- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Re: How to block Hashes of malware by IPS signatur...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to block Hashes of malware by IPS signature
Hi experts,
Is there any way in checkpoint IPS (R80.20) to block Hashes of malware. Please share your experience.
Sample of Hashes of malware
04fb0ccf3ef309b1cd587f609ab0e81e
0b2e07205245697a749e422238f9f785
272537bbd2a8e2a2c3938dc31f0d2461
dd792f9185860e1464b4346254b2101b
fcfab508663d9ce519b51f767e902806
5b26f5c7c367d5e976aaba320965cc7f
Regards,
Rahul
3 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hashes are used by AV to quickly check files, and you can use your own hashes, too. See here how to achieve that: sk142452: Configuring Anti-Virus over MTA to enforce hash(MD5) exceptions for all files
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @G_W_Albrecht ,
do we support this sk142452 MD5 hash for SMB spark model 1530 in R81.10.05 ?
Regards
Giri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Rahul,
Why IPS?
The correct way is to use AV & AB blades and the Threat Indicators feature (https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_ThreatPrevention_AdminGui...)
Why IPS?
The correct way is to use AV & AB blades and the Threat Indicators feature (https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_ThreatPrevention_AdminGui...)