Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor
Jump to solution

Block Malware Hash Checkpoint VSX

Hello,

 

I need to block certain malware hash in my Checkpoint Gateway VSX . R80.10..

Need some guidance for that 

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Yes you can, the precise format and instructions are covered in the Threat Prevention Admin Guide.
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/...

View solution in original post

4 Replies
Benedikt_Weissl
Advisor
You can import custom snort rules into r80.10, see here

https://community.checkpoint.com/t5/API-CLI-Discussion-and-Samples/Did-you-know-Add-Snort-Protection...

I think snort rules can check for a certain hash value in all packets.

If upgrading is possible you can use Indicators of Compromise starting with R80.20, see here

https://community.checkpoint.com/fyrhh23835/attachments/fyrhh23835/ips-av-ab/2150/2/Threat%20Prevent...
0 Kudos
LostBoY
Advisor
i was looking into the smartconsole settings... there is a indicator import section in threat prevention...cant i create a CSV file with these indicators and import them from there ? not sure about the CSV format though as i am getting an error stating "fields in ro 7 are less than expected"
0 Kudos
PhoneBoy
Admin
Admin
Yes you can, the precise format and instructions are covered in the Threat Prevention Admin Guide.
https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_ThreatPrevention_AdminGuide/...
jupde
Explorer

for anyone that is trying to add an indicator file based on the instructions in the documentation, the example they give isn't great. I had to get some help from my CP consultant and we fiddled with the file format for an hour before we realized that none of the heading information needs to be there, so just take out all the lines at the top of the example and you will probably be good to go. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events