I had a few emails that came in over the weekend asking how to check if the needed signatures were active in Check Point IPS. This is mainly for newer users, or those not as familiar with Check Point’s IPS tab.

Open Dashboard and click on the ‘IPS’ tab. If this is the first time have launched it this session, it will take a few seconds to update. From there paste (individually) the values below into the “Look for” search box:

 

EternalBlue

CVE-2017-0143

CVE-2017-0144

CVE-2017-0145

CVE-2017-0146

CVE-2017-0147

 

It will look like the following:

 

 

 

 

 

 

 

 

These six signatures have to show-up in ‘prevent’ and not ‘detect.’ If any of these six signatures produces a blank result, you will need to perform an update and go back and manually activate it. The most recent updated signature (as of this posting on May 15th 2017) was the “EternalBlue” signature on April 26th 2017. Interesting to note that five of the six signatures were already given a severity rating of ‘critical.’

 

How to Check Your IPS Signatures for WannaCryptor, WannaCrypt, WannaCry, Etc.

Leave a Reply

Your email address will not be published. Required fields are marked *