This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Luiz_
Collaborator
‎2021-04-06 10:00 AM

Which are the types of custom push operations? Is there a guide for that?

Hello checkmates,

 

I was wondering which types of custom push operations we can use via SmartEndpoint. So far I've found sk169758 and sk171910 to isolate a host and kill a process respectively.

Is there a list of types we can check/use? I've found nothing so far on the admin guides.

Thanks!

6 Replies
the_rock
MVP Platinum
MVP Platinum
‎2021-04-06 04:03 PM

I had customer ask me this last year and I could not find it in any admin guide either. Never opened case with TAC about it, but thats because they said it was just a question, not really a requirement. If you really need this info, I would contact endpoint support, thats probably your best bet.

Best,
Andy
Igor_Moskowitz
Employee
Employee
‎2021-04-12 12:40 AM
In response to the_rock

Dear Lzm,

please review this part of the documentation, all push-operations we support at the moment are listed there:

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SandBlast-Agent-Admin-Guide/T...

 

  • Anti-Malware

    • Scan for malware - Run an Anti-Malware scan on the computer or computers, based on the configured settings.

    • Update malware signatures - Update malware signatures on the computer or computers, based on the configured settings.

    • Restore files from quarantine - Restores files from quarantine on the computer or computers, based on the configured settings.

  • Forensics and Remediation

    • Analyze by Indicator - Manually triggers collection of forensics data for an endpoint that accesses or executes the indicator. The indicator can be a URL, an IP, a path, a file name or an MD5.

    • File Remediation - quarantines malicious files and remediate them as necessary.

    • Isolate Computer - Makes it possible to isolate a specific device that is under malware attack and poses a risk of propagation. This action can be applied on one or more devices. The Firewall component must be installed on the client in order to perform isolation.

    • Release Computer - Remove device from isolation. This action can be applied on one or more devices.

  • Agent Settings

    • Shut down computer - Shut down the computer or computers based on the configured settings.

    • Restart computer - Restart the computer or computers based on the configured settings.

    • Collect client logs - Collect logs from the computer or computers based on the configured settings. Logs are stored in a shared folder on the client computer.

    • Repair client - Repair the Endpoint Security client installation. This requires a computer restart.

    • Deploy New Agents - You can install the Initial Client remotely without third party tools such as Microsoft System Center Configuration Manager (SCCM) or Intune. The Push Operation mechanism extends to devices that do not have the Initial Client installed yet.

    • Uninstall Client - Uninstall your Endpoint Security client remotely on the selected devices. This feature is supported for E84.30 client and above.

 

Best regards,
Igor

 

mosbah
Explorer
‎2021-10-21 02:09 AM
In response to Igor_Moskowitz

Hello
I have smartendpoint r81 but in push operation I don't have Deploy New Agents.
Thanks for help.

 

 

Preview file
34 KB
0 Kudos
Norbert_Bohusch
Advisor
‎2021-10-22 04:50 AM
In response to mosbah

I am not 100% sure, but I think some features are only available via Web-based management.

0 Kudos
desmond
Employee Alumnus
Employee Alumnus
‎2021-12-08 08:20 AM
In response to Igor_Moskowitz

Hey Igor,

 

Is this the only link of information CP has for Push Operations?

 

-Des

0 Kudos
Swiftyyyy
Advisor
‎2021-12-08 10:31 AM
In response to Igor_Moskowitz

Collect client logs - Collect logs from the computer or computers based on the configured settings. Logs are stored in a shared folder on the client computer.

A thing to point out here is that the operation in this form is (honestly) absolutely useless. But since R80.40 I believe you're able to instruct the client to push the logs to an FTP or SFTP server of your choice. Which is absolutely amazing.

Also I've never really been able to get the "Restore from Quarantine" push operation to work; a tad more in-depth guide towards using that might be nice. Usually just end up using the RemediationManagerUI installed on the EndPoint.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events