This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Saad_Nizam
Employee
Employee
‎2017-08-27 07:42 AM

MEPP Logs

Hi Experts,

Wanted to check if this is still valid in the latest version of our Endpoint Client (E80.70) ?

Is this true ?

Scenario.

Joe  inserts an encrypted USB stick, then copies FINANCE.XLS to it. Then removes the stick, takes it home, opens the USB stick using the password to unlock the stick, and copies FINANCE.XLS on to his home computer.

Solution:

Assuming that the policy implies creating the log entries for the security events, the log entry will be created when Joe copies some file to the encrypted part of the stick on an ME-protected machine. Then every time Joe reconnects the stick to an ME-protected machine and opens the encrypted part (either automatically or by entering the password) the log entries are added regarding file operations done through the offline access tool on a machine without ME installed (if any).

So, for example, we'll see the following entries in the log:
...
Copy D:\Restricted\FINANCE.XLS to F:\FINANCE.XLS
...
Offline copy E:\FINANCE.XLS to C:\Users\Joe\AppData\Local\Temp\EPM45.tmp\FINANCE.XLS
...

0 Kudos
1 Reply
Sagar_Manandhar
Advisor
‎2017-08-28 09:25 PM

yes, it's true, E80.70 has been deployed in my office and they are using the encrypted USB for the business files. You can define the file type according to your need, only business file type you have listed in the management will be encrypted and need password to access.

Related Topics
MEPP logs in Splunk