Integration with Third Party Anti-Virus Vendors

Forensics can use information from the Windows Event Log to monitor and analyze malware events from third party anti-virus vendors. Based on the Windows Event Log, Forensics can analyze attacks, terminate processes, delete or quarantine files, and do other attack Remediation.

You can enable or disable third party integration in SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., from the Automatic Threat Analysis action. This works with most common vendors without manual configuration.

Note - Some third party vendors do not automatically send information to the Windows Event Log. To use third party vendor integration, make sure that your vendor is configured to send information to the Windows Event Log. Events are detected when the client is online or offline.

Supported Third Party Anti-Virus Vendors

• Windows Defender (English)

• Symantec Endpoint Protection (English)

• F-Secure Anti-Virus Check Point Software Blade on a Security Gateway that uses real-time virus signatures and anomaly-based protections from ThreatCloud to detect and block malware at the Security Gateway before users are affected. Acronym: AV. (English)

• Kaspersky (English, Russian)

• ESET Smart Security (English)

• ESET NOD32 Antivirus (English)

• ESET Endpoint Antivirus (English)

• Cylance (English)

• McAfee Endpoint Security (English, French)

• Trend Micro (English)

Enabling or Disabling Forensics Third Party Anti-Virus Vendor Integration

To enable or disable Forensics Third Party Anti-Virus Vendor integration:

1. In a Harmony EndpointForensics and Remediation rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right-click the Automatic Threat Analysis Action and select Edit Shared Action.

2. In the bottom of the window, click Override confidence level per specific event.

   The Confidence level for automatic response window opens.

3. In the Additional Events area, in the Third party row under Forensics Analysis -

   • Select Always to enable Third Party Anti-Virus Vendor integration.

   • Select Never to disable it.

4. Click OK.

5. To test the Forensics Third Party Anti-Virus integration:

   1. Create an eicar test file on your device.

   2. After a while, the Forensics analysis initiates.

      You can view the report in your Endpoint Security Client:

      

   For troubleshooting, see sk116024.