Not checkpoint gateway...

I have checkpoint Endpoint Policy Management Server with version R77.30.03 and endpoint security  client agent with verison E80.80...

I want to this:

When client download a malicious file or click malicious links, this machine was restricted  by endpoint policy management server.

Can I do this ??

thanks...

Yes, you can do this on the Endpoint as well.

From the docs:

Endpoint Security can enforce policy rules on computers and users based on their connection and compliance state. When you create a policy rule, you can select the state or states during which this policy is enforced. By default, policies apply when the client is Connected.

States are not applicable for all blades. For example, Full Disk Encryption rules always apply and cannot change based on state. The option to create rules based on state only shows for applicable blades. If there is no applicable rule for the Disconnected or Restricted states, the Connected policy applies.

• The Connected state policy is enforced when a compliant endpoint computer connects to the Endpoint Security Management Server.
• The Disconnected state policy is enforced when an endpoint computer is not connected to the Endpoint Security Management Server. For example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources.
• The Restricted state policy is enforced when an endpoint computer is not in compliance with the enterprise security requirements. Its compliance state is moved to Restricted. In the Restricted state, you usually choose to prevent users from accessing some, if not all, network resources. You can configure restricted state policies for these blades:
  • Media Encryption & Port Protection
  • Firewall
  • Access Zones
  • Application Control

Forensics blade has option called "Machine Quarantine " (image attached).

Every blade which could trigger a Forensic report could initiate a Restricted state.