- Products
- Learn
- Local User Groups
- Partners
- More
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
Join our TechTalk: Malware 2021 to Present Day
Building a Preventative Cyber Program
Be a CloudMate!
Check out our cloud security exclusive space!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi Experts,
Wanted to check if this is still valid in the latest version of our Endpoint Client (E80.70) ?
Is this true ?
Scenario.
Joe inserts an encrypted USB stick, then copies FINANCE.XLS to it. Then removes the stick, takes it home, opens the USB stick using the password to unlock the stick, and copies FINANCE.XLS on to his home computer.
Solution:
Assuming that the policy implies creating the log entries for the security events, the log entry will be created when Joe copies some file to the encrypted part of the stick on an ME-protected machine. Then every time Joe reconnects the stick to an ME-protected machine and opens the encrypted part (either automatically or by entering the password) the log entries are added regarding file operations done through the offline access tool on a machine without ME installed (if any).
So, for example, we'll see the following entries in the log:
...
Copy D:\Restricted\FINANCE.XLS to F:\FINANCE.XLS
...
Offline copy E:\FINANCE.XLS to C:\Users\Joe\AppData\Local\Temp\EPM45.tmp\FINANCE.XLS
...
yes, it's true, E80.70 has been deployed in my office and they are using the encrypted USB for the business files. You can define the file type according to your need, only business file type you have listed in the management will be encrypted and need password to access.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY