This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LostBoY
Advisor
‎2020-04-23 06:41 AM
Jump to solution

Block Malware Hash Checkpoint VSX

Hello,

 

I need to block certain malware hash in my Checkpoint Gateway VSX . R80.10..

Need some guidance for that 

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
4 Replies
Benedikt_Weissl
Advisor
‎2020-04-23 07:37 AM
Jump to solution

You can import custom snort rules into r80.10, see here

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Did-you-know-Add-Snort-Protection...

I think snort rules can check for a certain hash value in all packets.

If upgrading is possible you can use Indicators of Compromise starting with R80.20, see here

https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/ips-av-ab/2150/2/Threat%20Prevent...
0 Kudos
LostBoY
Advisor
‎2020-04-23 08:15 AM
In response to Benedikt_Weissl
Jump to solution

i was looking into the smartconsole settings... there is a indicator import section in threat prevention...cant i create a CSV file with these indicators and import them from there ? not sure about the CSV format though as i am getting an error stating "fields in ro 7 are less than expected"
0 Kudos
jupde
Explorer
‎2022-03-03 01:24 PM
In response to LostBoY
Jump to solution

for anyone that is trying to add an indicator file based on the instructions in the documentation, the example they give isn't great. I had to get some help from my CP consultant and we fiddled with the file format for an hour before we realized that none of the heading information needs to be there, so just take out all the lines at the top of the example and you will probably be good to go. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top