This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Saad_Nizam
Employee
Employee
‎2017-08-27 07:42 AM

MEPP Logs

Hi Experts,

Wanted to check if this is still valid in the latest version of our Endpoint Client (E80.70) ?

Is this true ?

Scenario.

Joe  inserts an encrypted USB stick, then copies FINANCE.XLS to it. Then removes the stick, takes it home, opens the USB stick using the password to unlock the stick, and copies FINANCE.XLS on to his home computer.

Solution:

Assuming that the policy implies creating the log entries for the security events, the log entry will be created when Joe copies some file to the encrypted part of the stick on an ME-protected machine. Then every time Joe reconnects the stick to an ME-protected machine and opens the encrypted part (either automatically or by entering the password) the log entries are added regarding file operations done through the offline access tool on a machine without ME installed (if any).

So, for example, we'll see the following entries in the log:
...
Copy D:\Restricted\FINANCE.XLS to F:\FINANCE.XLS
...
Offline copy E:\FINANCE.XLS to C:\Users\Joe\AppData\Local\Temp\EPM45.tmp\FINANCE.XLS
...

0 Kudos
1 Reply
Sagar_Manandhar
Advisor
‎2017-08-28 09:25 PM

yes, it's true, E80.70 has been deployed in my office and they are using the encrypted USB for the business files. You can define the file type according to your need, only business file type you have listed in the management will be encrypted and need password to access.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events