check integrity of SPP and SPS

after suspected activities (i think virus or malware or ransomware) in the network i need to know what check i can do in SPP and SPS to be sure that all the appliances are not been impacted.

is it possible to check if there are any dangerous files ?

Are there any best practice about it?

Are there any specific checks i can do it?

Are there any file that i can check if they are corrupted?

anything else i can do it to check all appliances (virtual and physical) and their total integrity?

many thanks!!!

and have a good holidays!

  • I think the key thing to remember here is that in the case of both SPP and SPS you are dealing with hardened appliances that are designed and built from the ground up with security in mind such as:

    You cannot install software on the appliances other than via a patch - this gives you security but also makes it impossible for you to install AV/Anti malware or install standard scanning tools.

    The virtual appliances are built on the same hardened platform as the physical appliances and use the same encryption techniques so the only difference is the hypervisor hosting the appliance.- You could therefore check the integrity of the hypervisor.

    Both SPP and SPS only respond on specific ports.

    Console access is severely restricted on both SPP and SPS.

    So I think it highly unlikely that any malware would be able to get anywhere near the O/S that they are built on or compromise the app itself. They are in effect "black box" solutions.

    If you require a formal statement around this my suggestion would be to raise a case with the support team who are better placed to help.


  • Hello Tim, thank you very much fot all the informations!

    so, since the appliances are sealed boxes, it is not possible to do any significant check on some specific file to check the integrity even if on SPP and SPS i can access regularly and i verified that there is everything, entitlements, ARP, users, accounts, assets and so on....Any configuration is present.

    (maybe just this is enough to be sure that nothing is corrupted on safeguard)

    Just to have a much more security, to be sure that there is no corrupted file or similar.

    so, thank you so much Tim and have a great new year!