This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chinmaya_Naik
Advisor
‎2020-02-12 11:19 PM

Checkpoint Endpoint Blades (User/Machine Based)

Its a Important part when we going to create a new virtual group during implementation to segregate the machine/user with different group.

But when you going to create a new virtual group then we able to see two option :

  1. Virtual Group (Used for Both User & Machine)
  2. Computer Group (Used Only for Machine)
 

Different blades group is use base in the following chart :

FDE – Machine Based
MEPP – User Based
One Check – User Based
Capsule Docs – User Based
Anti-Malware – User Based
Anti -Ransomware, Forensics and remediation – Machine Based
Anti-Bot – User Based
Threat Emulation and Threat Extraction – User Based
Compliance – User Based
URL Filtering – Machine Based
Firewall – User based
Access Zones – User Based
Application Control – User Based
Client Settings – User Based

As per my personal experience use “computer group” for machine based policy even you have a option to create "virtual group" for machine based.

 

Regards

@Chinmaya_Naik

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2020-02-13 09:19 AM

What's the logic here?
0 Kudos
Chinmaya_Naik
Advisor
‎2020-02-13 10:18 PM
In response to PhoneBoy

Hi @PhoneBoy 

Thanks for the update.

The login behind is :

As I was face a challenge  on multiple environment , when I create a Virtual Group instead of computer group and create a policy for Media encryption , Full disk encryption and Anti -Ransomware then policy is not applied on End machine its reflect the default policy only.

Regards

@Chinmaya_Naik 

0 Kudos
Norbert_Bohusch
Advisor
‎2020-02-13 11:33 PM

To correct things.

If you are applying a virtual group to a policy, then the content is only taken based on the blade type.

So user-based blades use the users in this group and machine-based blades use the machines in this virtual group.

 

If you want to apply machine-based groups to a user-based blade this can be forced using machine-groups.

There is no other way around to force machine-based blades to use users for rules.

Reason: Think of FDE encrypting/decrypting disk based on logged on user...

0 Kudos
PhoneBoy
Admin
Admin
‎2020-02-14 09:40 AM
In response to Norbert_Bohusch

Right and that makes total sense.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events