1.1If there would be more predefined categories in Port Protection. For example, smartphones, digital cameras, etc.

1.2 it would be easier to handle the manulally created Devices when you could create manually groups for port protection. Currently you can only create groups for storage devices

 1.3 Also that you could only enable individual device categories in Bluetooth, such as Bluetooth is only enabled for Bluetooth headphones, and transferring files is not possible.

1.4 The Feature to disable the agent directly on the client would be good.  Maybe over a right click on the lock icon, with an option to disable the agent with a request to tipe in the configured uninstall password.

2.1 A difficulty, as others have already mentioned, that the Harmony's services often use all of the computer's resources, mostly CPU. Often it's either forensics or threat emulation that use a lot of the cpu consumption.  Most of the time we had to exclude many processes of the monitoring, after that the services from Harmony are using noticebaly less. But I dont think that is a solution for all time. In the last versions of the client its got better, examble with Windows Updates, but there still work to do.

2.2 Also, the Harmony often detects false/positives, leading to a long list of exclusions. Maybe can the Security-Engine better set up.

Hi BarYassure!

   I just became a Chck Point user after the new interface, so excuse me if you guys already exausted all questions about: 

*- When double clicking the Endpoint icon be able to choose what to see: Many times, I am interested into seeing what blades are installed by using the overview or the installed policies in the advanced options. VPN is my less used option, but I used it and is at hand with one right click on the icon.

*- When a compliance and posture alert happen, I would like to see the alert on its dashboard. I have never seen a thing in here. Always is needed to open all the logs and it's a little bit bothering.

drive:/ ProgramData / CheckPoint / DBStore / Events / index.html

*- In this folder where are all the events:

drive:/ ProgramData / CheckPoint / DBStore / Events / index.html

   the Index file takes forever to load! 

                              "Please wait while the report is being generated."  <--- stays waiting forever! I have to choose each event separately by surfing in the folders of each event.

*- In the infinity portal: There are some notices that appears over the right side of the screen when applying changes, OMG, please allows the whole little square to be a button and not only the "x" on the top corners. sometimes I am using a small screen and its stressing trying to hit that x.  Plus, in certain occasions you need to click in the same area to apply another change and it's not easy. 

 this picture is just an example of which "x" I am talking about. Not this particular screenshot. 

*- When is about blocking URLs in the URL Filtering in the Infinitum console for the Harmony client and when using a Check Point Firewall: I have not seen an option about how to is in the control of the URL, if the Endpoint Client or the Firewall. When unblocking or blocking site I have to do it in both places. Could be possible to improve this? no idea if this is feasible.

thanks! 

1. What is your most wanted feature / security capability?

  * Configuration reporting (Policy / Exclusions) in a readable format. There are regulatory requirements about this
    Even better would be reports that can be scheduled
 * Ability to turn off a protection component for a single client, for diagnostic purpose
  * Better integration between detection and exclusions. Now deciding which exclusions must be enabled in which module is an esoteric art form
  * Better documentation. Please go further than "these are the items in the interface" to "this is how they work"

2. What are the most urgent product improvements?

 * The client for server is, in my experience, quite instable and a real resource hog.
* Server exclusions, which you have released, would be great if we had a way to know what is excluded for which module

Agent Size

Hello,

1. What is your most wanted feature / security capability? 

• Kaspersky antivirus for servers offers a very interesting feature: the locking of processes and files running on the server. For a week or more, the server is in "detection" mode. All processes, in addition to the default Windows processes, all scripts, executed files, services, etc., are collected according to their signature. Once we've collected all this information on the server, we authorize everything that needs to be authorized (or that we wish to authorize) and block everything else. This approach greatly enhances server security, as anything that hasn't been previously authorized is automatically blocked, be it new applications, new scripts or modifications to an existing script. It goes without saying that the server must be considered secure from the outset. The disadvantage of this method is that the slightest modification, such as adding an application or modifying a script, requires the addition of its signature to the database. However, this approach offers a significant advantage in terms of performance, as fewer analyses need to be performed on added processes, since they are considered authorized. Activating and deactivating this mode is quick and easy, as is database management (retrieval of new signatures).
• MFA Azure directly integrated into the VPN client (without overly specific gateway configuration), and a redesign of the VPN client interface to bring it more into line with the EDR interface.
• Perhaps creating a dedicated server agent with its own blades and operation would be more appropriate?

1. What are the most urgent product improvements?

• Urgent optimization of resource utilization, whether on workstations or Windows servers. RAM and CPU usage is far too high. The forensics blade on more than 400 Windows servers was too greedy and random, several TAC cases and correction/configuration attempts with our local Check Point Team were unsuccessful, and the blade was uninstalled.
• Better separation of computer and server assets (Windows and Linux) in the reporting console.
• Easier management of devices to be authorized or prohibited.

Kind regards,

Gwendal

Hi 

our customer wants to be alerted about out of date clients. The provided alert functionality is more general and the possibility to customize the trigger points for the alerts is very limited.
Please allow cutomized trigger points for example:
- send an alert/report for all clients not connect for <x> days
- send an alert/report for all DAT files older than <x> days
- send an alert/report for all clients with no full scan in the last <x> days

Allow to choose a field out of the database and the timeframe for an alert.

Thank You

Thomas

As far as I know, the 'Reuse Password' function checks password hashes to see if the user is using a corporate password on a site outside the organization. It would also be interesting to check if the email they use to log in to a site outside the organization belongs to the corporation's domain, indicating the use of Shadow IT.