This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DanielFarina
Explorer
‎2021-06-10 02:07 AM
Jump to solution

EICAR through Virtual Wire Pair

Grettings,

 

I'm trying to detect, block and log the EICAR file transfered on diferent protocols (FTP, HTTP and SMB), I've deployed the Checkpoint 1570R on transparent mode by configuring a bridge between 2 interfaces with a laptop on each interface, somehow I'm not being able to block the file despite I think I've properly enabled Antivirus etc.

 

By the way, in the enviroment where I'm testing this I'm not allowed to access to the internet to update the device, I just want to know if it's an configuration issue. In case it's an issue with updates I would find a way to fix it.

 

Any advice?

 

Thanks

0 Kudos
1 Solution

Accepted Solutions
Tom_Hinoue
Advisor
Advisor
‎2021-06-10 05:24 PM
In response to DanielFarina
Jump to solution

Have you tried enabling LAN to LAN inspection?
By default, inspection between internal interfaces is disabled.

Device -> Advanced Settings -> [Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic] -> change the value to [True]

*Note it may impact performance if you have e.g. additional LAN-WAN traffic.

View solution in original post

Preview file
61 KB
4 Replies
DanielFarina
Explorer
‎2021-06-10 09:35 AM
Jump to solution

 

Forgot to attach the screenshots 🙂

 

 

1.PNG2.1.PNG2.2.PNG2.3.PNG3.PNG

0 Kudos
PhoneBoy
Admin
Admin
‎2021-06-10 02:34 PM
In response to DanielFarina
Jump to solution

Without Internet access, or a Private ThreatCloud appliance, most of the Threat Prevention blades aren't going to work.
That includes AV...and even detecting the EICAR virus, it seems like.
At least that's what I read into the following SK: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
Tom_Hinoue
Advisor
Advisor
‎2021-06-10 05:24 PM
In response to DanielFarina
Jump to solution

Have you tried enabling LAN to LAN inspection?
By default, inspection between internal interfaces is disabled.

Device -> Advanced Settings -> [Stateful Inspection - Perform deep packet inspection on LAN to LAN traffic] -> change the value to [True]

*Note it may impact performance if you have e.g. additional LAN-WAN traffic.

Preview file
61 KB
DanielFarina
Explorer
‎2021-06-14 12:50 AM
In response to Tom_Hinoue
Jump to solution

It worked, but just under HTTP. It must be something related to firmware upgrade or internet access. Many thanks!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events