Re: ThreatEmulation

Sarm_Chanatip · ‎2018-07-26

Hi guys,

I'm wondering if anyone here has the link download files for ThreatEmulation test. I just got Sandblast TE100X appliance in my environment and want to test if TE100X is able to detect files that unknown before and show detect/prevent on logview when file emulating completed on it.

Thank you in advance.

Regards,

Sarm

Pedro_Espindola · ‎2018-07-26

In ThreatWiki there is a "Test Threat Emulation" button.

Sarm_Chanatip · ‎2018-07-26

Hi Pedro,

It does not work. I did a live chat with someone guy of checkpoint technical support and he said that :"This is a known issue we're still working on it It needs time As for now, it is with the RnD "

Djelo_Arnautali · ‎2018-07-26

You can download malware files from Liste malware - malekal.com It is very difficult to get some real zero day malware files but you can test your TE100X appliance by disabling the antivirus engine and force the emulation. Check Point antivirus engine (Kaspersky) has already signatures for the files from this site so that is the reason to disable the antivirus blade.

Regards,

Sarm_Chanatip · ‎2018-07-26

็Hi Djelo,

That sounds good. I will try to do so.

Thank you for sharing idea.

Sven_Glock · ‎2018-07-26

Ask your Check Point sales engineer - he/she will have an answer

Pablo_Barriga · ‎2018-07-29

Hello you can try to use this tool CheckMe Instant Security Check | Check Point Software Technologies

I generates events on the TE blade.

Are you a member of CheckMates?

ThreatEmulation