AnsweredAssumed Answered

How To Check MD5 Of Files Against CP Threat Database / Report An Unknown File

Question asked by Daniel Taney on Feb 8, 2019
Latest reply on Feb 8, 2019 by Daniel Taney

Good Afternoon,

 

I have a file that VirusTotal indicates has a known malicious MD5 that may have gotten through our Gateway. The file in question is a Power Point file containing a static image and a hyperlink. There does not appear to be any active content / macro payload / etc... that would cause this file to trigger in Threat Emulation. So, I am assuming the only way CP would be able to catch it would be based on the hash of the file itself. 

 

Does Check Point have a place to search an MD5 or SHA-1 hash of a potentially malicious file? I know you can use threatpoint.checkpoint.com to send files through Threat Emulation / Threat Extraction. But, I couldn't find any other reference point to check against legacy AV/Malware signatures. Is there a way to see whether CP already has this hash as a malicious file?

 

If not, what is the best way to go about reporting these kinds of things to CP? This is the first time I've had to deal with this.

 

Thanks!

 

Dan

Outcomes