- CheckMates
- :
- Products
- :
- Quantum
- :
- Threat Prevention
- :
- Sophos Antivirus Not Working on Checkpoint Gateway
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sophos Antivirus Not Working on Checkpoint Gateway
I have 2 Checkpoint GWs on R80.10 in a VSX Cluster..
Security Team has reported a Critical Vulnerability Stating the following :
IP of CP GW is mentioned as the Remote Host here
- An antivirus application is installed on the remote host but its not working properly
- Sophos antivirus for linux is installed on the remote host. However, there is a problem with the installation, either its services are not running or its engine/virus definitions are out of date.
However, the gateway is up to date with the latest IPS/Antibot and Antivirus Updates as verified from Smartconsole... How can i troubleshoot related to this sophos proxy , services etc? whether its updating correctly or not.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would troubleshoot the remote host, not the CP GW - or did i understand you wrong ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no need to troubleshoot internal parts of the solution.
Not everything works by default therefore not all parts of the system are up-to-date at all times.
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Open a Service Request with CP TAC to receive a satisfying answer for the customer !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the gateway in question is NOT running the Anti-Virus blade then these components are not active—or necessarily updated—by design.
When the AV blade is active (if VSX, active on at least one VS), it is kept up to date.
If you find this is not the case, please open a TAC case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its a VSX Gateway and has antivirus Blade with all the latest updates..
Is there any way to check the current sophos version ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
However, it is not an independent component that can be used or updated independently of the gateway software itself.
Provided you are using the latest JHF and version of our code, you are using the latest available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
However i dont understand one thing..is Sophos antivirus an integrated part of Antivirus Blade and related updates ? If yes than how it is related to JHF because Antivirus keeps on updating regularly on a daily basis
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The only use of Sophos with CP is in EPSS clients - see sk68080: Supported Anti-Virus/Anti-Malware Vendors For Check Point Media Encryption Device/Media Sca...
One of our clients received the E2 EPS client version to support BitDefender thru the CP Local Office, so i now of this. But concerning the NGTP GWs, these use KAV ++
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content