06 November 2024

HARMONY BROWSE

Administration Guide
Check Point Copyright Notice
© 2021 - 2024 Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and
distributed under licensing restricting their use, copying, distribution, and decompilation. No
part of this product or related documentation may be reproduced in any form or by any means
without prior written authorization of Check Point. While every precaution has been taken in
the preparation of this book, Check Point assumes no responsibility for errors or omissions.
This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in
subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at
DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:
Refer to the Copyright page for a list of our trademarks.
Refer to the Third Party copyright notices for a list of relevant copyrights and third-party
licenses.
 Revision History

Revision History
Date Description

30 October Added Gen AI Protect to "Data Loss Prevention" on page 107.

2024

17 October Added Control Browser Notifications to the Advanced Browser Settings in

2024 "Web and Files Protection" on page 57.

15 October Added Incognito Mode settings to the Advanced Browser Settings in "Web
2024 and Files Protection" on page 57.

10 October Added Managing Microsoft Sensitivity Labels for DLP in "Data Loss
2024 Prevention" on page 107.

19 June 2024 Added:

n "Data Loss Prevention" on page 107.
n Data Loss Prevention column in "Introduction to Harmony Browse" on
page 14.

19 February Added "Viewing Dashboard and Reports" on page 33.

2024

13 February Added Browser Status to the Table Filters and Column Description. See
2024 "Viewing Computer Information" on page 42.

19 December Added video tutorials for:

2023
n "Upload Protection" on page 70.
n "Block Upload by Domain" on page 72.

27 November Added "Custom Settings" on page 70.

2023

22 November Added video tutorial for "Upload Emulation " on page 58.
2023

17 October Added:
2023
n "Upload Emulation " on page 58.
n "Upload Protection" on page 70.
n "Block Upload by Domain" on page 72.

7 August Added "Schedule Report" on page 166.

2023

Harmony Browse Administration Guide | 3

 Revision History

Date Description

31 July 2023 Added Disable Notifications. See "Credential Protection" on page 74.

24 July 2023 Added "Upgrading the Harmony Browse Client (Windows only)" on
page 27.

20 June 2023 Added "Override Default File Actions" on page 65.

23 May 2023 n Added support for Brave and Edge browsers on macOS. See
Browser settings in "Web and Files Protection" on page 57 and the
OS, browser, feature compatibility matrix table "Introduction to
Harmony Browse" on page 14.
n Added new features:
o Sending monthly security reports. See "Sending Security

Reports" on page 165.

o "Reports Center" on page 166.

14 February Added information about the new feature; Policy Mode. See "Configuring
2023 the Threat Prevention Policy" on page 51.

8 February Added new feature "Sending Security Reports" on page 165.

2023

7 February Added a new topic "Uninstalling the Harmony Browse Extension" on

2023 page 168.

31 January n Added information about the new feature; Scan local HTML files.
2023 See "Credential Protection" on page 74.
n Added information about the new event; Accessing a local HTML
file. See "User Interface - Customized Browser Block Pages" on
page 50.

13 December n Added information about Localizations supported by the Harmony

2022 Browse extension. See "General Information" on page 143.
n Added a new field Upload and emulate files under to specify the file
size limit for Threat Emulation and Extraction. See "Download
Emulation and Extraction" on page 57.

05 December n Added information about the new feature; Browser Extension

2022 Pinning. See "Browser Settings" on page 101.
n Added a note about how to know the installed Harmony Browse client
version. See "Deploying Harmony Browse Clients" on page 22.

Harmony Browse Administration Guide | 4

 Revision History

Date Description

04 November n Added supported file types for Threat Emulation. See "Download
2022 Emulation and Extraction" on page 57.
n Data residency is now supported for Australia, India and United
Kingdom. See Registering to the Infinity Portal.

27 October n Added information about the new feature; Malicious Script Protection.
2022 See "Malicious Script Protection" on page 64 and "Introduction to
Harmony Browse" on page 14.
n Search reputation is now supported with Bing and Yahoo search
engines. See "Web and Files Protection" on page 57.

09 Updated "Browser Settings" on page 101 for the Brave browser.

September
2022

16 August Added support for the Brave browser on Windows. See "Introduction to
2022 Harmony Browse" on page 14 and "Deploying Harmony Browse Clients" on
page 22.

10 August Added a new topic "Managing IoCs" on page 105.

2022

25 July 2022 n Added information about support for Threat Emulation appliance. See
"Download Emulation and Extraction" on page 57.
n Added sk179690 to verify whether the Harmony Browse client can
access the Check Point services and the stores of extensions. See
"Deploying Harmony Browse Clients" on page 22.

13 July 2022 n Added information about the new "Web and Files Protection" on
page 57.
n Added three new options for "Web and Files Protection" on page 57.

05 June 2022 Added steps for installing the Harmony Browse extension for Safari. See
."Deploying Harmony Browse Clients" on page 22.

01 June 2022 Added "Browser Settings" on page 101.

18 May 2022 Updated Adding Exclusions to Rules

04 May 2022 Added "Browser Settings" on page 101

Harmony Browse Administration Guide | 5

 Revision History

Date Description

1 February Updated:
2022
n Introduction
n Creating a New Harmony Browse Management Service
n Configuring Harmony Browse Policy
n Configuring Client Settings Policy
Removed:
n Configuring Client Settings
n Viewing Harmony Browse Logs

30 January Added:
2022
n Managing Users in
Updated:
n Introduction
n Viewing Computer, Operational and Security Information
n Web and Files Protection
Removed:
n Viewing Operational and Security Information

25 January Updated
2022
n Viewing Computer Information
n Adding Exclusions to Rules
n Managing Scanners
n Managing Virtual Groups

Removed:
n Active Directory Authentication
n Recent Tasks

16 January Updated:
2022
n Configuring Harmony Browse Policy

11 January Updated:
2022
n Client User Interface Settings

Harmony Browse Administration Guide | 6

 Revision History

Date Description

9 January Added:
2022
n Harmony Browse Logs
Updated:
n Configuring Threat Prevention Policy
n Web and Files Protection
n Adding Exclusions to Rules

2 January Updated:
2022
n Managing Licenses in the Cloud
n Web & Files Protection

12 December Updated:
2021
n Introduction
n Deploying Endpoint Clients
n Configuring Harmony Browse Policy
n Configuring Global Policy Settings
n Web & Files Protection
n Adding Exclusions to Rules
Removed:
n Manual Deployment of Endpoint Clients
n Adding a New VPN Site to an Exported Package
n Monitoring Deployment and Policy
n Performing Push Operations

10 November Updated:
2021
n Active Directory Authentication

04 November Updated:
2021
n Active Directory Authentication

01 October Improved formatting and document layout

2021 Updated:
n Adding Exclusions to Rules

15 June 2021 First release of this document

Check Point is engaged in a continuous effort to improve its documentation.

Please help us by sending your comments to our Technical Writers.

Harmony Browse Administration Guide | 7

 Table of Contents

Table of Contents
Revision History 3
Introduction to Harmony Browse 14
Getting Started 16
Creating an Account in the Infinity Portal 16
Accessing the Harmony Browse Administrator Portal 17
Managing Licenses 19
User Center 19
Activating the License 21
Deploying Harmony Browse Clients 22
Upgrading the Harmony Browse Client (Windows only) 27
Creating a New Harmony Browse Management Service 28
Managing Users in Harmony Browse 29
Managing Accounts in the Infinity Portal 32
Viewing Dashboard and Reports 33
Dashboard 33
Custom Dashboard 33
Creating a Custom Dashboard 34
Managing a Custom Dashboard 36
Reports 36
Generate Report 37
Scheduled Reports 38
Announcements 41
Viewing Computer Information 42
Asset Management View 42
Creating a Custom View 42
Status Icon 43
Filters 43

Harmony Browse Administration Guide | 8

 Table of Contents

Working with the Computers Table 45

Managing Computers 46
General Actions 46
Configuring Harmony Browse Policy 49
Configuring Client Settings Policy 50
User Interface - Customized Browser Block Pages 50
General - Share Data with Check Point 50
Configuring the Threat Prevention Policy 51
The Parts of the Policy Rule Base 51
The Threat Prevention Policy Toolbar 51
Policy Mode 52
Updating a Predefined Policy Mode 56
Web and Files Protection 57
URL Filtering 57
Files Protection 57
Download Emulation and Extraction 57
Upload Emulation 58
Credential Protection 60
Zero Phishing 60
Password Reuse Protection 60
Safe Search 62
Search Reputation 62
Force Safe Search 63
Advanced Settings 64
URL Filtering 64
Categories 64
Black List 64
Malicious Script Protection 64
Files Protection 65
General Settings 65

Harmony Browse Administration Guide | 9

 Table of Contents

Emulation Environments 65
Override Default File Actions 65
Download Protection 66
Supported Files 67
Download Emulation Actions 69
Unsupported Files 70
Custom Settings 70
Download Emulation and Extraction 70
Upload Protection 70
Upload Emulation Actions 71
Block Upload by Domain 72
Credential Protection 74
Browser Settings 75
Pin Extension 75
Windows 75
macOS 75
Control Browser Notifications 75
Incognito Mode 76
Adding Exclusions to Rules 76
Legacy Exclusions 76
Adding Exclusions to a Specific Rule 76
Adding Global Exclusions 77
Adding a New Exclusion to an Exclusion Category 77
Editing an Exclusion 78
Smart Exclusions 81
Adding Exclusions to a Specific Rule 82
Adding Global Exclusions 90
Migrating Legacy Exclusions 98
Importing and Exporting Exclusions 99
Managing Exclusions 100

Harmony Browse Administration Guide | 10

 Table of Contents

Browser Settings 101

Disabling Incognito Mode, BrowserGuest Mode, and InPrivate Mode 101
Overview 101
Chrome on Windows 101
Firefox on Windows 101
Microsoft Edge on Windows 102
Brave on Windows 102
Chrome on macOS 103
Firefox on macOS 103
Microsoft Edge on macOS 103
Enabling the Browser Extension on a Browser with Incognito or InPrivate Mode 104
Ending the Browser Process Running in the Background 104
Browser Extension Pinning 105
Managing IoCs 105
Prerequisite 105
Data Loss Prevention 107
DLP Logs 108
Use Case 108
Known Limitations 108
Sample Data Type 108
Creating a Custom Data Type 110
Creating a Custom Data Type Group 116
Adding an Existing Data Type to a Group 119
Editing a Data Type or Group 120
Duplicating a Data Type or a Group 123
Deleting a Data Type or a Group 125
Managing Microsoft Sensitivity Labels for DLP 127
Step 1 - Copy the Microsoft Sensitivity label names and their UUIDs from
Microsoft Purview 127
Step 2 - Creating Microsoft Sensitivity Labels in Harmony Browse 128

Harmony Browse Administration Guide | 11

 Table of Contents

Step 3 - Assign Sensitivity Labels to DLP Rules 132

Creating a DLP Rule and Associating with an Event 132
Rule Configuration Logic 138
Scenarios 139
Specific Event 139
Result 139
Specific Event 139
Result 139
Specific Event 139
Result 140
Specific Event 140
Result 140
Specific Event 140
Result 141
Specific Event 141
Result 141
Specific Event 142
Result 142
Specific Event 142
Result 142
General Information 143
Localization 143
Managing Active Directory Scanners 145
Organization Distributed Scan 145
Full Active Directory Sync 145
Harmony Browse Logs 148
Query Language Overview 150
Criteria Values 150
NOT Values 152
Wildcards 152

Harmony Browse Administration Guide | 12

 Table of Contents

Field Keywords 153

Boolean Operators 155
Managing Virtual Groups 156
Exporting Logs 161
Creating Security Certificates for TLS Mutual Authentication 161
Sending Security Reports 165
Reports Center 166
Generate Report 166
Schedule Report 166
Uninstalling the Harmony Browse Extension 168

Harmony Browse Administration Guide | 13

 Introduction to Harmony Browse

Introduction to Harmony Browse

Check Point Harmony Browse is a lightweight and easy to deploy solution which enables users
to safely access the internet, no matter where they are. It protects organizations and their
employees from web-based threats by preventing users from visiting zero-day phishing sites,
downloading zero-day malware, accessing non-compliant websites, and reusing corporate
passwords for non-business web content.
The product contains an on-cloud management system and a browser extension which
provides multi-layer browser protection capabilities.

Blo
Thre
ck Malic
UR at Saf Data
Uplo Upl Pass Sear ious
Bro L Extra Zero e Loss
ad oad word ch Scrip
OS wse Filt ction Phis Se Prev
Emul by Reus Repu t
r erin and hing arc entio
ation Do e tation Prote
g Emul h n
mai ction
ation
n

Wind Chrom Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
ows e

Edge Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
Chrom
ium

Firefox Yes Yes Yes Yes Yes Yes No Yes Yes No

Brave3 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Interne No Yes No No Yes Yes No No No No

t
Explor
er1

mac Chrom Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
OS e

Firefox Yes Yes Yes Yes Yes Yes No Yes Yes No

Safari2 Yes No No No Yes Yes No No No No

Brave3 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Edge Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Chro Chrom Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes
meO e
S

Harmony Browse Administration Guide | 14

 Introduction to Harmony Browse

Notes -
1 By default, the extension is disabled. To enable the extension, see Deploying
Harmony Browse Clients.
2 Browser extension is supported in Safari version 14 and higher.
3 Browser extension is supported in Brave version 1.43.89 and higher.

To set Harmony Browse, follow these steps:

1. Register to the Infinity Portal (see Registering to the Infinity Portal).
2. Register to Harmony Browse (see "Accessing the Harmony Browse Administrator Portal"
on page 17).
3. Create a new Harmony Browse Management Service (see "Creating a New Harmony
Browse Management Service" on page 28).
4. Deploy Harmony Browse clients (see "Deploying Harmony Browse Clients" on page 22).
5. Create a Harmony Browse Policy (see "Configuring the Threat Prevention Policy" on
page 51).

Harmony Browse Administration Guide | 15

 Introduction to Harmony Browse

Getting Started
To get started with Harmony Browse:
1. Create an account in Infinity Portal
2. Accessing the Harmony Browse Administrator Portal
3. Managing Licenses
4. Creating a New Harmony Browse Management Service
5. Deploying Harmony Browse Client

6. Configuring Harmony Browse Policy

Creating an Account in the Infinity Portal

Check Point Infinity Portal is a web-based interface that hosts the Check Point security SaaS
services.
With Infinity Portal, you can manage and secure your IT infrastructures: networks, cloud, IoT,
endpoints, and mobile devices.
To create an Infinity Portal account, see the Infinity Portal Administration Guide.

Harmony Browse Administration Guide | 16

 Accessing the Harmony Browse Administrator Portal

Accessing the Harmony Browse Administrator

Portal
To access the Harmony Browse Administrator Portal:
1. Sign in to Check Point Infinity Portal.
2. Click the Menu button in the top left corner.

3. Under Harmony, click Browse.

4. If you are accessing the portal for the first time, do one of these:

Harmony Browse Administration Guide | 17

 Accessing the Harmony Browse Administrator Portal

n If you already have a Check Point contract, click Already have a contract? to
attach the contract to the product. For more information, see Associated Accounts
in the Infinity Portal Administration Guide.
n If you want to trial the product, click Start free trail.
If you have already attached the contract with the product, the Overview page appears.
Harmony Browse creates the endpoint management service automatically.

Harmony Browse Administration Guide | 18

 Managing Licenses

Managing Licenses
User Center
When you create an account in the Infinity Portal and access the service, you get a free 30-day
trial. After the 30-day trial period, you must purchase a software license to use the product. To
purchase a license, you must create a Check Point User Center account.
Once you create a User Center account, contact your Check Point sales representative to
purchase a license.
To extend the trial period

1. Log in to the Check Point User Center.

2. If you do not have a User Center account, go to My Check Point > My accounts and
create a new User Center account.
3. Go to My Check Point > Product Center.
4. In the Product Center, go to the Evaluations tab.
5. Select Other Evaluation Option and click Select a product.
The Other Evaluation Options window opens.
6. Select Harmony Browse - CP-HAR-BROWSE-EVAL from the drop-down list and
click Select.

7. Click Next
8. In the Provide Evaluation Info section that opens, fill in these details:

Harmony Browse Administration Guide | 19

 Managing Licenses

a. User Center Account

b. Email Address
c. Evaluation Product will be used by
d. Purpose of Evaluation
9. Click Get Evaluation.
A confirmation notice is received that the product was successfully added to your User
Center account.
Click the link in the confirmation notice to view the license in the Product Center.

10. In the Product Center, go to Selected Account and select the account to which the
license was added.

11. Select the license and click the License button above the list of the licenses.

12. Under License Information, select the License for Cloud Management checkbox.

Harmony Browse Administration Guide | 20

 Managing Licenses

13. Click License.

Activating the License

To activate a license

1. In Harmony Browse Administrator Portal, go to Global Settings > Services and

Contracts.
At the upper-right of the screen, click Link a User Center Account.
The Attach Accounts window opens.
2. Enter your User Center credentials, select the Account and click Next.
3. Select the license to apply and click Finish.

