Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
degrotef
Contributor

Endpoint Security is blamed for every failure. How do I prove that it is not involved?

Hi all,

we recently moved to Harmony Endpoint and from the beginning every unusual behavoiur, every not starting service, every non working copy job is blamed to the big black box Endpoint Security. Then quickly the demand for uninstalling CPHE came up. Sometimes I did this and finally the error was solved but source was something completely different from Endpoint Security.

First I searched in the logs in the Infinity Portal /Harmony Endpoint, hoping to see anything regarding Check Point interfering with some other software, but ther was......NOTHING. In my thoughts, any action taken from CPHE (deleting files, stopping services, prevent network access,...) should be seen in the logs. So is it reliable enough to say, if there is nothing visible in the logs, the error you are complaining about ist not caused by CPHE?

Or do I have to pull advanced logs, send them to Check Point and investigate if there is any infuence on the errornous software?

Thank you 

Frank

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What are the precise nature of the failures you are talking about?
I assume detailed logs would be needed from a client to do more than speculate whether or not Harmony Endpoint is to blame.

0 Kudos
Chris_Atkinson
Employee
Employee

This can be an unfortunate part about working in security and even just managing change in general...

Is the Desktop environment controlled by means of a SOE or similar, or are there other variables at play?

The information needed will depend on the scenario as PhoneBoy suggested, sometimes the answer might be in a Forensic Report other times you might need to supply a CPINFO and work through a problem with TAC.

 

0 Kudos
degrotef
Contributor

For example we had problems with Veem. A Job ran for a long time and ended in errors. Collegue foud exceptions to be added and now job is running even longer, but finishes. But there is nothing to see in the logs. Collegue said, that file handling by e.g. anti ransomware touching it for a shadow copy can influence the behaviour of software. 

Or just scanning files may slow down software actions. 

 

And yes... its the unfortunate part...

0 Kudos