Hello guys,
we replaced our former endpoint protection solution on one Microsoft exchange server with Check Point Harmony. We are familiar with Endpoint Harmony and are using it for quite some time on clients as well as on windows servers.
We installed the following blades (E84.71):
- Compliance-Blade
- Anti-Malware-Blade
- Firewall- Application Control Blade
- Anti-Bot & URL-Filtering
- Forensic-Blade
- TE & Anti-Exploit Blade
I've got three questions:
- Our former security product had a specific plugin for ms exchange to monitor e-mails for malicious content or attachments. The only similar configuration to this is in the Anti-Malware Blade Policy > "Scan all files upon access -> Scan Mail Messages". Is this a usual use case or is this function more designed for clients, thus it is not designed to handle large amounts of e-mail traffic on ms exchange? I know that there is a MTA on check point gateways, but we want to have a second solution on the exchange itself as a backup.
- The forensic blade utilized approximately 20% CPU resources on our exchange server (Check Point Endpoint Security Recorder service). I only now this high utilization when this service is actually triggered by something and after some time the utilization is back at <1% again. However, this was not the case, so something must trigger this blade the whole time. Are there any recommendations for exclusions of specific directories or processes?
- Is there a log directory where we can find the trigger for the forensic monitoring process?
Thanks in advance.