I had a few emails that came in over the weekend asking how to check if the needed signatures were active in Check Point IPS. This is mainly for newer users, or those not as familiar with Check Point’s IPS tab.
Open Dashboard and click on the ‘IPS’ tab. If this is the first time have launched it this session, it will take a few seconds to update. From there paste (individually) the values below into the “Look for” search box:
EternalBlue
CVE-2017-0143
CVE-2017-0144
CVE-2017-0145
CVE-2017-0146
CVE-2017-0147
It will look like the following:
These six signatures have to show-up in ‘prevent’ and not ‘detect.’ If any of these six signatures produces a blank result, you will need to perform an update and go back and manually activate it. The most recent updated signature (as of this posting on May 15th 2017) was the “EternalBlue” signature on April 26th 2017. Interesting to note that five of the six signatures were already given a severity rating of ‘critical.’