CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 4 of 4

Thread: Endpoint Security and Mobile VPN complaint despite Windows Security Center Alert

  1. #1
    Join Date
    2014-10-10
    Posts
    250
    Rep Power
    6

    Default Endpoint Security and Mobile VPN complaint despite Windows Security Center Alert

    I tried Endpoint Security VPN as well as Mobile (E80.60). I am still able to remotely VPN from PC without AV software (no scanning, client compliant - basically nothing happens).
    Desktop VPN ‘Client is compliant’ despite Action Center (replaced Windows Security Center in Win7-8) alerting, see below screenshot and documentation excerpt

    Click image for larger version. 

Name:	endpoint1.png 
Views:	406 
Size:	147.2 KB 
ID:	892

    Side Notice: Whenever I use Endpoint Security instead of Mobile I am able to connect only once, next time cleint keeps connecting and getting TCP Reset from GW (I am using 77.10 UTM-1 as GW)

    Click image for larger version. 

Name:	endpoint2.png 
Views:	428 
Size:	43.9 KB 
ID:	893
    Last edited by Irek_Romaniuk; 2015-03-12 at 16:27.

  2. #2
    Join Date
    2006-01-25
    Location
    Americas
    Posts
    1,535
    Rep Power
    16

    Default Re: Endpoint Security and Mobile VPN complaint despite Windows Security Center Alert

    Quote Originally Posted by Irek_Romaniuk View Post
    I tried Endpoint Security VPN as well as Mobile (E80.60). I am still able to remotely VPN from PC without AV software (no scanning, client compliant - basically nothing happens).
    Desktop VPN ‘Client is compliant’ despite Action Center (replaced Windows Security Center in Win7-8) alerting, see below screenshot and documentation excerpt
    So what are you using to detect it? Without that information we can't tell you why its failing. You basically have two options:

    SCV checks (Endpoint Security VPN / full Endpoint Security client) -- if its not marking you as non-compliant then you set it up wrong, however this is really only good for checking for specific AV clients [ie via registry checks].

    Compliance Checks (full Endpoint Security client) -- Again, this may have some client detection limitations. I know the SSL VPN can't check for Windows Defender via its compliance checks, but forget if the Endpoint Security can. This would go back to your configuration to look at why its not detecting.

    Quote Originally Posted by Irek_Romaniuk View Post
    Side Notice: Whenever I use Endpoint Security instead of Mobile I am able to connect only once, next time cleint keeps connecting and getting TCP Reset from GW (I am using 77.10 UTM-1 as GW)
    Is this a new VPN set up? Sounds like a classic automatic topology update corrupting your site config, however I would expect similar results with the VPN too. If you don't see something similar then it could be something in your ES Policy.
    Its all in the documentation.

  3. #3
    Join Date
    2014-10-10
    Posts
    250
    Rep Power
    6

    Default Re: Endpoint Security and Mobile VPN complaint despite Windows Security Center Alert

    Checkpoint gave me new Endpoint Client , build 986000281 . At least no more TCP reset but still no SVC checks. This is old VPN setup, just trying to enable SVC checks. What ES Policy do you mean ? I have local.scv (on P1 server)
    file edited (ProcessMonitor) to detect processes on PC, like below (tried many different versions, including ones suggested by Checkpoint):
    Code:
     : (ProcessMonitor
                            :type (plugin)
                            :parameters (
                                    :begin_or (or1)
                                    :smc.exe (true)
                                    :avgwdsvc.exe (true)
                                    :avgtray.exe (true)
                                    :avgemc.exe (true)
                                    :avgnsa.exe (true)
                                    :avgrsa.exe (true)
                                    :avgnt.exe (true)
                                    :ekrn.exe (true)
                                    :avp.exe (true)
                                    :avtask.exe (true)
                                    :savui.exe (true)
                                    :smc.exe (true)
                                    :almon.exe (true)
                                    :rtvscan.exe (true)
                                    :end (or1)
                                    :begin_admin (admin)
                                    :send_log (alert)
                                    :mismatchmessage ("Anti-Virus Requirement Not Met\n1If this is a corporate computer please contact the help desk at extension 9995.  If this is a personal computer please install an anti-virus application
     before using the VPN.")
                                    :end (admin)
                            )
                    )
    
    :SCVPolicy (PrcoessMonitor)
    This is all appied in Global properties. Checkpoint can't tell me what's wrong since more than 9 months

  4. #4
    Join Date
    2014-10-10
    Posts
    250
    Rep Power
    6

    Default Re: Endpoint Security and Mobile VPN complaint despite Windows Security Center Alert

    Issue re-solved after enabling Policy Server and Desktop Security on the gateway. This is necessary for local.scv file to be copied from mgmt server to gw and then to workstation..

Similar Threads

  1. Upgrade advice for Checkpoint Endpoint Security FDE to Endpoint Security E80.20
    By mrbobuk in forum Full Disk Encryption (FDE) (Formerly Pointsec)
    Replies: 7
    Last Post: 2012-07-18, 18:23
  2. Endpoint Security VPN R75 for Windows (SecureClient Next Generation)
    By hotice_ in forum Check Point Release Notifications
    Replies: 42
    Last Post: 2011-04-18, 18:52
  3. Endpoint Security Windows 7
    By Hugin in forum SecureClient/SecuRemote
    Replies: 0
    Last Post: 2011-02-06, 08:06
  4. 2010-03-02 Check Point Security Alert
    By Barry J. Stiefel in forum Check Point Security Alerts And Advisories
    Replies: 0
    Last Post: 2010-12-27, 15:58
  5. Security Alert: Microsoft Windows 7 SMB DoS Vulnerability
    By Barry J. Stiefel in forum Check Point Security Alerts And Advisories
    Replies: 0
    Last Post: 2009-11-18, 01:20

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •