This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Dominic
Participant
Participant
‎2020-04-01 10:01 AM
Jump to solution

SHA-1

Hi team, 

Please advice the if it possible to add the missing hash value on checkpoint database.

I tried to search under "threat tools" the existence of the attached screenshot but is not available.

Preview file
108 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2020-04-05 10:34 PM
In response to Dominic
Jump to solution

There is no mechanism to add your own SHA-1 hash prior to R80.40 that I am aware of.
That said, looking the SHA-1 hash up on VirusTotal, you can find the relevant MD5 hash and add that instead.
See:
https://www.virustotal.com/gui/file/564944a262af0c10fda43475ab24558fc873dabc12e61ee79f46863ffccedba3...

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2020-04-02 05:15 PM
Jump to solution

Sorry I'm not clear what you're asking here.
What is this hash in relation to?
0 Kudos
Dominic
Participant
Participant
‎2020-04-05 03:17 PM
In response to PhoneBoy
Jump to solution

I was inquiring if the below hash value can be added to checkpoint manually. I also shared an image on the same.
please let me know.

SHA-1
6d4f453dd7c48075a2205b9529cc725a769cf00a
0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-05 08:36 PM
In response to Dominic
Jump to solution

I assume you mean blocking said hash using Threat Prevention blades.
If you mean something else, please elaboate.

To import one or more hashes, they must be placed in a file (CSV or STIX), then imported.
Refer to the following screenshot for where to do that:

Screen Shot 2020-04-05 at 8.29.58 PM.png

Refer to the documentation for the correct format of this file: https://sc1.checkpoint.com/documents/R80.40/WebAdminGuides/EN/CP_R80.40_ThreatPrevention_AdminGuide/...
Note that in releases prior to R80.40, only MD5 hashes are supported.
R80.40 supports SHA-1 and SHA-256 hashes.

0 Kudos
Dominic
Participant
Participant
‎2020-04-05 10:18 PM
In response to PhoneBoy
Jump to solution

Hi PhoneBoy,

Since prior versions to R80.40 doesn't support SHA-1 and SHA-256 hashes, does it also mean I cannot add them manually?
Reason being that these are already existing malware that I need to block in my network.
0 Kudos
PhoneBoy
Admin
Admin
‎2020-04-05 10:34 PM
In response to Dominic
Jump to solution

There is no mechanism to add your own SHA-1 hash prior to R80.40 that I am aware of.
That said, looking the SHA-1 hash up on VirusTotal, you can find the relevant MD5 hash and add that instead.
See:
https://www.virustotal.com/gui/file/564944a262af0c10fda43475ab24558fc873dabc12e61ee79f46863ffccedba3...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events