cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
SandBlast Agent

SandBlast Agent is Check Point's Endpoint Protection and Threat Prevention solution.

chico
chico inside SandBlast Agent Thursday
views 150 3

Identity agent MUH still active after uninstall

Hello Community,We have some RDS terminal servers (Windows 2012R2) with a identity agent MUH version 80.196.0000. for differents reasons we had to unistall the identity agent on each servers.But the identification still active on the checkpoint gateways for theses servers even if the aren't any identity agent installed on the servers. If I do the commande "pdp connections ts" on the gateway I see my terminal servers ??? I don't understand...On the smartconsol logs filtred by "blade:identity Awareness and IP server" I see some Successful logins and Failed logins from the server without agent.Does someone has some idea about this problem ??Have a nice dayRegards, 
JasonG03
JasonG03 inside SandBlast Agent Thursday
views 167 3

Large Log Files

I have several terminal servers setup that hundreds of users connect to everyday for a RDP application.  The problem is that the local drives are running out of storage space.  Upon inspection, I've found that under "C:\ProgramData\CheckPoint\logs\" there are multiple folders ranging from 20MB to 13GB.  Folders are name "AntiRansonware.log" along with a date.  At the moment, within 2 months, these log files are taking up 63GB.  So my question is, do i need to keep these logs or can i remove them? How can i tell if these log files are useless or contain pertinent information? 
vc
vc inside SandBlast Agent Wednesday
views 217 5

Offline upgrade of agent from 82.00 to 82.30

How do we upgrade the agent from 82.00 to 82.30 without using the smartendpoint server?  I need to push the update with a 3rd party tool as our server is cloud based and we don't have enough bandwidth to upgrade remote sites.  I was able to install the initial client 82.00 but when I try to upgrade it by launching the 82.30 MSI it fails. Any help is appreciated Thanks VC 
Ami_Barayev1
inside SandBlast Agent 4 weeks ago
views 205
Employee+

Endpoint Security / SandBlast Agent Newsletter - Version – E82.00 for macOS GA

Hi all, We are happy to announce the release of Endpoint Security Client E82.00 for macOS to general availability. E82.00 introduce new functionalities and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk158913   Support for macOS Catalina E82.00 support the macOS version 10.15 AKA Catalina   Forensic support SandBlast Agent Forensics enables automated data analysis for detailed insights into threats: Continuously collects run-time events and occurrences in the system for effective forensics analysis. Automatically builds actionable Forensics reports with important attack information. Generate the full attack flow and automated remediation. Ease the security analyst work with ability to fully understand the attack, its impact and remediation actions taken. Integrates monitoring and investigation of security events through SmartEvent and SmartLog   Additional enhancement: New user interface aligned with the look-and-feel of SandBlast Agent for Windows This release includes stability, quality and performance fixes   
Kian_Ong_Tan
Kian_Ong_Tan inside SandBlast Agent a month ago
views 482 4

How to test if anti-bot feature of sandblast agent is working?

Hi everyone!I'm plan to do testing Anti-Bot software blade of sandblast agent from low to high confidence. Our endpoint security client is E82.20 windows client.I know there is Urls for gateway and some url for sandblast agent.Please kindly share me the urls if anyone know.Thanks
Lawrence
inside SandBlast Agent 2020-01-09
views 218 2
Employee

Microsoft SCCM

  A couples of questions in term of implementation. Can we configure Microsoft SCCM for automatic download SBA new Agents from Checkpoint sites. Can we upgrade SBA new agents using Microsoft SCCM. If yes, Please share the steps to do it. Can we configure SBA full package keeping the files in a remote location (Branch Location).
Ami_Barayev1
inside SandBlast Agent 2019-12-16
views 336 1 1
Employee+

Endpoint Security / SandBlast Agent Newsletter - Version – E82.00

Hi all,   We recently released SandBlast Agent E82.00!   E82.00 introduces new features, stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk163233   BitLocker Management from SmartEndpoint BitLocker is a very popular full volume encryption feature included with Microsoft Windows versions. Due to its popularity we have integrated the management of BitLocker into SmartEndpoint to ease its operation to our customers and enable single management experience for endpoint security services. BitLocker management is available for data protection license endpoints with Full Disk Encryption service enabled. Note that single encryption method is supported, either Check’s Point Full Disk Encryption or BitLocker with the ability to switch between the two using Crossgrade Functionality. More information is available at BitLocker Management Administration Guide.   BitLocker management requirements: Endpoint Operating System –  Windows 10 Pro and Enterprise editions E82.00 R80.30 with the BitLocker Management Hotfix sk163297       New Detection Techniques E82.00 introduces new enhancements to the Behavioral Guard to detect and prevent complex Meterpreter/reverse shell and RDP Brute Force attacks. Reverse shell attacks obtain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution which is very complex to detect.   The detections is currently deployed is silent mode and will be activated in a later stage.   Important Note: If you’re participating in a POC, security lab evaluation or penetration test of SandBlast Agent, please contact us to activate these detection enhancements as we know pen-testers love such attacks J   VPN's Post Disconnect FeatureThe post disconnect script feature allows users to run scripts on client computers after disconnections from gateways. Please refer to the Revision History of Remote Access for Windows Administration Guide.     Best Ami.B  
PrinceJames12
PrinceJames12 inside SandBlast Agent 2019-12-15
views 230 1 1

