDP servers from CVE-2019-0708 (BlueKeep) sk154732 SandBlast Agent Protects Against BlueKeep RDP Vulnerability
Ami_Barayev1
inside SandBlast Agent 2019-06-02
views 618 1
Employee

Endpoint Security / SandBlast Agent Newsletter - Version – E81.00

Hi all, We recently released SandBlast Agent E81.00 Complete list of improvements can be found on the release Secure Knowledge Enterprise Endpoint Security E81.00 Windows Clients sk153053 BlueKeep (CVE-2019-0708) Microsoft has announced that a critical vulnerability was found in Remote Desktop Services (RDS) relevant to several Windows products, including Windows 7 and Windows Server 2008 R2. SandBlast Agent support mitigation for BlueKeep vulnerability in the following releases: E80.97 – Enterprise Endpoint Security E80.97 Windows Clients sk154432 CFG release over E81.00 – interested customers should contact support team to get this CFG release Available in the next official release 81.10 As always, we highly recommend installing the relevant Microsoft security patch. Additional information on how to protect against BlueKeep – How to protect RDP servers from CVE-2019-0708 (BlueKeep) sk154732 Forensic with GEO Location One of the new enhancements in E81.00 is the GEO location of malicious connections, for example the malware bot communications with its C&C location Improved end-user experience Per feedback from our field and customers, we reduced the number of end-user popups and notifications starting E80.96. By default we no longer present notification which doesn’t require user action or immediately impact the user work. The motivation is to provide smoother experience to the end-user. More information can be found in the Ability to enable/disable user popups in Endpoint Security Client SK152613 Early Availability in E81.00 BitLocker Management BitLocker is a very popular full volume encryption feature included with Microsoft Windows versions. Due to its popularity we have integrated the management of BitLocker into SmartEndpoint to ease its operation to our customers We are looking for customers who would like to participate in the Early Availability version of the BitLocker Management. For customers who are interesting please contact CP_EA@checkpoint.com Virtual desktop infrastructure (VDI) Persistent Support for VMware Horizon Virtual desktop infrastructure (VDI) is virtualization technology that hosts a desktop operating system on a centralized server. With persistent VDI each desktop runs from a separate disk image. The user's settings are saved and appear each time at login and allows more personalization experience. E81.00 add EA support for VDI persistent mode. Support for VDI non-persistent mode is also in development. We will update when it became available. We are looking for customers who would like to participate in the Early Availability version of the VDI persistent mode for VMware. For customers who are interesting please contact CP_EA@checkpoint.com Forensics for Mac OS As of E80.89 we support SandBlast Agent for MAC with advanced threat prevention technologies including Threat emulation, anti-ransomware and Google Chrome Extension. We continuity to work and enhance our SandBlast threat technologies on Mac OS and have Forensic for Mac ready for Early Availability. We are looking for customers who would like to participate in the Early Availability version of Mac Forensic. For customers who are interesting please contact CP_EA@checkpoint.com
Yossi_Hasson
inside SandBlast Agent 2019-05-28
views 885 2 3
Employee

[Breaking News] SandBlast Agent Protects Against BlueKeep RDP Vulnerability (CVE-2019-0708)!

Critical Vulnerability in Windows OS - Code execution using Remote Desktop Protocol (CVE-2019-0708) SandBlast Agent is the First Endpoint Security Solution to Protect Against BlueKeep RDP Vulnerability! Recently, a security advisory was released for a vulnerability in RDP (Remote Desktop Protocol) affecting multiple Windows Operating Systems prior to 8.1. According to Microsoft’s advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708, this vulnerability can be exploited for both remote code execution and denial of service attacks. All this without needing the credentials of the target machine. Check Point’s SandBlast Agent Anti-Exploit now monitors the RDP service for both Windows 7 and Windows 2008R2 and is able to prevent this attack from occurring. Not only ןד SandBlast Agent able to prevent the exploit from being delivered on unpatched systems, but it is also able to prevent the exploit from being delivered to the previously vulnerable driver in patched systems. The protection is available in SandBlast Agent's E80.97 Client Version (Can be downloaded from sk154432). To see Anti-Exploit’s protection in action please see the following video, where our Threat Research Group’s POC used for exploitation is blocked. In addition, you can also see how we are able to block the scan of the Metasploit module that was recently developed to identify vulnerable systems. Video 1: SandBast Agent protects against Check Point's Threat Research group BlueKeep based exploit: LITHIUM.OoyalaPlayer.addVideo('https:\/\/player.ooyala.com\/static\/v4\/production\/', 'lia-vid-A4eWF2aDE67AYYWJlYso5GXChaYdUK5Jw1600h900r273', 'A4eWF2aDE67AYYWJlYso5GXChaYdUK5J', {"pcode":"kxN24yOtRYkiJthl3FdL1eXcRmh_","playerBrandingId":"ODI0MmQ3NjNhYWVjODliZTgzY2ZkMDdi","width":"1600px","height":"900px"});(view in My Videos) Video 2: SandBast Agent protects against Metasploit module developed to identify vulnerable systems: This video is currently being processed. Please try again in a few minutes.(view in My Videos) SandBlast Agent BlueKeep Event Forensics Report: To learn more about SandBlast Agent's Anti-Exploit protection of BlueKeep, see: sk154232 - Anti-Exploit Protection for Remote Desktop Protocol Vulnerability (CVE-2019-0708) Note: Users who run SandBlast Agent with a third party Anti-Virus (AV) should be aware that Anti-Exploit is turned off in the presence of third party AVs. For this protection to be enabled, you must allow Anti-Exploit to work with third party AVs as detailed in sk154454 - Enabling Anti-Exploit when deployed with a third party Anti-Virus.
Boaz_Barzel
inside SandBlast Agent 2019-05-27
views 1395
Employee

First Release - Learning Mode To Best Practice Methodology

I am pleased to finally share with you a methodology I have written from my many years of expertise with Check Point Solutions. Learning mode to Best Practice methodology was created to help you start and better utilize Check Point solutions. At the end of the process, you will be able to apply the Best Practice configuration while tailoring the solution to the organizational needs and maximizing the security effectiveness with minimal overhead to IT and Users experience Start from sk152772 - Learning Mode to Best Practice Methodology and subscribe to updates! The first release is for Check Point SandBlast Agent and includes the following SKs: sk153713 - SandBlast Agent - Learning Mode To Best Practice sk154072 - SandBlast Agent Deployment Best Practice sk153714 - SandBlast Agent Learning Mode Configuration sk154052 - SandBlast Agent Best Practice Configuration
Valeri_Loukine
inside SandBlast Agent 2019-05-17
views 1512
Admin

White Paper - Minimizing SBA Notifications with Check Point GuiDBedit

Author @Krzysztof__Chri Abstract: In some cases, customers needs to minimize notifications to end user as they may get overwhelmed with the notifications. This document will allow you to minimize SBA notifications by modifying the policy using Check Point Database Tool (GuiDBedit).
Shahar_Grober
Shahar_Grober inside SandBlast Agent 2019-05-06
views 1634 6 1

Sandblast Agent end-user guide

Hi, I am looking for Sandblast Agent user guide which explains for End-users how to work with SandBlast agent (SBA for browsers, TE/TEX on the endpoint) Is there such an animal?
Dan_Roddy
Dan_Roddy inside SandBlast Agent 2019-05-02
views 2427 5 2

Internet Exlplorer is not a browser according to Microsoft

If the intended use of IE is for legacy applications, we really need Sandblast support for Edge.Here is what Microsoft is saying about IE:"Is Internet Explorer (IE) a browser? According to Microsoft, no. Today, it's a 'compatibility solution' for enterprise customers to deal with legacy sites that should be updated for modern browsers.Chris Jackson, Microsoft's worldwide lead for cybersecurity, really doesn't want enterprise customers to use IE for all web traffic, even though for some organizations that would be the easiest option.Companies in that situation are willing to take on 'technical debt', such as paying for extended support for a legacy software, but that habit needs to stop in the case of IE, argues Jackson in a new blog post, 'The perils of using Internet Explorer as your default browser'."credit goes to ZDnet for this piece: https://www.zdnet.com/article/microsoft-security-chief-ie-is-not-a-browser-so-stop-using-it-as-your-default/
ISA_License_Adm
ISA_License_Adm inside SandBlast Agent 2019-04-19
views 1987 1

Sandblast Endpoint R80.20 partitioning assistance

Hi, I'm looking for some assistance around partition sizes when deploying the Sandblast agent to around 4000 users. I received feedback on roughly the size of the mgmt. and policy servers but nothing on the partitioning on the mgmt server. I'm fairly new to the Sandblast agent and need some guidance in how to partition the mgmt. and proxy servers.Specs for the mgmt. server would be a VM with 8 cores, 64Gb of ram and a 1TB HDD. Any help would be greatly appreciated. Regards,Ernest
Sanja_Rakic
Sanja_Rakic inside SandBlast Agent 2019-04-12
views 776

SandBlast agent Authentication

Hello everyone,I am facing issues with setting active directory authentication.These issues are consequence of configuration steps that cannot be done on domain controller, so this is not the question. I just want to know what are the consequences if working in authenticated mode is not set? What are exact security risks?Best regards,Sanja