cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee++
Employee++

Threat Emulation Engine Update 7

Hi, 請留意目前最新的TE engine 7更新資訊。(版本: 57.99002577)

sk95235 Threat Emulation Engine Update - What's New?

What’s New:

·         CADET (Context-Aware Detection and Elimination of Threats)

o   CADET improves Threat Emulation precision by incorporating all existing Threat Emulation features in Machine Learning (ML) mode. ML is tuned to improve accuracy, increasing the number of threats detected and reducing the number of false positives.

o   Currently, CADET focuses on executable files, and applies only to cloud emulations.

 

·         Threat Prevention by file source URL.

·         Improved Static Macro analyzer. Improved detection of malicious macros in Office documents.

·         Improved executable file analysis performance by approximately 40%.

·         YARA for all file support – Early Availability. This feature is currently off by default. To enable, see sk123156.

·         New anti-evasion techniques.

·         Additional features in Threat Emulation reports:

o   Added  tecli command for configuring the malicious file password.

o   Added HTTP attack vector which includes the download source URL and its reputation.

o   Added time stamp to the attack vector.

o   Added the option to download packet capture.

o   Show the entire file path for archive/dropped/embedded descendants.

o   Show emulation video instead of static screenshots.

 

·         Improved Cloud Emulation queue wait time by approximately 50%.

 


 

4 Replies
Highlighted
Employee++
Employee++

Re: Threat Emulation Engine Update 7

AI技術應用已經整合至TE Engine中了!

0 Kudos
Employee++
Employee++

Re: Threat Emulation Engine Update 7

https://blog.checkpoint.com/2018/06/13/introducing-cadet-ai-technology-in-action/

這個先進的ML技術可大大強化TE對於未知惡意程式的模擬效率與準確度,也是Check Point結合AI用於資安防禦技術的開端! 相信接下來會有更多的AI應用於SandBlast/Threat Prevention中。

Employee++
Employee++

Re: Threat Emulation Engine Update 7

目前KB資訊尚未更新,後續可參考詳細說明。

0 Kudos
Employee++
Employee++

Re: Threat Emulation Engine Update 7

Latest update:

TE Engine 7.1.1(Engine:57.990002623)

開始可支援自訂YARA Rule(開源的惡意程式特徵碼工具)

https://supportcenter.checkpoint.com/supportcenter/portaleventSubmit_doGoviewsolutiondetails=&soluti...

0 Kudos