Hello Guys

I am New in this platform. Please Can someone take me through threat Prevention extraction on how to Install it? 
Ami_Barayev1
inside SandBlast Agent 2019-12-09
views 349
Employee+

Endpoint Security / SandBlast Agent - Version – E82.00 for macOS Early Availability

Hi, SandBlast Agent E82.00 for macOS is available for Early Availability. E82.00 for macOS introduces new features, stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk158913 Main Features are: SandBlast Agent E82.00 support macOS Catalina (10.15) Support of SandBlast Agent Forensics which enables automated attack analysis. Continuously collects data about user systems for later Forensics use. Automatically builds actionable Forensics reports with important attack information. Integrates monitoring and investigation of security events through SmartEvent and SmartLog New user interface, aligned with the look and feel of the SandBlast Agent for Windows   Supported services (Blades) in this version Remote Access VPN Firewall for desktop security Compliance Native Encryption Management Threat Emulation Anti-Ransomware Please note that the additional services (Blades), will be supported in the General Availability release.
Chinmaya_Naik
Chinmaya_Naik inside SandBlast Agent 2019-11-28
views 375 4 1

Checkpoint Sandblast Agent need to connect when in Roaming

Hi Team,Our requirement is to connect the Endpoint Security Management Server when the machine is outside of the organization. Like the machine should communicate to the Endpoint Management Server using public internet. So the Administrator able to see the live logs from the Management console.Some Few Solution:1. We can deploy Endpoint Security Management Server on Cloud. (Cloud Management for SandBlast Agent)(sk117536).2. We can use Remote Access VPN to able to communicate with the Endpoint Management Server which required additional Checkpoint Security Gateway to establish a tunnel or we also use the third party remote VPN solution if the customer is not using CP security Gateway.The reason that not feasible the above solution for Some customer:-Reason 1: Customer is not ready to deploy on the cloud Because they already have enough resources to deploy Endpoint Security Management Server On-premises.Reason 2: Most of the user are staying outside of the organization and also they don't have much idea that every time connects to the Endpoint Server using VPN. NOTE: Some of the other vendors such as Symantec is using one feature that gives you an option to define the public IP on the Management Server console with any PORT as per our choice. Also, that same PORT needs to define allow on the Internet-facing Firewall with Static NAT configuration so if the customer is outside of the organization able to communicate with Server without the need of any VPN solution. So My query is that, Is there any alternate solution that we able to communicate with the Endpoint Management Server when on outside of the organization. Regards@Chinmaya_Naik      
Gerry_Locke
Gerry_Locke inside SandBlast Agent 2019-11-21
views 316 2

The first time it was funny.....

The first time this happened I just had a bit of a laugh. Subsequent times made me question the effectiveness of Checkpoint.I have just done a fresh install of Windows on a Surface Pro. After the image was applied, I logged onto the device for the first time......and almost immediately I got a Checkpoint popup telling me that 18 files had been harmed by a ransomware attack and been quarantined. I clicked the link to show me that 18 files that had been quarantined.......only to find they all had names along the lines of 'checkpoint curriculum vitae-don'tdelete.pptx' or 'sandblast zero-day-funddon't-delete.txt'.I am not the Checkpoint administrator in my organisation, so my understanding of Checkpoint is fairly limited, but I believe these are honeypot files placed on my C drive by Checkpoint? I don't know if this is an indicator of the quality of Checkpoint - they have created honeypot files so convincing that it managed to fool itself, or an indicator of the lack of quality of Checkpoint - it doesn't know the difference between a real ransomware infection and it's own honeypot files. Either way doesn't really fill me with a lot of confidence.And on the subject of the honeypot files, we have had the odd user - admittedly only 1 or two - who have had gigabytes of these honeypot files placed in their user profiles. This causes major problems for users with roaming profiles!
Jan_Kleinhans
Jan_Kleinhans inside SandBlast Agent 2019-11-11
views 317 2 1

Sandblast Agent for Browsers Licensing

Hello,how to license SBA4B? At the moment we have Security Gateways with TE Cloud subscription.Can we install and use the SBA4B for free or do we need a license per PC?Best regards,Jan
Nbto
Nbto inside SandBlast Agent 2019-11-08
views 300 1

Environment actualization - order of devices update

Hello, Im planning to update my CHP enviroment from R77.30 to R80.xx. But the question is what's the order of update devices. Should I update first MGMT, next FW and then SandBlast ? Or it doesn't matter ? Thanks mates,Nbto
Baasanjargal_Ts
Baasanjargal_Ts inside SandBlast Agent 2019-11-04
views 363 2

How to choose Sandblast Agent Cloud Management server location.

I can't choose which one is better, in portal.checkpoint.com Sandblast Agent Cloud Management has 2 server location. US and Europe, Which city located that servers. I don't know which is better with us.
Baasanjargal_Ts
Baasanjargal_Ts inside SandBlast Agent 2019-10-31
views 309 2

siblSandblast Endpoint stop for temporary

Hello,Is it possible to stop temporary Sandblast Agent Endpoint. /From endpoint or From SmartEndpoint server/