Your license appears in the Service and Contracts page.

Note- If you already have an associated account and wish to add another
license, go to Global Settings > Service and Contracts. At the upper-right of
the screen, click Manage Accounts and use the sync option to refresh the
license.

4. To see your license information, go to the Endpoint Settings > Licenses.

5. To synchronize your license information, click Sync and then click CONFIRM.

Harmony Browse Administration Guide | 21

 Deploying Harmony Browse Clients

Deploying Harmony Browse

Clients
Notes -
n Harmony Browse automatically downloads and installs the latest version of the
Harmony Browse client on the endpoints. To know the version of the Harmony
Browse client installed on the endpoints, go to Assets Management >
Computers and see the Endpoint Version column in the table.
n For Mozilla Firefox users: If a user is accessing the browser for the first time
after installing the Harmony Browse extension, a consent page appears that
explains how user's personal information is collected, used, and protected. The
user must click Confirm to provide consent and activate the extension's
protection features.

To download the Harmony Browse client:

1. Click Overview and then click Download on the top banner.
2. To download the file immediately, click Download for the relevant OS and transfer the
file to the endpoint.

Client OS Downloaded file

Browse Windows BrowserSetup.exe

macOS BrowserSetup.zip

ChromeOS BrowserSetup_chromeOS_laptop.txt or BrowserSetup_

chromeOS_desktop.txt

To install the Harmony Browse client on Windows using .exe file:

1. Copy the latest BrowseSetup.exe to the endpoint.
2. Double click the BrowseSetup.exe file to install Harmony Browse.
3. Creating .msi file:
a. Select Start and type CMD.
b. Right-click Command Prompt and select Run as administrator.

Harmony Browse Administration Guide | 22

 Deploying Harmony Browse Clients

c. Run:
cd <path to BrowseSetup.exe file>

d. Run:
BrowseSetup.exe /CreateMsi

The system creates the EPS.msi file.

To install the Harmony Browse client on Windows using .msi file:

1. Copy EPS.msi to the endpoint.

Note - You can install Harmony Browse extension on the Internet Explorer
using the .msi file only.

2. Select Start and type CMD.

3. Right-click Command Prompt and select Run as administrator.
4. Do any of these:
n Run:
msiexec /i EPS.msi
n To install the Windows client with Internet Explorer extension, run:
msiexec /i EPS.msi no_ie=false
n To install the Windows client without the Brave browser extension, run:
msiexec /i EPS.msi brave_extension_disabled=true
n To install the Windows client and setting the virtual group of the client, run:
msiexec /i EPS.msi virtual_group_name="virtual_group_name"

To install the Harmony Browse client on macOS:

1. Copy the zip file to the client.
2. Unzip the file.
3. Run the app file.
4. If you are using Safari, a prompt appears:

Harmony Browse Administration Guide | 23

 Deploying Harmony Browse Clients

Note - If you do not install the extension, the prompt appears every time you open Safari.
If you do not want to install the extension and stop the prompt, in the terminal window,
run:
sudo defaults write
/Library/Preferences/com.checkpoint.harmony.browse.helper mute_
all_prompts -bool YES

5. Click Open in App Store and install the extension.

After you install the extension, a prompt appears.

Harmony Browse Administration Guide | 24

 Deploying Harmony Browse Clients

6. Click Open Safari Extensions Preferences.

7. Select the Harmony Browse checkbox and click Always Allow on Every Website.
8. Go to Security & Privacy and click Full Disk Access.

Harmony Browse Administration Guide | 25

 Deploying Harmony Browse Clients

9. Select the Harmony Browse Helper checkbox.

Note - To install Harmony Browse on Chromebook, see sk173974.

To verify whether the Harmony Browse client can access the Check Point services and the
stores of extensions, see sk179690.

Harmony Browse Administration Guide | 26

 Deploying Harmony Browse Clients

Upgrading the Harmony Browse

Client (Windows only)
To upgrade the client:
n Install the .exe file for Windows. See "Deploying Harmony Browse Clients" on page 22.
n Using a msi file:
1. Convert the exe file to msi file. See "Deploying Harmony Browse Clients" on
page 22.
2. Run:
msiexec /i EPS.msi /qn && timeout /t 30 && msiexec /i
EPS.msi /qn

Harmony Browse Administration Guide | 27

 Creating a New Harmony Browse Management Service

Creating a New Harmony Browse Management

Service
After you register, Harmony Browse automatically creates a new management service.
For existing or old tenants that do not have a management service, you must create a
management service manually.

To create a management service manually:

1. In the Service Management view, under the Creating New Browse Management, enter
the information for these fields:
n Service Identifier - Select your Endpoint Management Service name for this
account.
The Service Identifier:
l Must consist of 2-16 characters: uppercase letters (A-Z), lowercase letters (a-
z), numbers (0-9), or hyphens (-).
l Must not start with a hyphen (-).
n Hosting Site - The cloud location where the Harmony Browse Management
Service is deployed. This information is derived from your selection of data
residency region when you created the account. See Registering to the Infinity
Portal.

2. Click Create.
The deployment process initiates.

You can monitor the deployment process in the portal and an email is sent on completion.

Harmony Browse Administration Guide | 28

 Creating a New Harmony Browse Management Service

Managing Users in Harmony

Browse
After you create an account, you can create users who have access to Harmony Browse using
this account.
To each user you create, you must assign a user role.
Only User Admin can assign roles.
There are two types of user roles:
n Global roles.

When creating a new user, you must assign a Global role to the user.
n Specific Service roles.
Assigning a Specific Service role to a new user is optional.
Global Roles

Global Roles define the user's permissions to define user roles.

The Global Roles apply to the Infinity Portal platform and to all the services in the Infinity
Portal.
Currently, these are the supported Infinity Portal roles:

Role Description

Admin Allows Read & Write permissions across all services in your Infinity Portal
account.
When a new service is activated in your account, an Admin user
automatically gets Read & Write permissions in this service.

Read- Allows full Read-Only visibility to all services in your Infinity Portal account.
Only When a new service is activated in your account, a Read-Only user
automatically gets read permissions in this service.

User Allows management of all aspects of users and roles in your Infinity Portal
Admin account.
Only administrators with User Admin permission can access the Users tab
and associate roles with users.
Administrators with an Admin role and no User Admin role, cannot access
the Users tab.

You can assign multiple Global Roles to each user.

Harmony Browse Administration Guide | 29

 Creating a New Harmony Browse Management Service

Specific Service Roles

Roles which apply only to a specific service, in this case the role selected here applies only
to the Harmony Browse service. You can assign only one Harmony Browse role per user.
The Specific Service role selected overrides the assigned Global roles. There are 6 types of
specific Harmony Browse roles:

Role Description

Admin Full Read & Write access to all system aspects.

Read-Only User Has access to all system aspects, but cannot make any changes.

The table below summarizes the permissions of each user type:

Tab on Admin Read-

Section
Left Panel User Only

Overview All Read & Read-

Write Only

Policy All Read & Read-

Write Only

Threat Prevention - Read & Read-

Exclusions Write Only

Asset All Read & Read-

Management Write Only

Computer Actions Read & Read-

(Delete computer Write Only
data)

Logs All Read & Read-

Write Only

Endpoint All Read & Read-

Settings Write Only

Service All Read & Read-

Management Write Only

Service Actions Read & Read-

(Restart, pause or Write Only
terminate the
service)

Harmony Browse Administration Guide | 30

 Creating a New Harmony Browse Management Service

To see the list of users and the roles assigned to them, go to the Global Settings view >
Users.

To create a new user:

1. From the left navigation panel, click Global Settings (at the bottom of the panel).
2. In the top left section, click Users.
The list of currently defined users appears.
3. From the top toolbar, click New.

The Add User window opens.

4. Configure the required details:
n Name
n Email
n Phone
n User Groups
n Global Roles
n Specific Service Roles

Note - If the user you wish to add is not registered in Harmony Browse, they receive
a registration invitation to establish login credentials for the portal.

5. Click Add.

Note: - To edit or delete a user, select the user and click Edit or Delete from the top
toolbar.

Harmony Browse Administration Guide | 31

 Managing Accounts in the Infinity Portal

Managing Accounts in the Infinity

Portal
You can create additional accounts for the same user.
To create an additional account for an user

1. Go to the registration page:

https://portal.checkpoint.com/register/endpoint
2. For each new account, use a different account name (Company Name).

To switch between accounts

At the upper-middle of your screen, near the name Harmony Browse, click the current
account and select the required account from the drop-down menu.

To add an administrators to an account

1. From the left navigation panel, click Global Settings (at the bottom of the panel).
2. In the top left section, click Users.
The list of currently defined users appears.
3. From the top toolbar, click New.

The Add User window opens.

4. Configure the required details:
n Name
n Email
n Phone
n User Groups
n Global Roles - select Admin or User Admin

Note - If the administrator you wish to add is not registered in Harmony Browse,
they receive a registration invitation to establish login credentials for the portal.

5. Click Add.

Harmony Browse Administration Guide | 32

 Managing Accounts in the Infinity Portal

Viewing Dashboard and Reports

The Overview page shows a graphical summary of important information about the Harmony
Browse clients in your organization.

Dashboard
The Dashboard page shows a graphical summary of important information about the Harmony
Browse clients in your organization.

Custom Dashboard
The Custom Dashboard allows you to create personalized dashboards with widgets of your
preference and specify whether the dashboard should be private or public. Private
dashboards are available only for you to view whereas, Public dashboards are available for all
the users with access to the Overview page. However, only the owner of the dashboard can
edit it.
Blank dashboard allows you to create a new dashboard with available widgets. Browse
template allows you to customize the Dashboard.

Harmony Browse Administration Guide | 33

 Managing Accounts in the Infinity Portal

Creating a Custom Dashboard

1. Go to Overview and click next to Custom Dashboard.

2. To create a new custom dashboard from scratch:

a. Hover over the Blank dashboard widget and click Add.

b. In the Dashboard name field, enter a name.

c. Click Add Your First Widget.
The Add Widget window appears.
3. To create a custom Dashboard:

Harmony Browse Administration Guide | 34

 Managing Accounts in the Infinity Portal

a. Hover over the Browse template widget and click Duplicate.

b. In the Dashboard name field, enter a name.
c. Click Add Widget.
The Add Widget window appears.
4. From the left pane, select the widget and click Add.

Note - The Add button is disabled if the widget is already added to the dashboard.

5. To add more widgets, click Add Widget and repeat step 4.

6. To delete a widget, on the widget, click and click Delete.

7. By default, all custom dashboards you create are set as Private. To make the custom
dashboard available to all users with access to the Overview page, from the Private list
on the upper-right corner, click Public. The system adds the dashboard under Public
dashboards for other users.
8. Click Save.
The dashboard appears under Custom Dashboard on the left navigation pane, and it is also
listed under My dashboards in the Custom Dashboard page.

Harmony Browse Administration Guide | 35

 Managing Accounts in the Infinity Portal

Managing a Custom Dashboard

1. Click Overview.

2. To edit a dashboard:
a. Expand Custom Dashboard.

b. Click for the dashboard you want to edit and click Edit.

c. Make the necessary changes and click Save.

Note - You cannot edit dashboards created by other users.

3. To delete a dashboard, expand Custom Dashboard, click for the dashboard you want
to delete and click Delete.

Note - You cannot delete dashboards created by other users.

4. To hide a dashboard, expand Custom Dashboard, click for the dashboard you want to
hide and click Hide. The dashboard is removed from the list under Custom Dashboard
on the left navigation pane.
5. To unhide a dashboard, click , hover over the dashboard you want to unhide and click
Add. The dashboard is added to the list under Custom Dashboard on the left navigation
pane.
6. To duplicate a dashboard, click , hover over the dashboard and click Duplicate.

Reports
On the Reports page, you can download the reports in the pdf format:

Harmony Browse Administration Guide | 36

 Managing Accounts in the Infinity Portal

n Security Checkup - Shows the latest security events.

n 2023 Security Checkup - Shows a summary of the security events reported by Harmony
Browse during 2023.
n Threat Extraction Report - Shows the insights on the downloaded files.
n Check Point Cyber Security Report - Shows the latest security trends as per Check
Point.

Generate Report

To generate a report:
1. Go to Overview > Reports > Generate Report.

2. Select a report, click and select Export Report.

The Export Report window appears.

3. In the Time Frame list, select Last day, Last 7 days, or Last 30 days.
4. Click Export.

Harmony Browse Administration Guide | 37

 Managing Accounts in the Infinity Portal

Scheduled Reports
Scheduled Reports allows you to automatically generate reports at the specified date and
time, and email it to the specified recipients.

Notes:
n The report becomes effective 24 hours after you schedule it. For example, if you
schedule for a new report today for 02:00 PM, then it is enforced from the next day at
02:00 PM.
n This feature is not supported for Check Point Cyber Security Reports.
n For performance reasons, it is recommended to schedule reports to run in off-peak
hours. For example, during non-business hours.
n The default time zone for the schedule report is Coordinated Universal Time (UTC).
For example, to schedule the report at 1:00 AM EST, specify the time as 6:00 AM
(depending on Daylight Savings Time).

Harmony Browse Administration Guide | 38

 Managing Accounts in the Infinity Portal

To schedule a report:
1. Navigate to Overview> Reports and do one of these:
n From the Scheduled Reports page, click Add and from the Name list, select the
report.

Harmony Browse Administration Guide | 39

 Managing Accounts in the Infinity Portal

n From the Generate Report page, select the report, click and select Schedule
Report.

2. From the Name list, select the report.

3. From the Time Frame list, select the period for the report:
n Last day
n Last 7 days
n Last 30 days
4. From the Frequency list, select the frequency to generate the report:

Harmony Browse Administration Guide | 40

 Managing Accounts in the Infinity Portal

n To generate the report everyday, select the day of the week.

n To generate the report weekly, select the day of the week.
n To generate the report every month, select the date.
5. In the Time field, specify the time for the system to generate the report and send it to the
recipients. By default, the time is in UTC. For example, if you want to generate the report
at 01.00 AM Eastern Standard Time (EST), you must specify the time as 06.00 AM UTC.
6. In the Recipients field, enter the recipients for the report.
7. Click Schedule.
The schedule is added to the table. The report becomes effective 24 hours after you
schedule it.

8. To edit a scheduled report, select the report in the table and click Edit.
9. To delete a scheduled report, select the report in the table and click Delete.

Announcements
The Announcements page shows the latest news and enhancements in Harmony Browse.

Harmony Browse Administration Guide | 41

 Managing Accounts in the Infinity Portal

Viewing Computer Information

Asset Management View
The Asset Management view shows information on each computer, such as deployment
status, active components on the computer, browser extension version installed on the
computer and more.

Note - The General > Description at bottom pane shows the text entered in the
Active Directory for the asset. If no text is entered, it is blank.

Creating a Custom View

You can create a custom view with the filters and table column you specify.

To create a custom view:

1. Apply the filters and select the required columns for the table and click Update. For more
information, see "Table Filters and Column Description" on page 44.
2. From the View drop-down, click Save View.
The Save New View window appears.
3. In the View name field, enter a name for the view. For example, Active Laptops.
4. In the Select what will be saved in this view section, select the required checkbox:

Harmony Browse Administration Guide | 42

 Managing Accounts in the Infinity Portal

n Filters
n Table Columns
5. Click OK.
6. To delete a Custom View:
a. From the View drop-down, go to Custom Views.

b. Hover over the custom view and click .

Status Icon
The icon in the Status column shows the client or computer status.

Status
Description
Icon

Indicates Active Directory scanner.

Indicates Harmony Browse client.

Indicates that the client connection is active.

Indicates that a new computer was discovered that has no client installed.

Indicates that the computer was deleted from the Active Directory or from the
Organizational Tree.

Filters
Use the Filters pane on the top of the screen to filter the information in the table.

To add filters:
1. In the Filters pane, click +.
2. Select the required filter or search for the filter using the Search bar. For information on
the filters, see "Table Filters and Column Description" on the next page.
3. Click Update.
The system updates the table automatically for the added filters.

Harmony Browse Administration Guide | 43

 Managing Accounts in the Infinity Portal

To modify the table:

1. Click on the top left header of the table.

2. To select the columns for the table, search and select the columns.
3. To change the column position in the table, drag and drop the column to the required
position.
4. Click Update.
Tip - The URL in the address bar of the web browser captures the filters you specify for the
table. You can bookmark the URL to go to the Asset Management > Computers page and
view the table with the specified filters.
Table Filters and Column Description

Filter/Column
Description
Name

Status Status of the connected computer. For more information, see "Status
Icon" on the previous page.

Computer Name Name of the connected computer.

Domain Name Domain name of the connected computer.

Endpoint Harmony Browse installer version.

version

Operating Operating System version installed on the computer.

System

Device Type Type of the computer (Desktop or Laptop).

Deploy Time Time when the client was installed on the computer.

OS Build Operating System build number of the computer.

Last Connection Last connection date of the computer.

Last Logged In Last logged in user name on the computer.

User

Virtual Groups Pre-defined and custom virtual groups of the computer.

Harmony Browse Administration Guide | 44

 Managing Accounts in the Infinity Portal

Filter/Column
Description
Name

Browser Status Shows the browser and the Harmony Browse extension status on the
endpoint.
The supported statuses are:
n Not Installed -
o The browser is not installed.
o The browser is installed but not used.
o The browser is used but the extension is disabled by the

policy.
n
Running - The extension was detected. For example,
indicates that the Edge browser is active and the extension on it
was detected.
n Not Running - The browser is active but the browser extension

is not detected. For example, indicates that the Brave

browser is active but the extension is not detected. Contact
Check Point Support.
n N/A - The installed browser extension version does not support
Browser Status.

Note - This is supported only with the Windows browser

extension version BROWSE_90.09.0033 and higher.

Working with the Computers Table

1. Hover over the column and click .

2. From the drop-down :

n To freeze the column, click Pin.
n To unfreeze the column, click Unpin.
n Open the filter for the current column, click Filter and select the values.
n To hide the column, click Hide.
n To insert another column, click Add Column.
3. To adjust the column position in the table, drag and drop the column to the required
position.
4. To copy the value of a cell to the clipboard, hover over a cell and click Copy.
5. To copy the values of a row to the clipboard, hover over a row and click Copy row.

Harmony Browse Administration Guide | 45

 Managing Accounts in the Infinity Portal

Managing Computers
Select the checkbox to the left of the applicable computers and right-click to perform these
actions:

General Actions
View Computer Logs

You can view logs of computers based on it's IP address.

To view computer logs by it's IP address:

1. Go to Asset Management > Computers.

2. Select the applicable computer or user from the list.
3. From the top toolbar, click .

4. Select General Actions > View Computer Logs.

The system opens the Logs menu and shows the computer logs.

Create Virtual Group

You can create a virtual group. See Managing-Virtual-Groups.htm.

Create and Add to Virtual Group

You can add computers to a new virtual group. See Managing-Virtual-Groups.htm.

Add to Virtual Group

You can add a computer to a virtual group. See Managing-Virtual-Groups.htm.

Reset Computer Data

When the Endpoint client is installed on a computer, information about the computer is sent
to and stored on the Endpoint Security Management Server.
Resetting a computer means deleting all information about it from the server.
Resetting a computer does not remove the object from the Active Directory tree or change
its position in the tree.

Important - You can only reset a computer if the Endpoint client is not installed. If
you reset a computer that has Endpoint installed, important data is deleted and the
computer can have problems communicating with the Endpoint Security
Management Server.

Harmony Browse Administration Guide | 46

 Managing Accounts in the Infinity Portal

Computer reset:
n Removes all licenses from the computer.
n Deletes Full Disk Encryption Recovery data.
n Deletes the settings of users that can log on to it.
n Removes the computer from Endpoint Security Monitoring.
n Deletes the Pre-boot settings.
n Marks the computer as unregistered.
After you reset a computer, you must reformat it before it can connect again to the Endpoint
Security service.

You may decide to reset a computer if:

n The Endpoint client was uninstalled or the computer is re-imaged.
n It is necessary to reset the computer's configuration before a new Endpoint client is
installed. For example, if the computer is transferred to a different person.

Delete

Removes the asset from the Local or Active Directory and adds it to Deleted Entities in the
Organizational Tree. This operation discards the assets license information. You can use
this operation when you remove an asset from your domain.
Note - If the Endpoint Security client is still installed on the asset, the client continues to
receive the updates from the Endpoint Security Management Server.
To add the asset back to the Active Directory, see Recover.

Recover

Adds the deleted asset back to the Local or Active Directory from Deleted Entities in the
Organizational Tree. The asset's status is not Active until its Endpoint Security client
connects and synchronizes with the Endpoint Security Management Server. You can use
this operation when you add an asset back to the domain.
Note - You can recover only a deleted asset.

Terminate

Warning - Removes the asset from the Harmony Endpoint management permanently. You
cannot recover a terminated asset. We recommend to terminate an asset only if it is
discarded or disposed or the Endpoint Security client is uninstalled.

Harmony Browse Administration Guide | 47

 Managing Accounts in the Infinity Portal

Directory Scanner

Harmony Endpoint can scan and import users, groups, Organizational units (OUs) and
computers from multiple supported directory domains. See Managing Active Directory
Scanners.

Harmony Browse Administration Guide | 48

 Configuring Harmony Browse Policy

Configuring Harmony Browse

Policy
The Harmony Browse security policy contains these components:
n Client Settings – including the blocking pages customization and the data sharing with
Check Point.
n Threat Prevention - which includes Web & Files Protection. The Threat Prevention policy
is unified for all the Threat Prevention components.
When you plan the security policy, think about the security of your network and convenience
for your users. A policy should permit users to work as freely as possible, but also reduce the
threat of attack from malicious third parties.
You can add more rules to each Rule Base and edit rules as necessary. Changes are enforced
after the policy is installed.
In addition, the Browse policy contains the Global Policy Settings (see "Configuring Client
Settings Policy" on page 50) and the Deployment Policy (see "Deploying Harmony Browse
Clients" on page 22).

Harmony Browse Administration Guide | 49

 Configuring Client Settings Policy

Configuring Client Settings Policy

User Interface - Customized Browser Block Pages
Browser extension uses block pages to warn the end users about security incidents and
prompts for additional permissions. There are four events which trigger a blocking page:
1. Accessing a site that is blocked by URL Filtering policy – The block page blocks access to
the site and warns the end user that attempted to enter the site that it is blocked by the
policy.
2. Providing credentials in a phishing site – The block page warns the end user that it is a
phishing site and the user is therefore blocked from providing credentials there.

3. Using corporate password in a non-corporate domain - End users are warned that use of
corporate password in a non-corporate domain is prohibited, and that his/her corporate
password was just exposed.
4. Accessing a local HTML file without the permission by the browser extension.
The blocking pages above are customizable. The following can be changed per each of them:
1. Company logo (replacing the Check Point logo).
2. Blocking page title.
3. Blocking page description.
The user may preview the change before saving the policy by pressing the preview button.

Note - The preview only works in the Chrome or Edge browsers, when the browser
extension is installed.

General - Share Data with Check Point

Clients can share information about detected infections and bots with Check Point.
The information goes to ThreatCloud, a Check Point database of security intelligence that is
dynamically updated using a worldwide network of threat sensors.
ThreatCloud helps to keep Check Point protection up to date with real-time information.

Harmony Browse Administration Guide | 50

 Configuring the Threat Prevention Policy

Configuring the Threat Prevention Policy

A Threat Prevention Default Policy rule which applies to the entire organization is predefined in
your Policy tab.
Each new rule you create, has pre-defined settings, which you can then edit in the right section
of the screen.
The Threat Prevention policy contains device rules and user rules.
n You can use user objects only in the user policy, and you can use device objects only in
the device policy.
n There is no default rule for the user policy.
n User rules override device rules.
n You can use the same group in user and device rules at the same time.
n If a group contains both users and devices, the rule is implemented according to the
policy in which the rule is included.
To enable user policy, go to the Endpoint Settings view > Policy Operation Mode, and select
Mixed mode.

The Parts of the Policy Rule Base

Column Description

Rule The sequence of the rules is important because the first rule that matches
Number traffic according to the protected scope is applied.

Rule Name Give the rule a descriptive name.

Applied to The protected scope, to which the rule applies.

Web & Files The configurations that applies to URL Filtering, Download Protection,
Protection Credential Protection, Safe Search and Advanced Settings.

The Threat Prevention Policy Toolbar

To do this Click this

Clone, copy, paste, and delete rules

Search

Harmony Browse Administration Guide | 51

 Configuring the Threat Prevention Policy

To do this Click this

Save, view, and discard changes

Note - The View Changes
functionality shows the policy
type that was changed and the
date of the change.

Policy Mode
Policy mode allows you to:
n Quickly configure a Threat Prevention policy by selecting a predefined policy mode
(Detect only, Tuning and Optimized). Check Point automatically sets the appropriate
operation mode (Detect, Prevent, Off) and Advanced Settings options for each
capability.
n Manually set the operation mode (Detect, Prevent, Off) and Advanced Settings options
for each capability (Custom).

Notes:
n The Detect only mode provides the basic protection. We recommend that you
use the Detect only policy mode for the first few days to gather, monitor and
analyze the data. Based on the analysis, you must switch to Tuning, Optimized
or configure a Custom policy mode for enhanced protection. If you use the
Detect only policy mode for the Default settings for the entire organization
rule (default) for more than two days, the system shows a banner as a reminder
to configure a stricter policy mode.

If you click Dismiss, the system stops the notification only for you while it
continues to appears for other users.

n If you modify a predefined policy mode, it automatically changes to Custom.

Harmony Browse Administration Guide | 52

 Configuring the Threat Prevention Policy

To select a mode for a policy:

1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the policy in the table.
3. In the Capabilities and Exclusion pane, from the Policy Mode list:

Harmony Browse Administration Guide | 53

 Configuring the Threat Prevention Policy

n Select a predefined mode:

o Detect only
o Tuning
o Optimized
The table shows the appropriate operation mode set for each capability for a policy
mode.

Policy Mode
Capability
Tuning Detect only Optimized

URL Filtering Detect Detect Prevent

Download Detect Detect Prevent

Protection

Zero Detect Detect Prevent

Phishing

Password Detect Detect Prevent

Reuse

Search Off Off On

Reputation

Force Off Off On

Safe
Search

Advanced Settings

Harmony Browse Administration Guide | 54

 Configuring the Threat Prevention Policy
Policy Mode
Capability
Tuning Detect only
URL Filtering Allow user to dismiss the
URL Filtering alert and
access the website is
disabled.
Under Categories, Service is
selected.
Under Malicious Script
Protection:
o Block websites where
Malicious Scripts are
found embedded in the
HTML is selected.
o Allow user to dismiss
the Malicious Scripts
alert and access the
website is disabled.
Download Under Supported files,
Protection Emulate original file without
suspending access is
selected.
Under Unsupported files,
Allow Download is selected.
Credential Under Zero Protection, Allow
Protection user to dismiss the phishing
alert and access the website
is disabled.
Under Password Reuse,
Allow users to dismiss the
password reuse alert and
access the website is
disabled.
n Select Custom and set the operation mode manually. For more information, see
"Web and Files Protection" on page 57.
4. Click Save.
5. Click Save & Install.
Harmony Browse Administration Guide
Optimized
Allow user to dismiss the
URL Filtering alert and
access the website is
selected.
Under Categories, Service is
selected.
Under Malicious Script
Protection:
o Block websites where
Malicious Scripts are
found embedded in the
HTML is selected.
o Allow user to dismiss
the Malicious Scripts
alert and access the
website is selected.
Under Supported files:
o Get extracted copy
before emulation
completes is selected.
o Extract potential
malicious elements is
selected.
Under Unsupported files,
Allow Download is selected.
Under Zero Protection, Allow
user to dismiss the phishing
alert and access the website
is selected.
Under Password Reuse,
Allow users to dismiss the
password reuse alert and
access the website is
selected.
| 55
 Configuring the Threat Prevention Policy

Updating a Predefined Policy Mode

Based on internal analysis and research, Check Point may suitably modify the operation mode
or Advanced Settings of a predefined policy mode. If a predefined mode is updated, a
notification appears.

n Click Align to accept the updates. The system automatically updates to the new settings
for the predefined mode.
n Click Keep to retain the current settings. The policy mode changes to Custom.

Harmony Browse Administration Guide | 56

 Web and Files Protection

Web and Files Protection

URL Filtering
URL Filtering rules define which sites can be accessed from within your organization.

To set the URL Filtering mode:

1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule.
3. In the Web & Files Protection tab, under URL Filtering, select a mode:
n Prevent - The request to enter a site is suspended until a verdict regarding the site
is received. Access to the site is blocked if site matches one of the blocked
categories or the blacklisting.
l Allows user to dismiss the URL Filtering alert and access the website.
l This option is selected by default. It provides the user with access to a
blocked site if the end user believes the verdict is unjustified. This option can
also be turned off through the Advanced Settings section.
n Detect - Allows an access if a site is determined as malicious, but logs the traffic.
n Off - URL Filtering is turned off.
4. For Advanced Settings, see "URL Filtering" on page 64.

Files Protection
Download Emulation and Extraction

Download Protection rules protects users from malicious content.

To set the Download Emulation & Extraction mode:
1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule.
3. In the Web & Files Protection tab, under Download Protection, select a mode:
n Prevent - Prevents the download if the file is either known to be malicious or
detected as malicious by the Threat Emulation.

Harmony Browse Administration Guide | 57

 Web and Files Protection

n Detect - Emulates original file without suspending access to the file and logs the
incident. The file is blocked if it is malicious or blocked by file extension (Advanced
Settings > Download Protection). If not, the file is downloaded before the
emulation is complete.
n Off - Downloads the file without protection.
4. For Advanced Settings, see "Download Protection" on page 66.

Upload Emulation

Upload Emulation uses Threat Emulation to analyze the files you upload to protected domains
to identify threats and mitigate them.

Notes:
n This feature is not supported for Harmony Browse clients managed through the
Harmony Endpoint Administrator Portal.
n The domains may support multiple ways to upload a file. For example, clicking a
button to browse and upload the file or drag-and-drop the file. If you upload files
by drag-and-drop, the Upload Emulation feature operates in the Detect mode,
even if you set to Prevent mode.

Harmony Browse Administration Guide | 58

 Web and Files Protection

To enable Upload Emulation:

1. Navigate to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule.
3. In the Web & Files Protection tab, under Upload Emulation, select a mode:
n Prevent - Prevents the upload if the file is either known to be malicious or detected
as malicious by the Threat Emulation. To specify additional behaviors for the
Prevent mode, see "Upload Protection" on page 70.
n Detect - Allows the user to upload the files even if it is detected as malicious. The
incidents are logged.
n Off - Uploads the file without protection.
4. To specify the protected domains, in the Upload Emulation section, click Edit.
5. Click New.
6. In the Value field, enter the domain name or IP address of the protected domain. For
example, my-domain or 1.1.1.1.
7. Select the required action for Upload Emulation:
o Protected - Enables upload emulation.
o Not Protected - Upload Emulation is disabled.
8. Click Save.
9. To delete the domain, select the domain and click Delete.

Harmony Browse Administration Guide | 59

 Web and Files Protection

10. To add multiple protected domains, click :

n To add a list of protected domains and set Upload Emulation as Protected, click
Import Upload Emulation and select the CSV file with protected domains.
n To add a list of protected domains and set both Password Reuse and Upload
Emulation as Protected, click Import All and select the CSV files with protected
domains.

11. To export the list of domains to a CSV file, click :

n To export only the domains with Upload Emulation set as Protected, click Export
Upload Emulation.
n To export all domains, click Export All.

The system exports the data to a CSV file.

12. Click OK.
13. For Advanced Settings, see "Upload Protection" on page 70.

Credential Protection
Zero Phishing

Phishing prevention checks different characteristics of a website to make sure that a site does
not pretend to be a different site and use personal information maliciously.

To set the Zero Phishing mode:

1. Go to Policy > Threat Prevention > Policy Capabilities.

2. Select the rule.

3. In the Web & Files Protection tab, under Zero Phishing, select a mode:
n Prevent - If site is scanned and found to be malicious, access to it is blocked and
log of the incident is shown in the Harmony Browse web management log section.
n Detect - An incident log is sent but access to the site is not be blocked. Also, the
site scan is silent (invisible to the user).
n OFF – Turns off the feature.
4. For Advanced Settings, see "Credential Protection" on page 74.

Password Reuse Protection

Alerts users not to use their corporate password in non-corporate domains.

Harmony Browse Administration Guide | 60

 Web and Files Protection

To set the Password Reuse mode:

1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule.
3. In the Web & Files Protection tab, under Password Reuse, select a mode:
n Prevent mode - Blocks the user from entering the corporate password and opens
the blocking page in a new tab. If you enable Allow users to dismiss the password
reuse alert and access the website, then it allows the user to dismiss the blocking
page and continue to enter the corporate password.
n Detect mode - The system does not block the user from entering the corporate
password. If a user enters the corporate password, it is captured in the Harmony
Browse logs.
n Off - Turns off password reuse protection.
4. To add domains to Password Reuse, click New

Note - Make sure that the endpoint is added to the domain.

5. In the Value field, enter the domain name or IP address of the protected domain. For
example, my-domain or 1.1.1.1
6. Select the required action for Password Reuse:
o Protected - Blocks users from reusing the password of protected domain in other
domains.
o Not Protected - Allows users to reuse the password of the protected domain in
other domains.

7. Click Save.
8. To delete the domain, select the domain and click Delete.

9. To add multiple protected domains, click :

n To add a list of protected domains and set Password Reuse as Protected, click
Import Password Reuse, and select the CSV file with protected domains.
n To add a list of protected domains and set both Password Reuse and Upload
Emulation as Protected, click Import All and select the CSV file with protected
domain.

10. To export the list of domains to a CSV file, click :

Harmony Browse Administration Guide | 61

 Web and Files Protection

n To export only the domains with Password Reuse set as Protected, click Enable
Password Reuse.
n To export all domains, click Export All.
The system exports the data to a CSV file.
11. For Advanced Settings, see "Credential Protection" on page 74.

Safe Search
Search Reputation

Search Reputation is a feature added to search engines that classifies search results based on
URL's reputation.

Notes:
n It is supported only with Google, Bing, and Yahoo search engines.
n To enable this feature, ensure that you set URL Filtering Mode to either
Prevent or Detect.

To set the Search Reputation mode:

1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule.
3. In the Capabilities & Exclusions pane, select Web & Files Protection.

4. In the Web & Files Protection tab, scroll-down to Search Reputation section and select
a mode:
n On - Turns on the feature.
n Off -Turns off the feature.
When you enable this feature, the icon across the URL in the search results indicate the
classification:

Icon Classification

The website is safe.

Example:

Harmony Browse Administration Guide | 62

 Web and Files Protection

Icon Classification

The website is not safe.

Example:

The website is blocked by the Administrator.

Example:

Note - If the Search Reputation cannot classify a URL, then it does not display an icon
across the URL. If you want such URLs to be classified and blocked, then enable the
Uncategorized checkbox in URL Filtering > Categories > General Use. The Search
Reputation classifies Uncategorized URLs as The website is blocked by the
Administrator.

Force Safe Search

Force Safe Search is a feature in search engines that acts as an automated filter for potentially
offensive and inappropriate content.

To set the Force Search Reputation mode:

1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule.

3. In the Web & Files Protection tab, under Force Safe Search, select a mode:
n On - Hides explicit content from the search results.
n Off - User sees the most relevant results for their search, which may include
explicit content like images consisting of violence.
Main features:
n When ‘Force Safe Search’ is on, Harmony Browse turns on Safe Search on the
supported search engines.
n It is supported with Google, Bing, and Yahoo search engines.
n Force Safe Search is off by default.
n Force Safe Search is supported with Google Chrome, and Microsoft Edge browsers.

Harmony Browse Administration Guide | 63

 Web and Files Protection

Advanced Settings
URL Filtering

Note - You must set the URL Filtering Mode to Prevent or Detect to set the
Advanced Settings.

Allow user to dismiss the URL Filtering alert and access the website – Allows user to bypass
URL filtering and access the website.

Categories

Harmony Browse categorizes websites and you can specify the categories that must be
blocked for the user. When you select a category, the URL Filtering rule applies to all sites in
the selected category.

To specify the categories to block:

1. Under Categories, select the category. For example, Bandwidth Consumption.
2. Click Show and then select the sub-category.

Black List

You can specify specific URLs, domains or IP addresses you want to block.
To black list a domain or IP address, click Show and add the URL, domain or IP address.

Notes:
n You can add the domain names manually or upload a CSV file with the domain
names you want to include in the blacklist.
n You can use * and ? as wildcards for blacklisting.
l * is supported with any string. For example: A* can be ADomain or AB or

AAAA.
l ? is supported with another character. For example, A? can be AA or AB or

Ab.
n You can export your blacklist.
n If you wish to completely block the domain www.test-domain.com, including its
sub-domains (sub1.test-domain.com, sub2.test-domain.com, etc’) and it is a
naked domain (test-domain.com, without the www), you need to add two values
to the block list:
l *.test_domain.com

l test_domain.com

Malicious Script Protection

Malicious Script Protection scans Uncategorized websites for embedded malicious

JavaScripts. If the domain that hosts the script belongs to any one of these categories, then
the page is blocked and the event is logged.

Harmony Browse Administration Guide | 64

 Web and Files Protection

n Anonymizer
n Botnets
n Critical Risk
n High Risk
n Medium Risk
n Phishing
n Spam
n Spyware
n Malicious Sites
n Suspicious Content

Note - Ensure that you set URL Filtering Mode to either Prevent or Detect.If it is set
to Prevent, the page is blocked and the event is logged. If it is set to Detect, the page
is not blocked and the event is logged.

To specify malicious script protection:

n To enable malicious script protection, select Block websites where Malicious Scripts
are found embedded in the HTML.
n To allow users to dismiss the malicious script security alert and access the website,
select Allow user to dismiss the Malicious Scripts alert and access the website.

Files Protection

General Settings

Emulation Environments

You can specify the size limit for files that must be sent for Threat Emulation. Files larger than
the specified limit are not sent to Threat Emulation.
Upload and emulate files under – Specify the file size limit for Threat Emulation. The default
file size limit is 15 MB. The maximum file size limit supported is 100 MB.

Note - Increasing the file size increases the client processing and network
traffic required to process large files.

Override Default File Actions

Harmony Browse allows you to override the default file action for the supported and
unsupported files.

Harmony Browse Administration Guide | 65

 Web and Files Protection

To override the file action for supported files:

1. In the Supported Files section, click Edit.
2. Select the File action and Extraction Mode.
3. Click OK.

To override the file action for unsupported files:

1. In the Unsupported Files section, click Edit.

a. To add a file type, click and enter the File type.

b. To edit a file type, select the file type and click .

c. To delete a file type, select the file type and click .

2. Select the Download action for the file:

n Default - The action specified in "Unsupported Files" on page 70.
n Allow
n Block
3. Select the Upload action for the file:
n Default - The action specified in "Unsupported Files" on page 70.
n Allow
n Block

4. (Optional) In the Comments field, enter a comment.

5. Click OK.

Download Protection

Note - You must set the Download Emulation & Extraction to Prevent or Detect to
set the Advanced Settings.

Harmony Browse protects against malicious files that you download to your Endpoint. By
default, it sends the files for extraction and emulation to Check Point's Threat Emulation on the
cloud before they are downloaded to the Endpoint disk. You can also configure Harmony
Browse with Threat Emulation on-premise. For more information, see sk113599.
n Threat Emulation: Detects zero-day and unknown attacks. Files are sent to sandbox for
emulation to detect evasive zero-day attacks.

Harmony Browse Administration Guide | 66

 Web and Files Protection

n Threat Extraction: Proactively protects users from malicious content. It quickly delivers
safe files while the original files are inspected for potential threats.

Supported Files

The supported file types for Threat Emulation are:

Harmony Browse Administration Guide | 67

 Web and Files Protection

Threat Emulation Supported File Types

7z lnk slk

aspx msi swf

app1 msg tar

arj O tbz2

bat one tbz

bz2 pif tb2

CAB pdf tgz

csv pkg udf

com ppt uue

cpl pptx wim

dll pps wsf

doc pptm xar

docx potx xlt

dot potm xls

dotx ppam xlsx

dotm ppsx xlm

docm ppsm xltx

dmg ps1 xlsm

dylib qcow2 xltm

exe rar xlsb

gz rtf xla

hwp sh xlam

iso scr xll

sldx xlw

Harmony Browse Administration Guide | 68

 Web and Files Protection

Threat Emulation Supported File Types

img sldm xz

iqy zip

jar

The supported file types for Threat Extraction are:

Threat Extraction Supported File Types

doc potm pptx

docm potx xls

docx ppa xlsb

dot ppam xlsm

dotm pps xlsx

dotx ppsm xlt

fdf ppsx xltm

pdf ppt xltx

pot pptm xlam

one

Note - Ignore the files types listed in the Harmony Browse Administrator Portal.

Download Emulation Actions

The options available for supported file types of Threat Extraction are:

Harmony Browse Administration Guide | 69

 Web and Files Protection

n Get extracted copy before emulation completes

o Extract potential malicious elements - While a file is tested, receive a copy of the
file with all suspicious parts removed. Files that support extraction are available for
download after the extraction. Files that do not support extraction are available for
download only after the emulation and if it is benign.
o To specify the elements for Threat Extraction in the downloaded file, click
Elements to extract and click to add and click to remove.
o Covert to PDF - For receive the file in a PDF format. If the file is not malicious,
users receive the original file when the emulation is finished. Emulation can take up
to two minutes.
n Suspend download until emulation completes – The original file is downloaded if found
to be clean.
n Emulate original file without suspending access - Emulates original file without
suspending access to the file and logs the incident. If the file is malicious, it is blocked.
n Allow – Threat Emulation and Threat Extraction is turned off.

Unsupported Files

The options available for unsupported files types are:

n Allow Download - Allows user to access the file.
n Block Download - Blocks user from accessing the file.

Custom Settings

Download Emulation and Extraction

n Block downloads when emulation fails due to size limit or connectivity problem -
Select the checkbox to block download of a file if the Threat Emulation of the file fails due
to technical reasons, such as file size limit, no internet connectivity and invalid licenses.
n Block downloads when emulation fails due to file encryption - Select the checkbox to
block download of a file, if the Threat Emulation of the file fails to extract the file due to
the file encryption.

Upload Protection

Harmony Browse protects against malicious files that you upload to the protected domains. By
default, it sends the files to Check Point's Threat Emulation on the cloud before they are
uploaded to the domains. You can specify the advanced settings for uploading files that are
supported and unsupported by Threat Emulation.

Note - This feature is not supported for Harmony Browse clients managed through
the Harmony Endpoint Administrator Portal.

Harmony Browse Administration Guide | 70

 Web and Files Protection

Upload Emulation Actions

n For supported files:

o Suspend Upload Until Emulation Completes – File uploads to the protected
domains are suspended until the Threat Emulation analysis of the files is complete
and the verdict is benign.
o Emulate the file without suspending access and block known malicious files -
Malicious files are blocked and not uploaded to protected domains. Rest of the files
are sent to Threat Emulation for analysis without suspending the file upload.
o Emulate the file without suspending access - Files uploaded to the protected
domains are logged but not prevented. End user does not receive any notification.
o Allow - Disables the Upload Emulation feature. That is, allows users to upload files
to protected domains without Threat Emulation.
n For unsupported files:

Harmony Browse Administration Guide | 71

 Web and Files Protection

o Allow – Allows the upload of file types that are not supported by Threat Emulation to
the protected domain.

Warning - Uploading files without Threat Emulation analysis may pose

potential security risks.
o Block – Blocks the upload of file types that are not supported by Threat Emulation
to the protected domain.

Note - File type policy overrides the default file action selected here. For more
information, see "Override Default File Actions" on page 65.

Block Upload by Domain

Allows you to specify domains to which you want to either allow or block upload files,
regardless of the Upload Emulation setting.

Harmony Browse Administration Guide | 72

 Web and Files Protection

To block or allow files upload to a domain:

1. Navigate to Upload Protection.
2. In the Block upload by domain section, click Edit.
The Advanced Settings - Web & Files Protection window appears.

3. Click

4. In the Value field, enter the domain name or IP address. For example, my-domain.com
or 1.1.1.1.
5. From the Action list, select the required action:
n Block
n Allow
6. Click OK.

7. To edit a domain, select the domain and click .

Harmony Browse Administration Guide | 73

 Web and Files Protection

8. To delete a domain, select the domain and click .

9. Click OK.

Credential Protection

Note - You must set the Zero Phishing and Password Reuse to Prevent or Detect to
set the Advanced Settings.

User can select any of these settings under Zero Phishing:

n Allow user to dismiss the phishing alert and access the website - It allows the user to
dismiss the blocking page and continue to enter the corporate password.
n Send log on each scanned site
n Allow user to abort phishing scans
n Scan local HTML files - By default, the Harmony Browse extension in Chromium-based
browsers (Chrome, Microsoft Edge, and Brave) cannot access the local HTML files
opened by the browser to scan them for phishing attacks. This setting prompts users to
grant permission to Chromium-based browsers to access and scan local HTML files on
your PC.

Notes:
l You can customize the prompt page. For more information, see "Configuring

Client Settings Policy" on page 50

l This feature is not supported with Safari and Internet Explorer browser

extensions.

To grant permission to access and scan the local HTML files:

1. When a user opens a local HTML file, the Harmony Browse request access to file
URLs prompt appears. Click Click to copy.
2. Paste the copied path in the address bar of the Chrome browser and press Enter.
3. Scroll down and turn on Allow access to file URLs.
4. If the HTML file has an input field, Harmony Browse scans the file and blocks it, if
identified as phishing.
n Disable notifications - Allows you to disable the browser zero-phishing scan notification
that appears when users try to enter in an input field.

Note - Only the notification is disabled but the browser zero-phishing scan is
performed in the background indicated by the yellow highlight around the input
field.

User can select any of these settings under Password Reuse Protection:

Harmony Browse Administration Guide | 74

 Web and Files Protection

n To protect a domain, click Edit and enter the domain name or IP address.
n You can also select Allow users to dismiss the password reuse alert and access the
website setting.

Browser Settings

Pin Extension

This feature enables the administrator to configure to allow users to pin or unpin the browser
extension to the toolbar.
By default, Harmony Browse extension is pinned to the browser for all users with the Harmony
Browse Client version BROWSE_90.09.0001 and higher (Windows) and latest mac clients.

Note - You can unpin the extension only on Chromium browsers, such as Chrome,
Edge and Brave. You cannot unpin an extension in Firefox.

Windows

To allow users to unpin the browser extension, clear Always pin the browser extension to the
tool bar under Pin Extension.
The user must re-login by locking and unlocking the endpoint and either restart the browser or
wait for 15 minutes for the changes to reflect. This is not applicable to endpoints with the
Harmony Endpoint Security client installed as the browser extension is pinned automatically
through the policy update.

macOS

You cannot disable Extension Pinning through a policy in Harmony Browse.

To manually disable Extension Pinning:

1. On the endpoint, navigate to /Library/Application Support/Checkpoint/Threat Emulation/.

2. Remove these lines from the browser specific script. For example, for Chrome, the script
file name is install_chrome_ext.sh.
<key>$PIN_KEY</key>
<string>$PIN_VALUE</string>

3. Save and run the script.

4. Reload the policy on the browser. For example for Chrome, go to chrome://policy and
click Reload policies.

Control Browser Notifications

This feature allows administrators to control the following browser notifications:

Harmony Browse Administration Guide | 75

 Web and Files Protection

n Disable Zero-Phishing notifications - Select the checkbox to disable the zero-phishing

scan notification that appears when users try to enter in an input field.

Note - Only the notification is disabled but the browser zero-phishing scan is
performed in the background indicated by the yellow highlight around the input
field.
n Disable Download Emulation & Extraction notifications - Select the checkbox to
disable the download emulation and extraction notifications whenever a file is
downloaded.

Incognito Mode

This feature allows administrators to control the availability of incognito mode for users. The
default option is Off.

Note - This feature is supported only for Endpoint Security client versions E88.60 and
higher.
n Off - The feature does not control the availability of incognito mode.

Note - Users can access incognito mode depending on the organization policies.

n Enable - Forces incognito mode to be available for users, overriding any existing
settings that might restrict its availability.
n Disable - Prevents users from accessing incognito mode by disabling it completely.

Adding Exclusions to Rules

You can use either Legacy Exclusions and Smart Exclusions to add your exclusions. However,
we recommend that you use Smart Exclusions for the easy of managing exclusions.

Legacy Exclusions
You can exclude specific objects from inspection by the protections:

Adding Exclusions to a Specific Rule

To add exclusions to a specific rule:

1. Go to Policy > Threat Prevention > Policy Capabilities.
2. Select the rule for which you want to create the exclusion
3. In the Capabilities & Exclusions pane, click Exclusions Center.
4. Expand an exclusion category. For example, Anti-Bot -> URL Filtering Exclusions.

Harmony Browse Administration Guide | 76

 Web and Files Protection

Note - Global Exclusions is read-only. To add Global Exclusions, see "Adding Global
Exclusions" below.
5. Expand Rule Exclusions.
6. Select the exclusions you want to add to the rule.
7. Click OK.
8. In the bottom right corner of the policy configuration pane, click Save.
9. From the top, click Install Policy.

Adding Global Exclusions

To add global exclusions that apply to all the rules:

1. Go to Policy > Threat Prevention > Global Exclusions.

2. Expand an exclusion category. For example, Anti-Bot -> URL Filtering Exclusions.
3. Select the exclusions you want to add to the rule.
4. Click Save.
5. From the top, click Install Policy.

Adding a New Exclusion to an Exclusion Category

To add an exclusion to an exclusions category:

1. Do one of these:
n Go to Policy > Threat Prevention > Policy Capabilities.
n Go to Policy > Threat Prevention > Global Exclusions.
The Edit Exclusions Center window appears.

2. Click .

The New Exclusion window appears.

3. Specify these details:
a. Exclusion
b. Method
c. Value
d. (Optional) Comment

Harmony Browse Administration Guide | 77

 Web and Files Protection

e. To add the exclusion to all the rules, select the Add to all rules checkbox. This step
does not apply to Global Exclusions.
Note - If the current rule contains this exception, then the system adds a duplicate
exclusion.
4. Click OK.
5. In the bottom right corner of the policy configuration pane, click Save.
6. From the top, click Install Policy.

Editing an Exclusion

To edit an exclusion:

1. Do one of these:
n Go to Policy > Threat Prevention > Policy Capabilities.
n Go to Policy > Threat Prevention > Global Exclusions.
The Edit Exclusions Center window opens.
2. Expand an exclusion category. For example, Anti-Bot -> URL Filtering Exclusions.
3. If you are editing a local exclusion, expand Local Exclusions. This step does not apply to
Global Exclusions.
4. Select the exclusion you want to edit.

5. Click .

The Edit Exclusion window appears.

6. Specify these details:

a. Exclusion
b. Method
c. Value
d. (Optional) Comment
e. To apply the changes to all the rules that contain this exclusion, select the Update
all rules checkbox. This step does not apply to Global Exclusions.
f. To add the exclusion to all the rules that does not contain this exclusion, select the
Add to all rules checkbox. This step does not apply to Global Exclusions.
7. Click OK.

Harmony Browse Administration Guide | 78

 Web and Files Protection

8. In the bottom right corner of the policy configuration pane, click Save.
9. From the top, click Install Policy.
Below is the list of supported exclusions.
URL Filtering Exclusions

You can exclude specific domains from a rule. Click + to add the required domain you want
to exclude from the rule.
Syntax
n * indicates a string or a character. For example, A* can be ADomain or AB or AAAA.
n ? indicates a character. For example, A? can be AA or AB or Ab.

For example:

If you enter It excludes these It does not exclude these

www.domain.com n https://www.domain.com n https://domain.com

n http://www.domain.com n http://domain.com
n https://sub.domain.com
n http://sub.domain.com

domain.com n https://www.domain.com -
n http://www.domain.com
n https://domain.com
n http://domain.com
n https://sub.domain.com
n http://sub.domain.com

sub.domain.com n https://sub.domain.com https://sub2.domain.com

n http://sub.domain.com

*.domain.com Sub-domain of domain.com

such as:
n https://sub1.domain.com
n http://sub2.domain.com

Threat Emulation, Threat Extraction, and Zero-Phishing Exclusions

You can exclude:

Harmony Browse Administration Guide | 79

 Web and Files Protection

n Domains
n SHA1 hashes from Threat Emulation and Threat Extraction
Domain exclusions
n To exclude an IP, in the Element field, enter IP address followed by subnet mask in
the format <X.X.X.X>/ <subnet mask >. For example, to exclude a computer with IP
address 192.168.100.30, enter 192.168.100.30/24.
n Domain exclusions must be added without http, https or any other special characters
except asterisk (*).
Domain exclusions can be added with or without www.
n Sub-domain exclusions are supported.

Exclusion of a domain will exclude all its subdomains as well.

For example:

If you enter It excludes these It does not exclude these

www.domain.com n https://www.domain.com n https://domain.com

n http://www.domain.com n http://domain.com
n https://sub.domain.com
n http://sub.domain.com

domain.com n https://www.domain.com -
n http://www.domain.com
n https://domain.com
n http://domain.com
n https://sub.domain.com
n http://sub.domain.com

sub.domain.com n https://sub.domain.com https://sub2.domain.com

n http://sub.domain.com

*.domain.com Sub-domain of domain.com

such as:
n https://sub1.domain.com
n http://sub2.domain.com

SHA1 exclusions -

Harmony Browse Administration Guide | 80

 Web and Files Protection

n It is not supported with Internet Explorer.

n Macro exclusion - To exclude the office files which includes a macro, set exclusions
for the SHA1 hash of the macro.
For example, if an exclusion is set to SHA1 hash of the macro, all the files which
includes this macro are excluded.

Notes -
l This is supported with Endpoint Security Client version E88.00 or

higher.
l To view the hash of a macro, see the Description in the Forensic

Details section in the Card of the event. For more information see,
Adding Exclusions from Logs.

n Excludes downloaded files from File Protection.

n Excludes local HTML files from Zero Phishing.

Smart Exclusions
Smart Exclusions allows you to add exclusions to one or more capabilities and types easily,
whereas the Legacy Exclusions allows you to add exclusion only for one capability at a time.
With Smart Exclusions, you can:
n Set exclusions to all capabilities and operating systems at once.
n Use standard syntax across all exclusion types.
n Use wider range of wildcard characters for nuanced and customized exclusion patterns.
n Easily enable or disable exclusions with a simple toggle button without the need to delete
exclusions temporarily.

Harmony Browse Administration Guide | 81

 Web and Files Protection

Adding Exclusions to a Specific Rule

To add a new exclusion to a specific rule:

1. Go to Policy > Threat Prevention > Policy Capabilities.

2. Select the rule for which you want to create the exclusion.
3. In the Capabilities & Exclusions pane, click Exclusions Center.
4. Click Go to Smart Exclusions.

5. Click or click Create New Exclusion.

6. To add an exclusion for only one exclusion type:

Harmony Browse Administration Guide | 82

 Web and Files Protection

a. Click Single-method exclusion.

A wizard appears.

b. In the Exclusion name field, enter a name for exclusion.

c. To enable the exclusion, toggle Status to Enabled.
d. From the Exclusion Type list, select the exclusion type.

Harmony Browse Administration Guide | 83

 Web and Files Protection

e. From the Operating system list, select the operating system to which you want
to apply the exclusion. For example, endpoints running Windows operating
system only. It is not available if you select All supported in the Apply to the
following capabilities section.

Caution - If you make exclusions in the Forensics Monitoring

capability, the activities of the excluded processes are omitted from
forensic analysis. As a result, you cannot query for these activities in
Threat Hunting and they are excluded from Horizon XDR/XPR
analysis, detections, and the creation of security incidents related to
sophisticated attacks.

f. In the Apply to the following capabilities section:

n To apply the exclusion to all capabilities, select All supported.
n To apply the capabilities to specific capabilities, select Select specific and
from the Capabilities list, select the capabilities.

Notes:
n Capabilities not relevant to the selected group are not

available.
n For supported syntax and capabilities for exclusion types,

see sk181679.

If the Exclusion
Then
Type is

File hash a. From the File hash type list, select the hash type:
n MD5
n SHA1
n SHA2
n cdhash (for macOS only)

b. In the File hash value, enter the value.

IP Range In the IP Range fields, enter the IP address range.

For example, to enter IPv4 range, enter 192.168.1.30-
192.168.1.198.
For example, to enter IPv6 range, enter 2001::1-
2001::254.

Url In the URL field, enter the URL.

Domain In the Domain field, enter the domain. For example,

checkpoint.com.

g. (Optional) In the Comment field, enter comments.

Harmony Browse Administration Guide | 84

 Web and Files Protection

h. Click Save.

7. To add exclusions for multiple types of exclusions:

a. Click Multi-method exclusion.

A wizard appears.

b. In the Exclusion name field, enter a name for exclusion.

c. To enable the exclusion, toggle Status to Enabled.

d. From the Exclusion Group list, select the exclusion type.
e. From the Operating system list, select the operating system to which you want
to apply the exclusion. For example, endpoints running Windows operating
system only. It is not available if you select All supported in the Apply to the
following capabilities section.

Caution - If you make exclusions in the Forensics Monitoring

capability, the activities of the excluded processes are omitted from
forensic analysis. As a result, you cannot query for these activities in
Threat Hunting and they are excluded from Horizon XDR/XPR
analysis, detections, and the creation of security incidents related to
sophisticated attacks.

Harmony Browse Administration Guide | 85

 Web and Files Protection

f. In the Apply to the following capabilities section:

n To apply the exclusion to all capabilities, select All supported.
n To apply the capabilities to specific capabilities, select Select specific and
from the Capabilities list, select the capabilities. "Smart Exclusions" on
page 81

Notes:
l Capabilities not relevant to the selected group are not

available.
l Anti-Exploit capability supports only Process path and

Infection/Protection exclusions.

g. (Optional) In the Comment field, enter comments.

Harmony Browse Administration Guide | 86

 Web and Files Protection

h. Click Next.

Note - For supported syntax and capabilities for exclusion types, see
sk181679.

Harmony Browse Administration Guide | 87

 Web and Files Protection

If the Exclusion
Exclusion Type Then
Group is

System Process path a. In the Process path field, enter

the path of the process. For
example,
C:\windows\system\cmd.exe.
b. To specify additional criteria,
expand Process path options,
and select:
n Case sensitive
n Trusted process
n Argument and if required,

select Regex, and in the

Argument value field, enter
the value.

Process original Enter the process original name. For

name 1 example, Cmd.exe.
Supported only for Windows-based
endpoints.
Notes -
n To find the original name of

the process:
i. Right-click on the
executable file.
ii. Go to Properties >
Details > Original
filename.
n Process original name is

case-sensitive.

Process hash a. From the Process hash type list,

select the hash type:
n MD5
n SHA1
n SHA2
n cdhash (for macOS only)

b. In the Process hash value, enter

the value.

Process signer 1 In the Process signer value field, enter

the process signer value. For example,
Check Point Ltd.

Harmony Browse Administration Guide | 88

 Web and Files Protection

If the Exclusion
Exclusion Type Then
Group is

File path a. In the File path field, enter the

path of the file. For example,
C:\windows\system\.
b. To specify additional criteria,
expand File path options, and
select Case sensitive.

File hash a. From the File hash type list,

select the hash type:
n MD5
n SHA1
n SHA2
n cdhash (for macOS only)

b. In the File hash value, enter the

value.

File signer In the File signer value field, enter the

process signer value. For example,
Check Point Ltd.

Web Asset IP Range In the IP Range fields, enter the IP

address range.
For example, to enter IPv4 range,
enter 192.168.1.30-192.168.1.198.
For example, to enter IPv6 range,
enter 2001::1-2001::254.

Url In the URL field, enter the URL.

Domain In the Domain field, enter the domain.

For example, checkpoint.com.
1 It is mandatory to provide either Process
original name or the
Process signer parameter. All the other parameters are optional.

i. Click Finish.

8. Click OK.
9. Click Save & Install.

Note - You can change Single-method exclusion to Multi-method exclusion.

See Managing Exclusions.

Harmony Browse Administration Guide | 89

 Web and Files Protection

Adding Global Exclusions

To add global exclusions that apply to all the rules:

1. Go to Policy > Threat Prevention > Global Exclusions.
2. Click Go to Smart Exclusions.

3. Click or click Create New Exclusion.

4. To add an exclusion for only one exclusion type:

Harmony Browse Administration Guide | 90

 Web and Files Protection

a. Click Single-method exclusion.

A wizard appears.

b. In the Exclusion name field, enter a name for exclusion.

c. To enable the exclusion, toggle Status to Enabled.
d. From the Exclusion Type list, select the exclusion type.

Harmony Browse Administration Guide | 91

 Web and Files Protection

e. From the Operating system list, select the operating system to which you want
to apply the exclusion. For example, endpoints running Windows operating
system only. It is not available if you select All supported in the Apply to the
following capabilities section.

Caution - If you make exclusions in the Forensics Monitoring

capability, the activities of the excluded processes are omitted from
forensic analysis. As a result, you cannot query for these activities in
Threat Hunting and they are excluded from Horizon XDR/XPR
analysis, detections, and the creation of security incidents related to
sophisticated attacks.

f. In the Apply to the following capabilities section:

n To apply the exclusion to all capabilities, select All supported.
n To apply the capabilities to specific capabilities, select Select specific and
from the Capabilities list, select the capabilities.

Notes:
n Capabilities not relevant to the selected group are not

available.
n For supported syntax and capabilities for exclusion types,

see sk181679.

If the Exclusion
Then
Type is

File hash a. From the File hash type list, select the hash type:
n MD5
n SHA1
n SHA2
n cdhash (for macOS only)

b. In the File hash value, enter the value.

IP Range In the IP Range fields, enter the IP address range.

For example, to enter IPv4 range, enter 192.168.1.30-
192.168.1.198.
For example, to enter IPv6 range, enter 2001::1-
2001::254.

Url In the URL field, enter the URL.

Domain In the Domain field, enter the domain. For example,

checkpoint.com.

g. (Optional) In the Comment field, enter comments.

Harmony Browse Administration Guide | 92

 Web and Files Protection

h. Click Save.

5. To add exclusions for multiple types of exclusions:

a. Click Multi-method exclusion.

A wizard appears.

b. In the Exclusion name field, enter a name for exclusion.

c. To enable the exclusion, toggle Status to Enabled.

d. From the Exclusion Group list, select the exclusion type.
e. From the Operating system list, select the operating system to which you want
to apply the exclusion. For example, endpoints running Windows operating
system only. It is not available if you select All supported in the Apply to the
following capabilities section.

Caution - If you make exclusions in the Forensics Monitoring

capability, the activities of the excluded processes are omitted from
forensic analysis. As a result, you cannot query for these activities in
Threat Hunting and they are excluded from Horizon XDR/XPR
analysis, detections, and the creation of security incidents related to
sophisticated attacks.

Harmony Browse Administration Guide | 93

 Web and Files Protection

f. In the Apply to the following capabilities section:

n To apply the exclusion to all capabilities, select All supported.
n To apply the capabilities to specific capabilities, select Select specific and
from the Capabilities list, select the capabilities. "Smart Exclusions" on
page 81

Notes:
l Capabilities not relevant to the selected group are not

available.
l Anti-Exploit capability supports only Process path and

Infection/Protection exclusions.

g. (Optional) In the Comment field, enter comments.

Harmony Browse Administration Guide | 94

 Web and Files Protection

h. Click Next.

Note - For supported syntax and capabilities for exclusion types, see
sk181679.

Harmony Browse Administration Guide | 95

 Web and Files Protection

If the Exclusion
Exclusion Type Then
Group is

System Process path a. In the Process path field, enter

the path of the process. For
example,
C:\windows\system\cmd.exe.
b. To specify additional criteria,
expand Process path options,
and select:
n Case sensitive
n Trusted process
n Argument and if required,

select Regex, and in the

Argument value field, enter
the value.

Process original Enter the process original name. For

name 1 example, Cmd.exe.
Supported only for Windows-based
endpoints.
Notes -
n To find the original name of

the process:
i. Right-click on the
executable file.
ii. Go to Properties >
Details > Original
filename.
n Process original name is

case-sensitive.

Process hash a. From the Process hash type list,

select the hash type:
n MD5
n SHA1
n SHA2
n cdhash (for macOS only)

b. In the Process hash value, enter

the value.

Process signer 1 In the Process signer value field, enter

the process signer value. For example,
Check Point Ltd.

Harmony Browse Administration Guide | 96

 Web and Files Protection

If the Exclusion
Exclusion Type Then
Group is

File path a. In the File path field, enter the

path of the file. For example,
C:\windows\system\.
b. To specify additional criteria,
expand File path options, and
select Case sensitive.

File hash a. From the File hash type list,

select the hash type:
n MD5
n SHA1
n SHA2
n cdhash (for macOS only)

b. In the File hash value, enter the

value.

File signer In the File signer value field, enter the

process signer value. For example,
Check Point Ltd.

Web Asset IP Range In the IP Range fields, enter the IP

address range.
For example, to enter IPv4 range,
enter 192.168.1.30-192.168.1.198.
For example, to enter IPv6 range,
enter 2001::1-2001::254.

Url In the URL field, enter the URL.

Domain In the Domain field, enter the domain.

For example, checkpoint.com.
1 It is mandatory to provide either Process
original name or the
Process signer parameter. All the other parameters are optional.

i. Click Finish.

Harmony Browse Administration Guide | 97

 Web and Files Protection

Migrating Legacy Exclusions

Best Practice - Check Point recommends to follow these steps before migrating to Smart
Exclusions:
1. Go to Policy > Threat Prevention > Policy Capabilities
2. Pick a rule to test the migration and clone the rule.
3. Place the newly created rule at the top.
4. Under Applied To, select a test group.
5. Click Exclusion Center for the newly created rule and export the legacy exclusions
for backup purposes.
6. For the newly created rule, migrate to Smart Exclusions. See "To migrate legacy
exclusions to smart exclusions:" below.
7. Click Save and Install.
8. Go to Logs and filter the logs for the computer in the test group. Verify that there are
no false positives and all the detections are excluded correctly. If there are issues,
contact Check Point Support.
9. Perform the steps 1 through 8 for each rule at a time.
10. Repeat the process for Global Exclusions.

