Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lzm
Collaborator

Which are the types of custom push operations? Is there a guide for that?

Hello checkmates,

 

I was wondering which types of custom push operations we can use via SmartEndpoint. So far I've found sk169758 and sk171910 to isolate a host and kill a process respectively.

Is there a list of types we can check/use? I've found nothing so far on the admin guides.

Thanks!

6 Replies
the_rock
Legend
Legend

I had customer ask me this last year and I could not find it in any admin guide either. Never opened case with TAC about it, but thats because they said it was just a question, not really a requirement. If you really need this info, I would contact endpoint support, thats probably your best bet.

Igor_Moskowitz
Employee
Employee

Dear Lzm,

please review this part of the documentation, all push-operations we support at the moment are listed there:

https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/SandBlast-Agent-Admin-Guide/T...

 
  • Anti-Malware

    • Scan for malware - Run an Anti-Malware scan on the computer or computers, based on the configured settings.

    • Update malware signatures - Update malware signatures on the computer or computers, based on the configured settings.

    • Restore files from quarantine - Restores files from quarantine on the computer or computers, based on the configured settings.

  • Forensics and Remediation

    • Analyze by Indicator - Manually triggers collection of forensics data for an endpoint that accesses or executes the indicator. The indicator can be a URL, an IP, a path, a file name or an MD5.

    • File Remediation - quarantines malicious files and remediate them as necessary.

    • Isolate Computer - Makes it possible to isolate a specific device that is under malware attack and poses a risk of propagation. This action can be applied on one or more devices. The Firewall component must be installed on the client in order to perform isolation.
    • Release Computer - Remove device from isolation. This action can be applied on one or more devices.

  • Agent Settings
    • Shut down computer - Shut down the computer or computers based on the configured settings.

    • Restart computer - Restart the computer or computers based on the configured settings.

    • Collect client logs - Collect logs from the computer or computers based on the configured settings. Logs are stored in a shared folder on the client computer.

    • Repair client - Repair the Endpoint Security client installation. This requires a computer restart.

    • Deploy New Agents - You can install the Initial Client remotely without third party tools such as Microsoft System Center Configuration Manager (SCCM) or Intune. The Push Operation mechanism extends to devices that do not have the Initial Client installed yet.

    • Uninstall Client - Uninstall your Endpoint Security client remotely on the selected devices. This feature is supported for E84.30 client and above.

 

Best regards,
Igor

 

mosbah
Explorer

Hello
I have smartendpoint r81 but in push operation I don't have Deploy New Agents.
Thanks for help.

 

 

0 Kudos
Norbert_Bohusch
Advisor

I am not 100% sure, but I think some features are only available via Web-based management.

0 Kudos
desmond
Employee
Employee

Hey Igor,

 

Is this the only link of information CP has for Push Operations?

 

-Des

0 Kudos
Swiftyyyy
Advisor

Collect client logs - Collect logs from the computer or computers based on the configured settings. Logs are stored in a shared folder on the client computer.

A thing to point out here is that the operation in this form is (honestly) absolutely useless. But since R80.40 I believe you're able to instruct the client to push the logs to an FTP or SFTP server of your choice. Which is absolutely amazing.

Also I've never really been able to get the "Restore from Quarantine" push operation to work; a tad more in-depth guide towards using that might be nice. Usually just end up using the RemediationManagerUI installed on the EndPoint.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events