Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
64Bit
Contributor

Accessing Quarantined Files

Files don't seem to be handled as they should in the SandBlast Agent Anti-Ransomware, Behavioral Guard and Forensics Blade, Default Quarantine File Policy

DefaultfileQuarantineSettings.jpg

 

  • Users are still allowed to restore items from quarantine even though we have this unticked.
  • Files are not copied to central location. (share permissions are set to most nonrestrictive)

We have used SandBlast Agent Remediation Manager for Administrators but can not see quarantined files on the central location or the users local quarantine folder.

 

All we really need is a away to identify a quarantine's file hash in order to add it to the exclusion list.

 

Any help would be very much appreciated.

 

 

 

0 Kudos
3 Replies
G_W_Albrecht
Champion
Champion

I would involve TAC here !

0 Kudos
64Bit
Contributor

Fair enough we don't have a direct support agreement with Check Point, so i'll get in contact with our CheckPoint partner.

Many thanks for your quick reply.

0 Kudos
toviab
Employee
Employee

Hi,

It seems that the client endpoint isn't getting the policy you set in the endpoint management. 
I would check in the client endpoint UI that the relevant policy was received (the policy version is the same in the UI and in the management).

For further investigation please contact TAC.

0 Kudos