To migrate legacy exclusions to smart exclusions:

1. To migrate legacy exclusions for a rule:
a. Go to Policy > Threat Prevention > Policy Capabilities.
b. Select the rule.

c. In the Capabilities & Exclusions pane, click Exclusions Center.

2. To migrate legacy global exclusions, go to Policy > Threat Prevention > Global
Exclusions.

3. Click Go to Smart Exclusions.

4. To migrate all legacy exclusions:
a. Click Migrate from Legacy Exclusions (available only if there are no exclusions) or
click and click All exclusions from legacy.

The Import All Legacy Exclusions window appears.

b. (Recommended) To remove all the legacy exclusions after you migrate to smart
exclusions, select Remove all the imported exclusions from legacy.
c. Click Import.
5. To migrate specific exclusions:

Harmony Browse Administration Guide | 98

 Web and Files Protection

a. Click and Select exclusions from legacy.

The Transfer from Legacy - Select Exclusions window appears.

b. Select the exclusions.
c. Click OK.
The exclusions are added to smart exclusions.
6. For specific rule, click OK and Save & Install.
7. For global exclusions, click Save.
The exclusions are automatically enforced on the client without installing the policy.

Importing and Exporting Exclusions

To import or export exclusions:

1. To import or export exclusions for a rule:
a. Go to Policy > Threat Prevention > Policy Capabilities.
b. Select the rule.
c. In the Capabilities & Exclusions pane, click Exclusions Center.
2. To import or export global exclusions, go to Policy > Threat Prevention > Global
Exclusions.

3. Click Go To Smart Exclusions.

4. To import exclusions:

a. Click and click Import Files.

b. Browse and select the import file in the JSON format.

c. For specific rule, click OK and Save & Install.
d. For global exclusions, click Save.
The exclusions are automatically enforced on the client without installing the policy.

5. To export exclusions, click .

The file is exported in the JSON format.

Harmony Browse Administration Guide | 99

 Web and Files Protection

Managing Exclusions

To manage exclusions:
1. To manage smart exclusions for a rule:
a. Go to Policy > Threat Prevention > Policy Capabilities.
b. Select the rule.
c. In the Capabilities & Exclusions pane, click Exclusions Center.
2. To manage global smart exclusions, go to Policy > Threat Prevention > Global
Exclusions.
3. Click Go To Smart Exclusions.

4. To edit an exclusion:

n
Select the exclusion and click .
n Right-click the row and click Edit.
To a change Single-method exclusion to Multi-method exclusion, click Edit in
multi-value wizard at the bottom of the wizard.
Refer to "Adding Exclusions to a Specific Rule" on page 82 to edit the exclusion.
5. To delete exclusions:

n
Select the exclusions and click .

n
Click the row and at the end of the row, click .
n Select the exclusions, right-click and click Delete.
6. To duplicate exclusions:

n
Select the exclusion and click .

n
Click the row and at the end of the row, click .
n Select the exclusion, right-click and click Duplicate.
7. To enable or disable the exclusion, toggle the button in the Status column.
8. To edit Name, Capabilities and Comment:

Harmony Browse Administration Guide | 100

 Web and Files Protection

a. Click the row.

b. At the end of the row, click .

c. Edit the details.

d. Click .
9. For a specific rule, click OK and Save & Install.
10. For global exclusions, click Save.
The exclusions are automatically enforced on the client without installing the policy.

Browser Settings
Disabling Incognito Mode, BrowserGuest Mode, and InPrivate Mode
Overview

The browser extension is not installed automatically if the Incognito, Guest or InPrivate mode
is enabled in your browser. We recommend that you disable these modes to secure your
users.

Chrome on Windows

To disable Incognito mode and BrowserGuest mode:

1. Select Start and type CMD.

2. Right-click Command Prompt and select Run as administrator.

The Command Prompt window appears.

3.
To disable Run

Incognito mode REG ADD HKLM\SOFTWARE\Policies\Google\Chrome /v

IncognitoModeAvailability /t REG_DWORD /d 1

BrowserGuest REG ADD HKLM\SOFTWARE\Policies\Google\Chrome /v

mode BrowserGuestModeEnabled /t REG_DWORD /d 0

Firefox on Windows

To disable InPrivate mode:

1. Select Start and type CMD.
2. Right-click Command Prompt and select Run as administrator.

Harmony Browse Administration Guide | 101

 Web and Files Protection

The Command Prompt window appears

3.
To disable Run

InPrivate REG ADD HKLM\SOFTWARE\Policies\Mozilla\Firefox /v

mode DisablePrivateBrowsing /t REG_DWORD /d 1

Microsoft Edge on Windows

To disable BrowserGuest mode and InPrivate mode:

1. Select Start and type CMD.
2. Right-click Command Prompt and select Run as administrator.

The Command Prompt window appears

3.
To disable Run

BrowserGuest REG ADD HKLM\SOFTWARE\Policies\Microsoft\Edge /v

mode BrowserGuestModeEnabled /t REG_DWORD /d 0

InPrivate mode REG ADD HKLM\SOFTWARE\Policies\Microsoft\Edge /v

InPrivateModeAvailability /t REG_DWORD /d 1

Brave on Windows

To disable Incognito mode, Incognito mode with Tor and BrowserGuest mode:
1. Select Start and type CMD.

2. Right-click Command Prompt and select Run as administrator.

The Command Prompt window appears
3.
To disable Run

Incognito mode REG ADD

HKLM\SOFTWARE\Policies\BraveSoftware\Brave /v
IncognitoModeAvailability /t REG_DWORD /d 1

BrowserGuest REG ADD

mode HKLM\SOFTWARE\Policies\BraveSoftware\Brave /v
BrowserGuestModeEnabled /t REG_DWORD /d 0

Harmony Browse Administration Guide | 102

 Web and Files Protection

To disable Run

Incognito mode REG ADD

with Tor HKLM\SOFTWARE\Policies\BraveSoftware\Brave /v
TorDisabled /t REG_DWORD /d 1

Chrome on macOS

To disable incognito mode and BrowserGuest mode:

1. In the Finder, click Go > Utilities.
2. Open the Terminal app.

The Terminal app window appears.

3.
To disable Run

Incognito mode defaults write com.google.chrome

IncognitoModeAvailability -integer 1z

BrowserGuest defaults write com.google.Chrome

mode BrowserGuestModeEnabled -bool false

Firefox on macOS

To disable InPrivate mode:

1. In the Finder, click Go > Utilities.

2. Open the Terminal app.

The Terminal app window appears.
3.
To disable Run

InPrivate defaults write

mode /Library/Preferences/org.mozilla.firefox
DisablePrivateBrowsing -bool TRUE

Microsoft Edge on macOS

To disable BrowserGuest mode and InPrivate mode:

1. In the Finder, click Go > Utilities.
2. Open the Terminal app.

Harmony Browse Administration Guide | 103

 Web and Files Protection

The Terminal app window appears.

3.
To disable Run

BrowserGuest defaults write com.microsoft.edge

mode BrowserGuestModeEnabled -integer 0

InPrivate mode defaults write com.microsoft.edge

InPrivateModeAvailability -integer 1

Enabling the Browser Extension on a Browser with Incognito or

InPrivate Mode
You can enable Harmony Browse extension on your browser in Incognito or InPrivate mode.

To enable the Harmony Browse extension on Chrome in the Incognito mode:

1. In your browser's address bar, type chrome://extensions/ and locate the Harmony
Browse extension.
2. Click Details and enable Allow in Incognito.

To enable the Harmony Browse extension on Edge in the InPrivate mode:

1. In your browser's address bar, type Edge://extensions/ and locate Harmony
Browse extension.
2. Click Details and select Allow in Private checkbox.

To enable the Harmony Browse extension on Firefox in the InPrivate mode:

1. In your browser's address bar, type about:addons and select Extensions.
2. Click the Harmony Browse Extension.
3. In Run in Private Windows, select Allow.

Ending the Browser Process Running in the Background

When you close Chrome and Edge browsers with the Harmony Browse extension installed,
the browser process continues to run in the background. You can perform these procedures to
end the browser process running in the background.

To end the Chrome browser process running in the background:

1. Select Start and type CMD.
2. Right-click Command Prompt and select Run as administrator.
The Command Prompt window appears.
3. Run:

Harmony Browse Administration Guide | 104

 Web and Files Protection

REG ADD HKLM\SOFTWARE\Policies\Google\Chrome /v

BackgroundModeEnabled /t REG_DWORD /d 0

4. Press Enter.

To end the Edge browser process running in the background:

1. Select Start and type CMD.
2. Right-click Command Prompt and select Run as administrator.
The Command Prompt window appears.
3. Run:
REG ADD HKLM\SOFTWARE\Policies\Microsoft\Edge /v
BackgroundModeEnabled /t REG_DWORD /d 0

4. Press Enter.

Browser Extension Pinning

For more information, see Browser Settings in "Web and Files Protection" on page 57 .

Managing IoCs
Indicator of Compromise (IoC) is an indicator to cyber security professionals about an unusual
activity or an attack. Harmony Browse allows you to add IoCs for domains, IP addresses,
URLs, MD5 Hash keys and SHA1 Hash keys that are automatically blocked by File Protection
(Threat Emulation and Threat Extraction) and URL Filtering without the need to install the
policy.

Prerequisite
n For the IoCs domain, IP address and URL, activate (Prevent or Detect) the URL Filtering
capability.
n For the IoCs MD5 Hash and SHA1 Hash, activate (Prevent or Detect) the Download
Protection capability.

To add IoCs:
1. Click Policy > Threat Prevention.
2. Click Manage IoCs.

3. Click .

The New IoC window appears.

Harmony Browse Administration Guide | 105

 Web and Files Protection

4. Select a Type and enter a Value and Comment (optional).

5. Click OK.
The IoC is added to the table.

To import IoCs from an excel sheet:

You can import IoCs from an excel sheet containing up to 10000 entries in the format:

1. Click Policy > Threat Prevention.

2. Click Manage IoCs.

3. Click .

The Import IoCs window appears.

4. Click Upload and select the excel sheet.

Note - The system verifies the entries in the excel and discards invalid entries.
5. Click Import.
The IoCs are added to the table.

To edit an IoC:
1. Click Policy > Threat Prevention.
2. Click Manage IoCs.
3. Select the IoC.

4. Click .

Harmony Browse Administration Guide | 106

 Web and Files Protection

The Edit IoC window appears.

5. Make the required changes.
6. Click OK.

To delete IoCs:
1. Click Policy > Threat Prevention.
2. Click Manage IoCs.
3. Select the IoCs.

4. Click .

A prompt appears.
5. Click OK.

To export IoCs to an excel sheet:

1. Click Policy > Threat Prevention.
2. Click Manage IoCs.

3. Click .

The system exports the IoCs to an excel sheet.

Data Loss Prevention

Data Loss Prevention (DLP) detects and prevents unauthorized transmission of confidential
information, such as social security numbers, credit card numbers, bank account numbers and
so on.
Browser-Based DLP capabilities allow you to enforce DLP by associating data types with a
DLP rule.
In the Data Loss Prevention tab, you can set rules based on specific events, data types and
actions.
These actions are available within the DLP rules:
n Detect - Performs the DLP scan but does not block the data.
n Prevent - Performs the DLP scan and prevents data transfer if it finds a match to a data
type.

Harmony Browse Administration Guide | 107

 Web and Files Protection

n Allow - Acts as exclusions, allowing data transfer in certain events.

n Block - Blocks the data without the DLP scan.
The Data Loss Prevention tab allows the administrator to enable and install the Gen AI Protect
feature on the endpoints. Gen AI Protect monitors the use of various Gen AI tools by the
endpoints. It detects and prevents the sharing of potential confidential information in the
prompts to any Gen AI tools by the Endpoint Security Clients.

DLP Logs
n Logs are sent for Block, Prevent, and Detect actions.
n File upload and File download events generate log for each handled file, regardless of
whether the event is blocked, prevented, detected, or allowed.
n Text control and Paste events send logs for blocked, prevented, or detected incidents.

Use Case
You are a financial organization aiming to prevent the upload or download of files containing
confidential and sensitive data, such as bank account numbers, tax and revenue details, by
unauthorized users.

Known Limitations
n This feature is supported in EU and US regions only.
n DLP is not applied if the file size is greater than 10 MB.
n DLP is not applied when you drag and drop a folder to upload files, and in such cases,
the upload of the folder gets blocked.
n If the downloaded file is scanned by DLP, it is not sent to Threat Emulation.

Sample Data Type

For supported data and file types, see sk181662.

Harmony Browse Administration Guide | 108

 Web and Files Protection

Legends Description

1 Name of the data type.

2 Date and time (in MM/DD/YY, HH:MM:SS XM format) when the data type
was last modified.

3 Brief description of the data type.

4 Custom tags (category) for the data type. Helps in searching for data types.

5 Matching criteria:
n Pattern
n Keyword
n Dictionary
n Weighted Words
n Template
n File attribute
n Compound (Combination of data types with a logical separator)
n Group (Data type group)

6 The minimum number of times the matching criteria must be present in the
file to trigger the DLP action specified in the policy capability rule. For
example, if the matching criteria is Keyword, the value is credit and the
Matching Threshold is 5, then the system takes the action specified by the
policy capability rule if the file contains the term credit five times or more.

Harmony Browse Administration Guide | 109

 Web and Files Protection

Legends Description

7 Policy capability rules where the data type is used.

8 Groups associated with the data type.

9 Add the data type to a group.

10 Duplicate the data type.

11 Edit the data type.

12 Comment.

13 Filter data type by category.

14 Search for a data type.

Creating a Custom Data Type

To create a custom data type:

1. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.

2. Click New and select Data type.

Harmony Browse Administration Guide | 110

 Web and Files Protection

The Add data type wizard appears.

3. Enter the data type name, object comment (optional) and description.
4. From the Data type recognition method list, select a recognition method:

Harmony Browse Administration Guide | 111

 Web and Files Protection

Recognition method Description Action

Pattern Applies the action specified In the Patterns section,

in the policy capability rule if enter the pattern and click
the file contents match the .
threshold for the pattern. For
example, 5523-2342.

Keyword Applies the action specified In the Keywords section,

in the policy capability rule if enter the keywords and
the file contents match the click .
threshold for the keyword.
For example, Confidential,
Secret.

Dictionary Applies the action specified Upload the dictionary file.

in the policy capability rule if
the file contents match the
threshold for the terms in the
dictionary. For example,
Spain, China, United
Kingdom.

Each keyword must be

specified in a single line in
the UTF-8 format.

Note - The
recommended file
formats are Microsoft
Word and .txt.

Harmony Browse Administration Guide | 112

 Web and Files Protection

Recognition method Description Action

Weighted Words Applies the action specified a. Click New.

in the policy capability rule if
the file contains keywords
and the cumulative weight
matches or exceeds the
threshold.

Use this method to specify

multiple keywords.

For example, consider two b. Enter these:

keywords: n Keyword
n credit with Weight=1 n Weight -

and Max. Weight=3 Weight for

n transaction with each
Weight=2 and Max. occurrence of
Weight=30 the keyword.
and Matching n Max. Weight -

Threshold=15. Maximum
allowed for
If the file contains six weight for the
occurrences of credit, each keyword.
contributing a Weight of 1. c. If the keyword is a
That is, 1x6=6. As the Max. regular expression,
Weight=3, the final weight is turn on the Regex
3. toggle button.
d. Click Add.
If the file contains eight e. Repeat steps a
occurrences of transaction, through d to add the
each contributing a Weight of next keyword.
2. That is, 2x8=16. As the
Max. Weight=30, the final
weight is 16.

As the sum of final weights of

credit and transaction, that
is, 16+3=19 is greater than
the Matching Threshold, the
system applies the specified
action in the policy capability
rule.

Harmony Browse Administration Guide | 113

 Web and Files Protection

Recognition method Description Action

If the sum of the final weights

of the keywords is less than
the Matching Threshold,
then the file is uploaded or
downloaded.

Template Applies the action specified Upload the template file.

in the policy capability rule if
the file contents match the
threshold for the terms in the
template. For example, a
template with a set header,
footer and logo.
If the template contains
images, the DLP is triggered
only if the file contains the
images in the same format as
in the specified template.

File attribute Applies the action specified Select any of these and
in the policy capability rule if enter a value:
the file: n File name. For
n Matches the specified example, Account
file name. Numbers, Employee
n Size is equal to or Details.
greater than the n File size. File size in

specified file size. Byte, KB, MB or GB.

n Type matches the n File type.

specified file type. l

Click and
select the file
type(s) from
the list.

5. Click Next.

Note - This step does not apply to Template and File attribute recognition
methods.

6. Select the matching threshold.

The minimum number of times the matching criteria must be present in the file to trigger
the DLP. For example, if the matching criteria is Keyword, the value is credit and the
Matching Threshold is 5, then the system takes the action specified by the policy
capability rule if the file contain the term credit five times or more.

