Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rahul_Borah
Contributor

How to block Hashes of malware by IPS signature

Hi experts,

Is there any way in checkpoint IPS (R80.20) to block Hashes of malware. Please share your experience.

Sample of Hashes of malware

04fb0ccf3ef309b1cd587f609ab0e81e
0b2e07205245697a749e422238f9f785
272537bbd2a8e2a2c3938dc31f0d2461
dd792f9185860e1464b4346254b2101b
fcfab508663d9ce519b51f767e902806
5b26f5c7c367d5e976aaba320965cc7f

 

Regards,

Rahul

 

 

0 Kudos
3 Replies
G_W_Albrecht
Legend Legend
Legend

Hashes are used by AV to quickly check files, and you can use your own hashes, too. See here how to achieve that: sk142452: Configuring Anti-Virus over MTA to enforce hash(MD5) exceptions for all files

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
giridhark
Employee
Employee

Hi @G_W_Albrecht ,

do we support this sk142452 MD5 hash for SMB spark model 1530 in R81.10.05 ?

 

Regards

Giri

0 Kudos
TP_Master
Employee
Employee

Hi Rahul,
Why IPS?
The correct way is to use AV & AB blades and the Threat Indicators feature (https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_ThreatPrevention_AdminGui...)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events