This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
64Bit
Contributor
‎2020-09-17 05:55 AM
Jump to solution

Blade Actions Hierarchy

Do the actions in Entire Organisation filter through to other rules?

For example, will the exclusions set in 'Anti-Malware > Scan all files upon access' set for the Entire organisation be applied to the groups within other Anti-Malware rules.

BladeActionsHierarchy.jpg

To create a new action the previous shared action has to be cloned. If the actions from Entire organisation are passed down, should we then manually remove each cloned action? 

 

0 Kudos
1 Solution

Accepted Solutions
Oren_Shalgi
Employee Alumnus
Employee Alumnus
‎2020-09-29 02:25 AM
In response to PhoneBoy
Jump to solution

Hi,

 

Endpoint policy follows a first-match concept, with Entire Organization being the last one that is being matched.

In SmartEndpoint we have the shared action concept so you can re-use the same action and its settings on different rules.

You have indication of the name in bold when the action on that rule is different than the one for Entire Organization.

In the example above the setting that will enforced on group CAD are those that are defined in "Scan all files upon access CAD". If you make changes to "Scan all files upon access" you should do the same changes on "Scan all files upon access CAD" for them to apply, or change the action on that rule to "Scan all files upon access".

Hope it is clearer.

 

Oren.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin
‎2020-09-20 10:12 PM
Jump to solution

I believe only the most specific rule applies, but @Oren_Shalgi can probably confirm. 

0 Kudos
Oren_Shalgi
Employee Alumnus
Employee Alumnus
‎2020-09-29 02:25 AM
In response to PhoneBoy
Jump to solution

Hi,

 

Endpoint policy follows a first-match concept, with Entire Organization being the last one that is being matched.

In SmartEndpoint we have the shared action concept so you can re-use the same action and its settings on different rules.

You have indication of the name in bold when the action on that rule is different than the one for Entire Organization.

In the example above the setting that will enforced on group CAD are those that are defined in "Scan all files upon access CAD". If you make changes to "Scan all files upon access" you should do the same changes on "Scan all files upon access CAD" for them to apply, or change the action on that rule to "Scan all files upon access".

Hope it is clearer.

 

Oren.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events