AnsweredAssumed Answered

How To Check MD5 Of Files Against CP Threat Database / Report An Unknown File

Question asked by Daniel Taney on Feb 8, 2019
Latest reply on Feb 8, 2019 by Daniel Taney

Good Afternoon,


I have a file that VirusTotal indicates has a known malicious MD5 that may have gotten through our Gateway. The file in question is a Power Point file containing a static image and a hyperlink. There does not appear to be any active content / macro payload / etc... that would cause this file to trigger in Threat Emulation. So, I am assuming the only way CP would be able to catch it would be based on the hash of the file itself. 


Does Check Point have a place to search an MD5 or SHA-1 hash of a potentially malicious file? I know you can use to send files through Threat Emulation / Threat Extraction. But, I couldn't find any other reference point to check against legacy AV/Malware signatures. Is there a way to see whether CP already has this hash as a malicious file?


If not, what is the best way to go about reporting these kinds of things to CP? This is the first time I've had to deal with this.