Anti-Exploit not working in presence of Third Party Anti-Virus
With E80.96 and above, Anti-Exploit will stop working in the presence of Third Party Anti-Virus.
Check Point's own Anti-Malware and Windows Defender will NOT disable Anti-Exploit.
Starting with E80.96, when using an Anti-Virus from another vendor, it was decided to turn off Anti-Exploit, by default, even if it is turned ON in the Management.
The reason this decision was taken is because we cannot control changes made by Third Party vendors, who may also be injecting into processes protected by Anti-Exploit. This can lead to compatibility and stability issues out of our control.
However, if you wish to override this behavior and force Anti-Exploit to work with your Third Party Anti-Virus, you can follow the procedure below.
Re-enabling Anti-Exploit with Third Party Anti-Virus
R80.20 and Above
If you want to enable Anti-Exploit to work with a Third Party Anti-Virus, do the following:
- Open GUIDBedit.
- Click on ep_orgp_te_policytbl (in left pane)
- Click on anti_exploit_action (in right pane)
- Set on_with_third_party to "false" (bottom pane)
R80.10 and Below
For these SmartEndpoint versions, Anti-Exploit was configured via a local policy file.
Edit the policy file found in the following path: C:\ProgramData\CheckPoint\Endpoint Security\Antex\AntexPolicy.xml
<antiExploit enabled="true" kernelMode="true" dump="true" silent = "true" onWithThirdPary= "true" >
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.