Harmony Browse Administration Guide | 114

 Web and Files Protection

Note - This step does not apply to Template and File attribute recognition
methods.

7. Click Finish.
The new custom data type is listed under Custom Data Types.
8. To permanently save all the changes to the database, click Save at the top.
The change detected window appears.

9. Click Confirm.
10. To discard all the changes, click Discard at the top.
The change detected window appears.

Harmony Browse Administration Guide | 115

 Web and Files Protection

11. Click Confirm.

Creating a Custom Data Type Group

To create a custom data type group:

1. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.

2. Click New and select Group.

Harmony Browse Administration Guide | 116

 Web and Files Protection

The New Data type Group window appears.

3. Enter a group name, object comment (optional) and description.

4. To add predefined data types to the group, click in the Predefined Data types field
and select the data type.

5. To add custom data types to the group, click in the Custom Data types field and
select the data type.
6. Click Save.
The new data type group is listed under My Groups.

Harmony Browse Administration Guide | 117

 Web and Files Protection

7. To permanently save all the changes to the database, click Save at the top.
The change detected window appears.

8. Click Confirm.
9. To discard all the changes, click Discard at the top.
The change detected window appears.

10. Click Confirm.

Harmony Browse Administration Guide | 118

 Web and Files Protection

Adding an Existing Data Type to a Group

To add an existing data type to a group:

1. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.

2. In the Data Type Name list, expand Custom Data Types or Predefined Data Types and
select the data type.

3. Click Add to group.

4. Select the group(s) from the list.
5. Click Add.

Harmony Browse Administration Guide | 119

 Web and Files Protection

6. To permanently save all the changes to the database, click Save at the top.
The change detected window appears.

7. Click Confirm.
8. To discard all the changes, click Discard at the top.
The change detected window appears.

9. Click Confirm.

Editing a Data Type or Group

Note - If you edit a data type, the changes are reflected in all the groups that contain
this data type.

Harmony Browse Administration Guide | 120

 Web and Files Protection

To edit a data type or group:

1. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.

2. In the Data Type Name list, expand the DLP group and select the data type or the group.

3. Click Edit.

Harmony Browse Administration Guide | 121

 Web and Files Protection

4. Make the required changes.

Note - In the Check Point Recommended and Predefined Data Types DLP
groups, you can edit only Matching level and Add object comment.

5. Click OK.
6. To permanently save all the changes to the database, click Save at the top.
The change detected window appears.

7. Click Confirm.
8. To discard all the changes, click Discard at the top.
The change detected window appears.

Harmony Browse Administration Guide | 122

 Web and Files Protection

9. Click Confirm.

Duplicating a Data Type or a Group

To duplicate a data type or group:

1. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.

2. In the Data Type Name list, expand the DLP group and select the data type or the group
within.

Harmony Browse Administration Guide | 123

 Web and Files Protection

3. Click Duplicate.
4. Make the required changes.
5. Click OK.
6. To permanently save all the changes to the database, click Save at the top.
The change detected window appears.

7. Click Confirm.
8. To discard all the changes, click Discard at the top.
The change detected window appears.

Harmony Browse Administration Guide | 124

 Web and Files Protection

9. Click Confirm.

Deleting a Data Type or a Group

Note - Before you delete a data type, make sure to remove the data type from the
group(s) and policy capability rules.

To delete a data type or group:

1. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.

2. In the Data Type Name list, expand the DLP group and select the data type or the group
within.

Harmony Browse Administration Guide | 125

 Web and Files Protection

3. Click Delete.
The Deleting a data type window appears.

4. Click Delete Data Type.

5. To permanently save all the changes to the database, click Save at the top.
The change detected window appears.

6. Click Confirm.
7. To discard all the changes, click Discard at the top.

Harmony Browse Administration Guide | 126

 Web and Files Protection

The change detected window appears.

8. Click Confirm.

Managing Microsoft Sensitivity Labels for DLP

Harmony Browse allows you to integrate Sensitivity labels from Microsoft Purview Information
Protection into your DLP system, providing an additional layer of data protection based on
predefined sensitivity classifications.

Step 1 - Copy the Microsoft Sensitivity label names and their UUIDs
from Microsoft Purview
1. Log in to Purview Portal: https://purview.microsoft.com/
2. Go to Solutions > Information protection > Labels.

3. Click the label name for which you want to find the UUID.
4. Copy the UUID in the Label ID or GUID section.

Harmony Browse Administration Guide | 127

 Web and Files Protection

Step 2 - Creating Microsoft Sensitivity Labels in Harmony Browse

1. Log in to Infinity Portal and access the Harmony Browse Administrator Portal:
2. Go to Policy > Data Loss Prevention and click DLP Data Type Manager.
3. Click Manage Labels.

The Manage Sensitivity Labels Dashboard window appears.

Harmony Browse Administration Guide | 128

 Web and Files Protection

4. Click New.

Harmony Browse Administration Guide | 129

 Web and Files Protection

5. In the Name field, enter a name for the label. For example, MIP_EXAMPLE.
6. In the UUID field, enter the label UUID. For more information, see "Step 1 - Copy the
Microsoft Sensitivity label names and their UUIDs from Microsoft Purview" on page 127.
7. Click Add.
8. Click OK.

Harmony Browse Administration Guide | 130

 Web and Files Protection

Note - The newly created label is now listed in Sensitivity Labels under Data
Type Name section.
It also shows the label details:
n Date modified
n Description
n Tags - Shows tags assigned, if any, for further categorization
n Where used - Shows the DLP rule name that uses this label to enforce

protection.
n Groups - Shows if the label is part of any group.

You can use Tags and Groups to better organize and manage the sensitivity
labels.

9. To edit a label, select the label you want to edit, click Edit, update the field and then click
Apply.

10. To delete a label, select the label you want to delete, click Delete and then click Delete
Data Type.

Harmony Browse Administration Guide | 131

 Web and Files Protection

11. Click Save.

12. Click Confirm.

Step 3 - Assign Sensitivity Labels to DLP Rules

After creating Sensitivity labels in Harmony Browse, you must assign them to the DLP rules to
enforce data protection based on these sensitivity labels.
To assign sensitivity labels to a DLP rules, see "Creating a DLP Rule and Associating with an
Event" below.

Creating a DLP Rule and Associating with an Event

1. Go to Policy > Data Loss Prevention.
2. Add a rule:

Harmony Browse Administration Guide | 132

 Web and Files Protection

a. Select a rule.
b. Click Clone and click Clone Above or Clone Below.

Note - If you have selected the default rule, select Clone Above.

The Clone Rule window appears.

c. In the Name field, enter a rule name.

d. From the Applied to list, select a device(s) to which you want to apply the rule.
e. Click OK.
3. To enable the Gen AI protection:

Harmony Browse Administration Guide | 133

 Web and Files Protection

a. Select the rule to which the Gen AI protection must be associated.

b. From the list of tabs, select Settings tab.
c. Select Enable GenAI protect.
d. Click Save & Install, to apply the rule on the applicable endpoints.
4. Click one of these tabs:
n Outbound events - Outbound data refers to transferring content to external
resources.
Examples:
l Uploading file to a file sharing website.
l Entering text in a text box of an external resource, such as ChatGPT.
l Pasting text in a text box of an external resource, such as ChatGPT.

Note - Enforcement of DLP for Paste and Text Control events is only
supported for Generative AI sites.
n Inbound events - Inbound data refers to downloading data and sharing content
within internal corporate resources.
Example - Downloading file from a file sharing website.

5. Click Add.
The Data Protection - New Event window appears.

Harmony Browse Administration Guide | 134

 Web and Files Protection

6. By default, the event is enabled. To disable, turn off the Status toggle button.
7. From the Event type list, select one of these:
n File upload - To apply the DLP rule when you upload a file to an external resource.
n Text control - To apply the DLP rule when you type text in an external resource text
box. For example, in ChatGPT.
n Paste - To apply the DLP rule when you paste content into an external resource.
For example, ChapGPT.
n File download - To apply the DLP rule when you download a file from an internal
resource.
Note - Enforcement of DLP for Paste and Text Control events is only supported
for Generative AI sites.

8. From the Destination type list, select one of these type to which you want to apply the
rule:

Harmony Browse Administration Guide | 135

 Web and Files Protection

Destination
Enter these
type

All N/A

Url In the URL field, enter the web addresses to which you want to apply
the rule.

Domain In the Domain field, enter the domain to which you want to apply the
rule.

Category From the Categories & sub categories list, select one or more
categories.

Notes:
n In Inbound events, you can only choose a URL or Domain.
n In Inbound events, if a source is added for DLP scanning, files

downloaded from that source are not scanned by Threat Emulation.

9. From the Action list, select one of these:

n Detect - Performs the DLP scan but does not block the data.
n Prevent - Performs the DLP scan and prevents data transfer if it finds a match to a
data type.
n Allow - Acts as exclusions, allowing data transfer in certain events.
n Block - Blocks the data without the DLP scan.

10. To associate data types with an event, in the Data types section, click and select the
data type or a group.

Note - This step is applicable only if the Action is Detect or Prevent.

11. Click Save.

The events are displayed in the Outbound events and Inbound events columns in the
DLP rule.

Harmony Browse Administration Guide | 136

 Web and Files Protection

12. To delete an event, select the event that you want to delete and click Delete.
13. To edit an event, select the event that you want to edit, click Edit, make the required
changes and click OK.
14. To disable all events, turn off the Disable all toggle button.

15. Click Save & Install.

The Install Policy window appears.

Harmony Browse Administration Guide | 137

 Web and Files Protection

16. Click Install.

Rule Configuration Logic

The rule configuration logic offers a systematic method for applying policy rules to events. The
system prioritizes the most specific events and progresses through four levels of specificity:
1. URL
2. Domain
3. Category
4. All

Note - The Paste and Text control events, only have access to the Category level.

Harmony Browse Administration Guide | 138

 Web and Files Protection

Scenarios

Scenario 1: User attempts to upload a file to https://domain1.com/url1.html

Specific Event

Most specific event is the URL https://domain1.com/url1.html.

Result

Scenario 2: User attempts to upload a file to https://domain1.com/url2.html

Specific Event

Most specific event is the URL https://domain1.com/url2.html.

Result

Scenario 3: User attempts to upload a file to https://domain1.com/url3.html

Specific Event

Most specific event is the Domain domain1.com.

Harmony Browse Administration Guide | 139

 Web and Files Protection

Result

Scenario 4: User attempts to upload a file to https://domain2.com/url.html

Specific Event

The Category of domain2.com is Computers / Internet.

Since there are no specific events for the URL or Domain, the Category event is selected.

Result

Scenario 5: User attempts to upload a file to https://domain3.com/url.html

Specific Event

The Category of domain3.com is Education.

Since there are no specific events for the URL or Domain, the Category event is selected.

Harmony Browse Administration Guide | 140

 Web and Files Protection

Result

Scenario 6: User attempts to upload a file to https://domain4.com/url.html

Specific Event

Since there are no specific events for the URL, Domain, or Category, the event with the
destination All is selected.

Result

When multiple events are relevant for the same incident, the events with the strict action is
selected.

Harmony Browse Administration Guide | 141

 Web and Files Protection

Scenario 7: User attempts to upload a file to https://domain5.com/url.html

Specific Event

The Category of domain5.com are Computers / Internet and Education.

Since there are no events for the URL or Domain, only two events for the Category are
relevant, and the system selects the event with stricter action.

Result

Scenario 8: User attempts to upload a file to https://domain1.com

Specific Event

Since there are no events for the URL, only two events for the Domain domain1.com are
relevant.

Result

Harmony Browse Administration Guide | 142

 Web and Files Protection

General Information
Localization
The Harmony Browse extension automatically detects the language of the browser and
translates the following to the detected language:
n Pop-up and associated notifications
n Block pages

Note - The customized parts of a block page are not translated. For more
information, see "Configuring Client Settings Policy" on page 50.
n OS notifications
The supported languages for localization are:
n Czech
n Danish
n German
n Greek
n English
n Spanish (European and Latin American)
n Finnish
n French
n Italian
n Japanese
n Norwegian Bokmål
n Dutch
n Norwegian Nynorsk
n Norwegian
n Polish
n Portuguese (European and Brazilian Portuguese)
n Romanian

Harmony Browse Administration Guide | 143

 Web and Files Protection

n Russian
n Swedish

Harmony Browse Administration Guide | 144

 Managing Active Directory Scanners

Managing Active Directory

Scanners
If your organization uses Microsoft Active Directory (AD), you can import users, groups,
Organizational units (OUs) and computers from multiple AD domains into the Harmony
Browse. After the objects are imported, you can assign policies.
When you first log in to Harmony Browse, the AD tree is empty. To populate the tree with
computers from the Active Directory, you must configure the Directory Scanner.
The Directory Scanner scans the defined Active Directory and fills the AD table in the Asset
Management view, copying the existing Active Directory structure to the server database.

Harmony Browse supports the use of multiple AD scanners per Active Directory domain, and
multiple domains per service.

Required Permissions to Active Directory:

For the scan to succeed, the user account related to each Directory Scanner instance requires
full read permissions to:
n The Active Directory root.
n All child containers and objects.
n The deleted objects container.

An object deleted from the Active Directory is not immediately erased, but moved to the
Deleted Objects container.
Comparing objects in the AD with those in the Deleted objects container gives a clear picture
of network resources (computers, servers, users, groups) that have changed since the last
scan.
The Active Directory Scanner does not scan Groups of type "Distribution".

Organization Distributed Scan

Organization Distributed Scan is enabled by default. You can see its configured settings in the
Endpoint Settings view > AD Scanners.

Full Active Directory Sync

In the Full Active Directory Sync, one Endpoint client is defined as the Active Directory
scanner, it collects the information and sends it to the Security Management Server.

Harmony Browse Administration Guide | 145

 Managing Active Directory Scanners

To download Endpoint client to be defined as an AD scanner:

1. Go to the Overview tab.
2. Click on the Download button in the blue bar.
3. Click on the Download button under the Client for AD integration.

To configure the AD scanner:

1. In the left navigation panel, click Asset Management.
2. In the left pane, click Computers.
3. In the top toolbar, click Computer Actions > in the section General Actions, click
Directory Scanner.
The Scanner window opens.
4. Fill in this information:

SECTION REQUIRED INFORMATION

Connect from n Computer name - Select the computer

computer name which the AD integration client
was installed on. This computer will be
used as your AD scanner.

AD Login n User name (AD) - Enter the user name

details to access the Active Directory.
n Domain name - Enter the domain of the
Active Directory.
n Password (AD) - Enter the password to
access the Active Directory.

AD n Domain controller - Enter the name of

Connection the Domain controller.
n Port - Enter the number of the listening
port on the Domain controller.
n Use SSL communication
(recommended) - Select this checkbox if
you want the connection between the AD
scanner to the Domain Controller to be
over SSL.
n LDAP Path - The address of the
scanned directory server.
n Sync AD every - Configure the interval
at which the scanning will be performed

Harmony Browse Administration Guide | 146

 Managing Active Directory Scanners

When you create a new AD scanner, the Organization Directory Scan is automatically
disabled.
To see information on your activated AD scanners, go to the Endpoint Settings view.

Note - You can also reach scanner configuration form through the Endpoint Settings
view > Setup full Active Directory sync.

Harmony Browse Administration Guide | 147

 Managing Active Directory Scanners

Harmony Browse Logs

See all collected logs in the Harmony Browse Logs view:

Use the time filter (1) and select the relevant options on the Statistics pane (3) to set specific
criteria and customize the search results. Alternatively, you can enter your query in the search
bar. For more details about the Query Language, see "Query Language Overview" on
page 150.

Item Description

1 Time period - Search with predefined custom time periods or define another time
period for the search.

2 Query search bar - Enter your queries in this field.

3 Statistics pane - Shows statistics of the events by Blades, Severity of the event
and other parameters.

4 Card - Log information and other details.

5 Results pane - Shows log entries for the most recent query.

6 Options - Hide or show a client identity in the Card, and export the log details to
CSV.

The information recorded in logs can be useful in these cases:

Harmony Browse Administration Guide | 148

 Managing Active Directory Scanners

n To identify the cause of technical problems.

n To monitor traffic more closely.
n To make sure that all features function properly.

Note - You can forward logs to expansion (SIEM). For more information, see Event
Forwarding.

Harmony Browse Administration Guide | 149

 Managing Active Directory Scanners

Query Language Overview

A powerful query language lets you show only selected records from the log files, according to
your criteria.
To create complex queries, use Boolean operators, wildcards, fields, and ranges.
This section refers in detail to the query language.
When you use Harmony Browse to create a query, the applicable criteria appear in the Query
search bar.
The basic query syntax is:

[<Field>:] <Filter Criterion>

To put together many criteria in one query, use Boolean operators:

[<Field>:] <Filter Criterion> {AND | OR | NOT} [<Field>:] <Filter

Criterion> ...

