https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35308#M869 <HTML><HEAD></HEAD><BODY><P>When the users malicious request blocked by endpoint blades(Anti-Bot,Antimalware,Threat extraction..),how can I quarantine this machine ? İs there any solution for this issue....</P><P></P><P>Thanks...</P></BODY></HTML> Tue, 13 Mar 2018 14:02:27 GMT Sukru_isik 2018-03-13T14:02:27Z https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35308#M869 <HTML><HEAD></HEAD><BODY><P>When the users malicious request blocked by endpoint blades(Anti-Bot,Antimalware,Threat extraction..),how can I quarantine this machine ? İs there any solution for this issue....</P><P></P><P>Thanks...</P></BODY></HTML> Tue, 13 Mar 2018 14:02:27 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35308#M869 Sukru_isik 2018-03-13T14:02:27Z https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35309#M870 <HTML><HEAD></HEAD><BODY><P>I assume you mean quarantine at the network level with your Check Point gateway.</P><P>See&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk33727" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk33727">Configuring EndPoint Quarantine Feature</A>&nbsp;</P></BODY></HTML> Tue, 13 Mar 2018 23:10:15 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35309#M870 PhoneBoy 2018-03-13T23:10:15Z https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35310#M871 <HTML><HEAD></HEAD><BODY><P>Not checkpoint gateway...</P><P>I have checkpoint Endpoint Policy Management Server with version R77.30.03 and endpoint security&nbsp; client agent with verison E80.80...</P><P>I want to this:</P><P>When client download a malicious file or click malicious links, this machine was restricted&nbsp; by endpoint policy management server.</P><P>Can I do this ??</P><P></P><P>thanks...</P></BODY></HTML> Fri, 16 Mar 2018 08:18:05 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35310#M871 Sukru_isik 2018-03-16T08:18:05Z https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35311#M872 <HTML><HEAD></HEAD><BODY><P>Yes, you can do this on the Endpoint as well.</P><P><A href="http://downloads.checkpoint.com/dc/download.htm?ID=53788">From the docs</A>:</P><P></P><BLOCKQUOTE class="jive_macro_quote jive-quote jive_text_macro"><P>Endpoint Security can enforce policy rules on computers and users based on their connection and compliance state. When you create a policy rule, you can select the state or states during which this policy is enforced. By default, policies apply when the client is Connected.</P><P></P><P>States are not applicable for all blades. For example, Full Disk Encryption rules always apply and cannot change based on state. The option to create rules based on state only shows for applicable blades. If there is no applicable rule for the Disconnected or Restricted states, the Connected policy applies.</P><UL><LI>The <STRONG>Connected</STRONG> state policy is enforced when a compliant endpoint computer connects to the Endpoint Security Management Server.</LI><LI>The Disconnected state policy is enforced when an endpoint computer is not connected to the Endpoint Security Management Server. For example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources.</LI><LI>The <STRONG>Restricted</STRONG> state policy is enforced when an endpoint computer is not in compliance with the enterprise security requirements. Its compliance state is moved to Restricted. In the Restricted state, you usually choose to prevent users from accessing some, if not all, network resources. You can configure restricted state policies for these blades:<UL><LI>Media Encryption &amp; Port Protection</LI><LI>Firewall</LI><LI>Access Zones</LI><LI>Application Control</LI></UL></LI></UL></BLOCKQUOTE></BODY></HTML> Fri, 16 Mar 2018 14:49:23 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/35311#M872 PhoneBoy 2018-03-16T14:49:23Z https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/85164#M2327 <P>Forensics blade has option called "Machine Quarantine " (image attached).</P> <P>Every blade which could trigger a Forensic report could initiate a Restricted state.</P> <DIV id="tinyMceEditorMaksym_Sofer_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P>&nbsp;</P> Thu, 14 May 2020 07:49:02 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-machine-quarantine/m-p/85164#M2327 Maksym_Sofer 2020-05-14T07:49:02Z