Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Kaushal_Varshne
Employee Alumnus
Employee Alumnus

CheckMe: FREE and Instant Network Security Assessment

Check Point’s CheckMe is a free and instant network security assessment tool. Using a series of simulations, CheckMe instantly identifies security risks on your network, and provides you with a detailed report on network vulnerabilities and recommendations.

To learn more watch this 3-minute video - CheckMe: FREE and Instant Network Security Assessment - YouTube

7 Replies
Danilo_Lara
Contributor

CheckMe is a great tool. In fact it only checks if, in case of zero day analysis, it is allowed to download a malware file. I know we have the link to the malware file it tries to download in a SK, however, is this file a real malware?

Some customers are saying that if the file is downloaded, their endpoint solution should block the infection. I wanna know if I can ask the customer to download the malware file at their own risk to test their antimalware solutions.

Thanks!

0 Kudos
Reply
PhoneBoy
Admin
Admin

The point of the CheckMe test is to validate the efficacy of your existing security controls.

Which means it's entirely possible existing endpoint and/or network security controls will block the files.

The files in question exhibit behaviors that are consistent with malicious files.

0 Kudos
Reply
Elad_Goldenberg
Employee
Employee

Hi Danilo, keep in mind that CheckMe assess only the network so their endpoint solutions are not "part of the game" and they can't block CheckMe tests.

Gomboragchaa
Advisor

I admit to CheckMe is the easiest and fastest assessment tool. 

We are using all Threat Prevention blades with Optimized Profile excluding Threat Extraction. Today I used to CheckMe(Network) assessment tool in environment. But the result is a disaster. We blocked Anonymizer, Critical Risk, Botnets, Tunnels and Phishing Application/Site_Group using Application Control Blade with URLF. 

Maybe I'm doing something wrong?

0 Kudos
Reply
Elad_Goldenberg
Employee
Employee

Hi Gomboragchaa, 

Are you sure that all blades are activated?

Did you review all the remediation steps in the report?

0 Kudos
Reply
Gomboragchaa
Advisor

Hi Elad Goldenberg‌,

I reviewed remediation steps from report. Such as BROWSER EXPLOIT.

Remediation Guide:

The IPS is part of the NGTX and NGTP and it blocks cross-site scripting attack with its recommended / optimized profile. In case that IPS protections are not updated, enable cross-site scripting attempt in your IPS policy to protect your computer from this threat. 

Reviewed Firewall Configs: 

1. IPS Blade is active

2. I am using Optimized Profile on Threat Prevention.

3. Cross-Site Scripting Scanning Attempt protection must to prevent(default-config) on Optimized Profile.

4. IPS Blade is Up-to-date

Another thing: I used CheckMe again without any changes. Result is different.....

0 Kudos
Reply
Elad_Goldenberg
Employee
Employee

Gomboragchaa Jamganjav‌, can you confirm that the your traffic go through this GW?

Did you install policy?

let's continue the thread via emails. my email is eladgo@checkpoint.com