This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
vinceneil666
Advisor
‎2021-05-21 01:53 AM
Jump to solution

Sandblast Agent (Harmony Endpoint), Virtual groups.

Yo,

So I operate quite large number of clients, and have them all divided into virtual groups relating to whoe get which policy and so on..

As an example I have a "General servers", "Special Servers", "Laptops".. etc . etc. I have also created a "Troubleshoot" virt group where I want to place clients as I see the need...

So, lets say I have 40 machines in the "General Servers" virt group, the policy for these are located all they way down below all the other policies attached to other virt groups ( I dont know if this actually means anything ? the numbering/priority? )

I have mye "Troubleshoot" group all the way at the top.

My Troubleshoot group has pretty much everything turned off, and the "General servers" have a lot turned on.

If I add a machine, that still is member of the "General Servers" group to the "Troublshoot" group in addition ? .. what is the expected outcome ? -- will the "Troubleshoot" group take some kind of presedence and remove all functionality - even though there is another policy further "down" the road ? 

Hope i explained myself ok ? 😄 

0 Kudos
1 Solution

Accepted Solutions
Igor_Moskowitz
Employee
Employee
‎2021-05-21 03:06 AM
Jump to solution

Hi vinceneil666,

you explained it very well 🙂 and this it how it works. The policy is run from top to bottom and the logic is first match. So the rule above will always be enforced You can also see it directly on the client. The rule name and version nr. to check it:

policy rules.png

Regards,
Igor

View solution in original post

0 Kudos
3 Replies
Igor_Moskowitz
Employee
Employee
‎2021-05-21 03:06 AM
Jump to solution

Hi vinceneil666,

you explained it very well 🙂 and this it how it works. The policy is run from top to bottom and the logic is first match. So the rule above will always be enforced You can also see it directly on the client. The rule name and version nr. to check it:

policy rules.png

Regards,
Igor

0 Kudos
vinceneil666
Advisor
‎2021-05-21 03:08 AM
In response to Igor_Moskowitz
Jump to solution

Okay 🙂 , because I have tried this - and from my point of view it does not look like the functionality is getting removed at all. I will have to go back and double check this then.

 

0 Kudos
Igor_Moskowitz
Employee
Employee
‎2021-05-21 03:20 AM
In response to vinceneil666
Jump to solution

If you want the security-blades to be removed as well, you need to configure it in the deployment-policy for this virtual-group.

So if you for example want to remove Anti-Malware-Blade completely you need to configure a proper deployment-policy.

It´s always:


1. Check Deployment Policy -> which Blades should be installed for this machine/group and install or uninstall Blades
2. Enforce the configured Policy for the installed Blades

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top