This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Daniel_Taney
Advisor
‎2019-02-08 11:47 AM

How To Check MD5 Of Files Against CP Threat Database / Report An Unknown File

Good Afternoon,

I have a file that VirusTotal indicates has a known malicious MD5 that may have gotten through our Gateway. The file in question is a Power Point file containing a static image and a hyperlink. There does not appear to be any active content / macro payload / etc... that would cause this file to trigger in Threat Emulation. So, I am assuming the only way CP would be able to catch it would be based on the hash of the file itself. 

Does Check Point have a place to search an MD5 or SHA-1 hash of a potentially malicious file? I know you can use threatpoint.checkpoint.com to send files through Threat Emulation / Threat Extraction. But, I couldn't find any other reference point to check against legacy AV/Malware signatures. Is there a way to see whether CP already has this hash as a malicious file?

If not, what is the best way to go about reporting these kinds of things to CP? This is the first time I've had to deal with this.

Thanks!

Dan

R80 CCSA / CCSE
1 Reply

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top