Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Sukru_isik
Contributor

Endpoint machine quarantine

When the users malicious request blocked by endpoint blades(Anti-Bot,Antimalware,Threat extraction..),how can I quarantine this machine ? İs there any solution for this issue....

Thanks...

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

I assume you mean quarantine at the network level with your Check Point gateway.

See Configuring EndPoint Quarantine Feature 

0 Kudos
Sukru_isik
Contributor

Not checkpoint gateway...

I have checkpoint Endpoint Policy Management Server with version R77.30.03 and endpoint security  client agent with verison E80.80...

I want to this:

When client download a malicious file or click malicious links, this machine was restricted  by endpoint policy management server.

Can I do this ??

thanks...

0 Kudos
PhoneBoy
Admin
Admin

Yes, you can do this on the Endpoint as well.

From the docs:

Endpoint Security can enforce policy rules on computers and users based on their connection and compliance state. When you create a policy rule, you can select the state or states during which this policy is enforced. By default, policies apply when the client is Connected.

States are not applicable for all blades. For example, Full Disk Encryption rules always apply and cannot change based on state. The option to create rules based on state only shows for applicable blades. If there is no applicable rule for the Disconnected or Restricted states, the Connected policy applies.

  • The Connected state policy is enforced when a compliant endpoint computer connects to the Endpoint Security Management Server.
  • The Disconnected state policy is enforced when an endpoint computer is not connected to the Endpoint Security Management Server. For example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources.
  • The Restricted state policy is enforced when an endpoint computer is not in compliance with the enterprise security requirements. Its compliance state is moved to Restricted. In the Restricted state, you usually choose to prevent users from accessing some, if not all, network resources. You can configure restricted state policies for these blades:
    • Media Encryption & Port Protection
    • Firewall
    • Access Zones
    • Application Control
0 Kudos
Maksym_Sofer
Employee Alumnus
Employee Alumnus

Forensics blade has option called "Machine Quarantine " (image attached).

Every blade which could trigger a Forensic report could initiate a Restricted state.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events