https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195688#M36474 <P>You're asking three different questions, only two of them are related to each other.</P> <P>Your ability to block rclone on a network device depends entirely on what it accesses.<BR />I would assume the app just calls the various APIs for AWS/Azure directly.<BR />Which means: to block this app, you'd need to block access to these services.<BR />However, that is just a guess and I recommend watching the various logs on the gateway to confirm what it does.</P> <P>At this point, there is no monitoring mechanism for Identity Collector.<BR />I believe this is planned, but if you have specific requirements, reach out to your local office with an RFE request.</P> <P>An individual Access Role is an "and" for each of the configurable options (User Group, Machine, Network, RA Client).<BR />You can create another access role that specifies Machine without the User Group.<BR />However, some user must log onto the system for a machine identity to be acquired.</P> Thu, 19 Oct 2023 21:00:32 GMT PhoneBoy 2023-10-19T21:00:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195610#M36444 <P>Hi All,&nbsp;</P><P>I have a question below if someone can answer,&nbsp;</P><P>&nbsp;</P><P>how to block Rclone (software) executable in checkpoint?</P><P>customer having issues with Rclone and wanted to block however the problem is Rclone is command line executable and not an application that can simply block within application control? here is the link if the web&nbsp;<A href="https://rclone.org/" target="_blank">https://rclone.org/</A></P><P>is there a way to create an email alert if service on AD is down so the admin can receive when AD is disconnected? customer using Identity Collector.&nbsp;</P><P>Can access role have both username and machines identity for ID-Awareness and if username not work (AD being disconnected or down) will machine Identity still works?</P><P>&nbsp;</P><P>Thansk&nbsp;</P><P>&nbsp;</P> Thu, 19 Oct 2023 11:17:51 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195610#M36444 kamaladmire1 2023-10-19T11:17:51Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195619#M36446 <P>When you say "Block Rclone executable", do you mean on an endpoint? Or do you want to block access to the website?</P> Thu, 19 Oct 2023 11:34:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195619#M36446 _Val_ 2023-10-19T11:34:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195635#M36452 <P>Hi,&nbsp;</P><P>want to block this on firewall level, the issue with this particular one is it access Rclone via repository so not easy to block Web site IP.&nbsp;</P> Thu, 19 Oct 2023 13:23:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195635#M36452 kamaladmire1 2023-10-19T13:23:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195688#M36474 <P>You're asking three different questions, only two of them are related to each other.</P> <P>Your ability to block rclone on a network device depends entirely on what it accesses.<BR />I would assume the app just calls the various APIs for AWS/Azure directly.<BR />Which means: to block this app, you'd need to block access to these services.<BR />However, that is just a guess and I recommend watching the various logs on the gateway to confirm what it does.</P> <P>At this point, there is no monitoring mechanism for Identity Collector.<BR />I believe this is planned, but if you have specific requirements, reach out to your local office with an RFE request.</P> <P>An individual Access Role is an "and" for each of the configurable options (User Group, Machine, Network, RA Client).<BR />You can create another access role that specifies Machine without the User Group.<BR />However, some user must log onto the system for a machine identity to be acquired.</P> Thu, 19 Oct 2023 21:00:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Block-Rclone-executable/m-p/195688#M36474 PhoneBoy 2023-10-19T21:00:32Z