Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Joe_Matthews
Participant

Endpoint on domain servers

anyone have experience running anti-malware, anti-bot, forensics and anti-ransomware and Threat emulation on domain servers like Active Directory, SQL server, terminal server, and file shares?  I am thinking file shares and terminal server might be fine.  Looking for any documentation or any feed back from anyone that has done this.  Any folders to exclude (other than what Microsoft recommends for SQL). 

0 Kudos
2 Replies
Kim_Moberg
Advisor

Joe,

I have only been using Microsoft recommendation when I should exclude files from being touched by the Endpoint Software.


Though I have had problems with how to exclude directories or files. Check Point did an upgrade of their documentation.. in their sk122706.

This guide will help you to exclude folder and and sub-folders and files

https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&eve... 


Will check which blades we use and get back to you.


Thanks

Kim

Best Regards
Kim
0 Kudos
Kim_Moberg
Advisor

Joe,

With Endpoint on servers, with the version E80.71.0232, we run the following blades.

Anti-Malware
Sandblast Forensics, Remidiation and Anti-Ransomware
Sandblast Agent Anti-bot
Sandblast Agent Treat Extraction and Emulation

We have in the first place disabled the firewall, because we not able to control the firewall rules like in the secure gateway. We had create one policy with all the needed open ports or create one policy per server.

It is something we will dig into in the near future if time allow us to do so 🙂

Thanks

Kim

Best Regards
Kim
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events