Most query keywords and filter criteria are not case sensitive, but there are some exceptions.
For example, "source:<X>" is case sensitive ("Source:<X>" does not match).
If your query results do not show the expected results, change the case of your query criteria,
or try upper and lower case.

When you use queries with more than one criteria value, an AND is implied automatically, so
there is no need to add it. Enter OR or other boolean operators if needed.

Criteria Values
Criteria values are written as one or more text strings.
You can enter one text string, such as a word, IP address, or URL, without delimiters.
Phrases or text strings that contain more than one word must be surrounded by quotation
marks.
One-word string examples

n John
n inbound
n 192.168.2.1
n some.example.com

Harmony Browse Administration Guide | 150

 Managing Active Directory Scanners

n dns_udp

Phrase examples

n "John Doe"
n "Log Out"
n "VPN-1 Embedded Connector"

IP Addresses

IPv4 and IPv6 addresses used in log queries are counted as one word.
Enter IPv4 address with dotted decimal notation and IPv6 addresses with colons.

Example:
n 192.0.2.1
n 2001:db8::f00:d

You can also use the wildcard '*' character and the standard network suffix to search for
logs that match IP addresses within a range.
Examples:
n src:192.168.0.0/16

Shows all records for the source IP 192.168.0.0 to 192.168.255.255 inclusive

n src:192.168.1.0/24

Shows all records for the source IP 192.168.1.0 to 192.168.1.255 inclusive

n src:192.168.2.*

Shows all records for the source IP 192.168.2.0 to 192.168.2.255 inclusive

n 192.168.*

Shows all records for 192.168.0.0 to 192.168.255.255 inclusive

Harmony Browse Administration Guide | 151

 Managing Active Directory Scanners

NOT Values
You can use NOT <field> values with Field Keywords in log queries to find logs for which the
value of the field is not the value in the query.

Syntax:

NOT <field>: <value>

Example:

NOT src:10.0.4.10

Wildcards
You can use the standard wildcard characters (* and ?) in queries to match variable
characters or strings in log records.
You can use more than the wildcard character.

Wildcard syntax:
n The ? (question mark) matches one character.
n The * (asterisk) matches a character string.

Examples:
n Jo? shows Joe and Jon, but not Joseph.
n Jo* shows Jon, Joseph, and John Paul.
If your criteria value contains more than one word, you can use the wildcard in each word.
For example, 'Jo* N*' shows Joe North, John Natt, Joshua Named, and so on.

Note - Using a single '*' creates a search for a non-empty value string. For example
asset name:*

Harmony Browse Administration Guide | 152

 Managing Active Directory Scanners

Field Keywords
You can use predefined field names as keywords in filter criteria.
The query result only shows log records that match the criteria in the specified field.
If you do not use field names, the query result shows records that match the criteria in all fields.
This table shows the predefined field keywords. Some fields also support keyword aliases that
you can type as alternatives to the primary keyword.

Keyword
Keyword Description
Alias

severity Severity of the event

app_risk Potential risk from the application, of the event

protection Name of the protection

protection_ Type of protection

type

confidence_ Level of confidence that an event is malicious

level

action Action taken by a security rule

blade product Software Blade

destination dst Traffic destination IP address, DNS name or Check

Point network object name

origin orig Name of originating Security Gateway

service Service that generated the log entry

source src Traffic source IP address, DNS name or Check Point

network object name

user User name

Harmony Browse Administration Guide | 153

 Managing Active Directory Scanners

Syntax for a field name query:

<field name>:<values>

Where:
n <field name> - One of the predefined field names
n <values> - One or more filters
To search for rule number, use the Rule field name.
For example:

rule:7.1

If you use the rule number as a filter, rules in all the Layers with that number are matched.
To search for a rule name, you must not use the Rule field. Use free text.
For example:

"Block Credit Cards"

Best Practice - Do a free text search for the rule name. Make sure rule names are
unique and not reused in different Layers.

Examples:
n source:192.168.2.1
n action:(Reject OR Block)

You can use the OR Boolean operator in parentheses to include multiple criteria values.

Important - When you use fields with multiple values, you must:
n Write the Boolean operator, for example AND.
n Use parentheses.

Harmony Browse Administration Guide | 154

 Managing Active Directory Scanners

Boolean Operators
You can use the Boolean operators AND , OR, and NOT to create filters with many different
criteria.
You can put multiple Boolean expressions in parentheses.
If you enter more than one criteria without a Boolean operator, the AND operator is implied.
When you use multiple criteria without parentheses, the OR operator is applied before the
AND operator.

Examples:

n blade:"application control" AND action:block

Shows log records from the Application and URL Filtering Software Blade where traffic
was blocked.
n 192.168.2.133 10.19.136.101

Shows log entries that match the two IP addresses. The AND operator is presumed.
n 192.168.2.133 OR 10.19.136.101

Shows log entries that match one of the IP addresses.

n (blade: Firewall OR blade: IPS OR blade:VPN) AND NOT

action:drop

Shows all log entries from the Firewall, IPS or VPN blades that are not dropped.

The criteria in the parentheses are applied before the AND NOT criterion.
n source:(192.168.2.1 OR 192.168.2.2) AND destination:17.168.8.2

Shows log entries from the two source IP addresses if the destination IP address is
17.168.8.2.
This example also shows how you can use Boolean operators with field criteria.

Harmony Browse Administration Guide | 155

 Managing Active Directory Scanners

Managing Virtual Groups

Virtual Groups manage groups of users and devices.
You can use Virtual Groups with Active Directory for added flexibility or as an alternative to
Active Directory.
Objects can be members of more than one virtual group.
The benefits of using Virtual Groups include:
n Using the Active Directory without using it for Endpoint Security.
For example: Different administrators manage the Active Directory and Endpoint
Security.
n Your Endpoint Security requirements are more complex than the Active Directory
groups. For example, you want different groups for laptop and desktop computers.
n Using a non-Active Directory LDAP tool.
n Working without LDAP.
Some virtual groups are pre-defined with users and devices assigned to them automatically.

To create a virtual group:

1. Access Harmony Browse and click Asset Management.

2. Go to Organization > Organizational Tree and select Virtual Groups.

3. To create a virtual group for a group, right-click a group.
4. To create a virtual group for a specific device or a user, click the group and right-click the
device or user.
5. Select Create Virtual Group.
The Create Virtual Group window appears.

Harmony Browse Administration Guide | 156

 Managing Active Directory Scanners

6. In the Name field, enter a group name.

7. (Optional) In the Comment field, enter a comment.

Notes:
n A user or a device can belong to multiple virtual groups.
n Selecting a certain user or device shows the Active Directory information

collected about them.

n You cannot edit Active Directory groups but you can view their content.
n You can create a group and then assign the users or devices to the group,

or select users or devices first and then create a group from them.

8. Click OK.

Note - You can also perform this procedure from Asset Management >
Organization > Computers. See "Managing Computers" on page 46.

To add a group, device or a user to a virtual group:

1. Access Harmony Browse and click Asset Management.
2. Go to Organization > Organizational Tree and select Virtual Groups.
3. To add a group to a virtual group, right-click a group.
4. To add a specific device or a user to a virtual group, click the group and right-click the
device or user.
5. Select Add to Virtual Group.
The Add Members to Virtual Group window appears.

Harmony Browse Administration Guide | 157

 Managing Active Directory Scanners

6. Select the applicable virtual group.

7. Click OK.

Note - You can also perform this procedure from Asset Management >
Organization > Computers. See "Managing Computers" on page 46.

To create and add to virtual group:

1. Access Harmony Browse and click Asset Management.

2. Go to Organization > Organizational Tree and select Virtual Groups.
3. To create and add a group to a virtual group, right-click a group.

4. To create and add a specific device or a user to a virtual group, click the group and right-
click the device or user.
5. Select Create and Add to Virtual Group.
The Add Members to Virtual Group window appears.

Harmony Browse Administration Guide | 158

 Managing Active Directory Scanners

6. In the Name field, enter a group name.

7. (Optional) In the Comment field, enter a comment.
8. In the Members section search box, search and select the member.

9. Click OK.

Note - You can also perform this procedure from Asset Management >
Organization > Computers. See "Managing Computers" on page 46.

To move devices from one virtual group to another:

1. In the left navigation panel, click Asset Management.
2. In the left pane, click Organization > Organizational Tree.
3. Click Virtual Groups.
4. Move the devices:
n To move all the devices from a virtual group, select the virtual group.
n To move specific devices from a virtual group, click the virtual group, and select the
devices.
5. Right-click the virtual group or devices and select Move to Virtual Group.

Harmony Browse Administration Guide | 159

 Managing Active Directory Scanners

The Move Members to Virtual Group window appears.

6. Select the virtual group where you want to move the devices.
7. Click OK.

To export the list of devices in a virtual group to an excel file:

1. From the left navigation panel, click Asset Management > Organization > Organization
Tree.
2. From the list, click Virtual Group.
3. Right-click the virtual group and select Export Virtual Group Report.
The system exports the list of devices to an excel file. If the virtual group contains child
virtual groups, then the devices in those virtual groups are also included in the exported
file.

Harmony Browse Administration Guide | 160

 Exporting Logs

Exporting Logs
Check Point Log Exporter is an easy and secure method to export Check Point logs over
syslog. Log Exporter is a multi-threaded daemon service which runs on a log server. Each log
that is written on the log server is read by the Log Exporter daemon. It is then transformed into
the applicable format and mapping and sent to the end target.
For more information, see sk122323.

To export logs from Harmony Browse:

1. Go to Endpoint Settings > Export Events.

2. Click Add.
The New Logging Service window opens.
3. Fill in the export details:
n Name - Enter a name for the exported information.
n IP Address - Enter the IP Address of the target to which the logs are exported.
n Protocol - Select the protocol over which to export the logs: TCP or UDP.
n Format - Select the export format.
n Port - Select the port over which to export the logs. Only these ports are supported
for outgoing communication: 514, 6514, 443.
n TLS/SSL - Select this checkbox if you want log information to be TLS/SSL
encrypted. The only allowed authentication method through TLS is mutual
authentication. For mutual authentication, the log exporter needs these certificates:
l A *.pem Certificate Authority certificate (must contain only the certificate of
the CA that signed the client/server certificates, not the parent CA).
l A *.p12 format client certificate (log exporter side).
For instructions on how to create the certificates, see "Creating Security
Certificates for TLS Mutual Authentication" below.
4. Click Add.

Creating Security Certificates for TLS Mutual

Authentication
This section explains how to create self-signed security certificates for mutual authentication.

Harmony Browse Administration Guide | 161

 Exporting Logs

Notes:
n Make sure to run the openssl commands on a 3rd party CA server (not on the
log exporter device). The log exporter device must have a connectivity to the CA
server.
n The commands are not supported on a Check Point Security Management
Server or a Multi-Domain Server.

Procedure
1. Create a CA certificate

Step Description

1 Generate the self-signed root CA key:

openssl genrsa -out ca.key 2048

2 Generate the root CA certificate file in the PEM format:

openssl req -x509 -new -nodes -key ca.key -days 2048 -out ca.pem

Enter the information regarding the certificate.

This information is known as a Distinguished Name (DN).
An important field in the DN is the Common Name(CN), which should be the exact Fully Qualified Domain Name
(FQDN) of the host, with which you intend to use the certificate.
Apart from the Common Name, all other fields are optional and you can skip it.
If you purchase an SSL certificate from a certificate authority, it is often required that these additional fields, such
as "Organization", accurately reflect your organization's details.

Best Practice - Use the device IP address as the Common Name.

2. Create a client certificate

Step Description

1 Generate a client key:

openssl genrsa -out cp_
client.key 2048

2 Generate a client certificate sign request:

openssl req -new -key cp_
client.key -out cp_client.csr

3 Sign the certificate using the CA certificate files:

openssl x509 -req -in cp_
client.csr -CA ca.pem -CAkey
ca.key -CAcreateserial -out
cp_client.crt -days 2048 -
sha256

Harmony Browse Administration Guide | 162

 Exporting Logs

Step Description

4 Convert the certificate to the P12 format:

openssl pkcs12 -inkey cp_
client.key -in cp_client.crt -
export -out cp_client.p12

Note - The challenge phrase used in this

conversion is required in the cp_
client TLS configuration.

3. Update the security parameters on the Check Point exporting server

Step Description

1 On a Multi-Domain Server or Multi-Domain Log Server, go to the context

of the applicable Domain Management Server or Domain Log Server:
If you run on a Multi-Domain Log Server/Multi-Domain Log Server, run
this command to switch to the required domain:
mdsenv <Name or IP Address of Domain Management
Server or Domain Log Server>

2 Go to the deployment directory:

cd $EXPORTERDIR/targets/<Deployment Name>/

3 Create a directory for the certificate files:

mkdir -v certs

4 Copy the ca.pem and cp_client.p12 certificate files to the

$EXPORTERDIR/targets/<Deployment Name>/certs/ directory.

Note - The ca.key must not be published.

5 Assign the read permissions to the ca.pem and cp_client.p12

certificate files:
chmod -v +r ca.pem
chmod -v +r cp_client.p12

6 Update the secured target:

cp_log_export set name <Name> domain-server
<Domain-Server> encrypted true ca-cert <Full Path
to CA Certificate *.pem File> client-cert <Full
Path to *.p12 Certificate File> client-secret
<Challenge Phrase for the *.p12 File>

Harmony Browse Administration Guide | 163

 Exporting Logs

4. Create a server (target) certificate

Step Description

1 Generate a server key:

openssl genrsa -out server.key
2048

2 Generate a server certificate sign request:

openssl req -new -key server.key
-out server.csr

3 Sign the certificate using the CA certificate files:

openssl x509 -req -in server.csr
-CA ca.pem -CAkey ca.key -
CAcreateserial -out server.crt -
days 2048 -sha256

Note - Some SIEM applications require the server certification to be in a

specific format. For more information, refer to SIEM Specific Instructions
section (sk122323).

Harmony Browse Administration Guide | 164

 Exporting Logs

Sending Security Reports

You can send weekly and monthly security report to all the administrators by email. The
security report contains a summary of events detected and prevented by Harmony Browse.

To send weekly and monthly security reports to all administrators by email:

1. Click Endpoint Settings > General Settings:
n To send weekly reports, toggle Send weekly security report by email to all
administrators to ON.
n To send monthly reports, toggle Send monthly security report by email to all
administrators to ON.

Harmony Browse Administration Guide | 165

 Exporting Logs

Reports Center
The Reports Center provides you with the insights of the security analysis detected by the
endpoint. These reports can be generated and scheduled.

Generate Report
To view predefined reports, navigate to Endpoint Settings > Reports Center > Generate
Report.
You can download these reports in the pdf format:
n Security Checkup - A comprehensive report on security events.
n Threat Extraction - Shows the insights on the downloaded files.
n Check Point Cyber Security Report 2023 - Shows the insights to help your organization
stay secure.

To download a report:
1. Select the report and click Export Report.
The Export Report window appears.
2. In the Time Frame list, select Last day, Last 7 days, or Last 30 days.
3. Click Export.

Schedule Report
Schedule Report allows you to automatically generate reports at the specified date and time,
and email it to the specified recipients.

Notes:
n The report becomes effective 24 hours after you schedule it. For example, if you
schedule for a new report today for 02:00 PM, then it is enforced from the next day at
02:00 PM.
n This feature is not supported for Check Point Cyber Security Reports.
n For performance reasons, it is recommended to schedule reports to run in off-peak
hours. For example, during non-business hours.
n The default time zone for the schedule report is Coordinated Universal Time (UTC).
For example, to schedule the report at 1:00 AM EST, specify the time as 6:00 AM
(depending on Daylight Savings Time).

Harmony Browse Administration Guide | 166

 Exporting Logs

To schedule a report:
1. Navigate to Endpoint Settings > Reports Center > Schedule Report.
2. Click Add.
The Schedule Report window appears.
3. From the Name list, select the report.
4. From the Time Frame list, select the period for the report:
n Last day
n Last 7 days
n Last 30 days
5. From the Frequency list, select the frequency to generate the report:
n To generate the report everyday, select the day of the week.
n To generate the report weekly, select the day of the week.
n To generate the report every month, select the date.
6. In the Time field, specify the time for the system to generate the report and send it to the
recipients. By default, the time is in UTC. For example, if you want to generate the report
at 01.00 AM Eastern Standard Time (EST), you must specify the time as 06.00 AM UTC.
7. In the Recipients field, enter the recipients for the report.

8. Click Schedule.
The schedule is added to the table. The report becomes effective 24 hours after you
schedule it.

9. To edit a scheduled report, select the report in the table and click Edit.
10. To delete a scheduled report, select the report in the table and click Delete.

Harmony Browse Administration Guide | 167

 Exporting Logs

Uninstalling the Harmony Browse

Extension
For more information, see sk180608.

Harmony Browse Administration Guide | 168