Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
charcris
Participant

SmartEndpoint Push Operation

 

Good morning

I have some questions about push operations.

I was testing a bit, but could not find much information about these operations.

My endpoint server is R80.30 and security enpoints are E82.30


1.- Push operation Sanblast Agent Anti-ransomware, behavioral Guard and forensics.

With these operations, can I create incident reports on any URL, process or computer file?

Pushoperation Sanblast.png

 i try to collect event of www.youtube , but i cant find any log , i have activate (sanblast,antibot-antimalware,plugin of  chrome,etc).

push operation url filtering.png

 

1.1.- so the question is  I can create incident reports of any URL?

 i try too analyze by proces and file and said thats work , but I looked at the endpoint and smartevent but I could not find the report.

 

file prcoes.png

1.2.- where is the report  save?
I looked at the endpoint and smartevent but I cant find the report

 


Also for file remediation I get an error and I could not quarantine or restore files.

 

file cuarentine.png

1.3.- How can I move a file to quarantine or get it out of there, using push operation forensicts (sandblast agent anti-ransomware, forensic, etc)?

i try with the push operation of antimalware and works ,but not with the push operation forensicts (sandblast agent anti-ransomware, forensic, etc).

 


2.- Client settings

What is the utility of Collect client logs?
When I opened a case it asked me for a cpinfo, I asked if it could execute with the push operation collect client  logs  , but he said  me  not, please  do it manually and with detail level extended, it is not the same ?.

collect logs.png

 


According to logs collected will be located in a shared folder on the computers

Search for the cpinfo on the computer, but it was located in  the cpinfo file(this file is not shared).

Is it possible to specify this? I understand that R80.40 is possible, but in R80.30 I can't find where to do this configuration.


2. 1.-Another thing is that this cpinfo, weighs less than the cpinfos made manually (through the agent), tried with extended and basic, but even the basic is heavier than the one made by the push operation,what is the difference ?.What is the utility of Collect client logs?

 

cpinfo.png

 

Sorry for my bad English, and thank you very much for your time and help.

0 Kudos
3 Replies
Roman_Zitzev
Employee Alumnus
Employee Alumnus

Hi

 

i send you a mail about this,

we will need cpinfo

 

ty

roman

0 Kudos
cpapagelou
Explorer

Hi i have the same questions
0 Kudos
desmond
Employee
Employee

Hi Roman,

Can you please send me information too?  My contact:

desmondb@checkpoint.com

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events