This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Gro_Tea
Contributor
‎2022-08-17 07:55 AM

Endpoint Security is blamed for every failure. How do I prove that it is not involved?

Hi all,

we recently moved to Harmony Endpoint and from the beginning every unusual behavoiur, every not starting service, every non working copy job is blamed to the big black box Endpoint Security. Then quickly the demand for uninstalling CPHE came up. Sometimes I did this and finally the error was solved but source was something completely different from Endpoint Security.

First I searched in the logs in the Infinity Portal /Harmony Endpoint, hoping to see anything regarding Check Point interfering with some other software, but ther was......NOTHING. In my thoughts, any action taken from CPHE (deleting files, stopping services, prevent network access,...) should be seen in the logs. So is it reliable enough to say, if there is nothing visible in the logs, the error you are complaining about ist not caused by CPHE?

Or do I have to pull advanced logs, send them to Check Point and investigate if there is any infuence on the errornous software?

Thank you 

Frank

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2022-08-17 11:08 AM

What are the precise nature of the failures you are talking about?
I assume detailed logs would be needed from a client to do more than speculate whether or not Harmony Endpoint is to blame.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2022-08-17 08:54 PM

This can be an unfortunate part about working in security and even just managing change in general...

Is the Desktop environment controlled by means of a SOE or similar, or are there other variables at play?

The information needed will depend on the scenario as PhoneBoy suggested, sometimes the answer might be in a Forensic Report other times you might need to supply a CPINFO and work through a problem with TAC.

 

CCSM R77/R80/ELITE
0 Kudos
Gro_Tea
Contributor
‎2022-08-23 04:41 AM
In response to Chris_Atkinson

For example we had problems with Veem. A Job ran for a long time and ended in errors. Collegue foud exceptions to be added and now job is running even longer, but finishes. But there is nothing to see in the logs. Collegue said, that file handling by e.g. anti ransomware touching it for a shadow copy can influence the behaviour of software. 

Or just scanning files may slow down software actions. 

 

And yes... its the unfortunate part...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events