4. Check Point for maximum. Checking Anti-Virus with Kali Linux

We continue the theme of optimizing Check Point settings. This time we will touch on the topic Anti-Virus. Antivirus technologies for over 30 years! It would seem that during this time everyone has already learned everything. And what are the settings there? You turn on the Antivirus and just update the databases regularly, i.e. signatures. This is not exactly the right strategy. Many Check Point users leave the default settings, and then they are surprised when the virus nevertheless penetrates the network. I will try to tell you how to minimize these risks.

Introduction

But before I begin, I would like to once again recall the slide from the previous lesson . There, I focused on the fact that Anti-Virus has not been a panacea for a long time, or rather not the antivirus itself, but signature-based analysis, which is still used as the main method for 100% antiviruses.
')


Indeed, in essence, a signature is always a successful attack. After the discovery of the attack, experts determine what kind of virus it was, create a signature, and from now on the virus will be detected. All these figures suggest that the number of unique malware for which there are no signatures is increasing every year. Here again, you can recall the Threat Emulation and Threat Extraction blades as a response measure, but today the lesson is not about that. Today we are talking about Antivirus.

Despite all these sad statistics, Anti-Virus still remains one of the most necessary means of protection. The percentage of targeted attacks is still much less than the percentage of classic attacks using already known viruses. As a rule, these are automated mail distribution campaigns or distributed through popular web resources. The so-called "attack on the fool." That is why Anti-Virus remains an important part of network security.

I think this can finish the theoretical introductory and go to the practice, where we take a detailed look at the configuration of the Anti-Virus and be sure to test it with the help of the Kali-Linux distribution .

Layout

Let's recollect our scheme again. This time I will generate new viruses using Kali-Linux and try to drag them onto the user's computer, through our Check Point. Let's get started

Video lesson

In this video tutorial we will look at the details of Check Point Anti-Virus settings in detail. We will address the following points:

• deep inspection;
• archive scanning;
• file locking;
• lock password-protected archives;
• generation of virus files using setoolkit;
• log analysis.

Conclusion

I would like to note that the methods of checks presented in the video are suitable not only for Check Point. Those. using Kali Linux you can also check the reliability of your firewall (be it Cisco, Palo Alto, Fortinet, etc.). I strongly recommend to conduct such tests. I am sure that you will be surprised ...

PS A special thanks goes to Alexey Beloglazov (Check Point company) for his help in preparing the lesson.
Not to miss other lessons, subscribe to our YouTube channel, VK group and Telegram .