topic Re: USB scan in Endpoint

USB scan

gmesaris — Wed, 04 Dec 2024 09:07:07 GMT

Hello guys,

We observed that in Checkpoint AV, when an external USB drive gets connected to the relevant computer, checkpoint scans the device automatically, if any malicious files are found, it deletes them immediately causing the USB device to become inaccessible.

Is it possible to have some options, what we would like to do with the file? (e.g.: Remove, Quarantine, Keep) and if we choose to delete the USB needs to remain accessible for the entire session.

We have a cloud installation with Infinity portal.

Re: USB scan

G_W_Albrecht — Wed, 04 Dec 2024 14:17:59 GMT

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/Topics-HEP/Web-and-Files-Protection.htm?TocPath=Configuring%20Endpoint%20Policy%7CConfiguring%20the%20Threat%20Prevention%20Policy%7CWeb%20%26%20Files%20Protection%7C_____0#Files_Protection

Re: USB scan

gmesaris — Mon, 09 Dec 2024 08:54:33 GMT

Hello,

I have read this and did not answer my question.

What I am asking is that if it is possible to access the USB after the deletion of the suspicious files