This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
kamaladmire1
Contributor
Contributor
‎2023-10-19 04:17 AM

Block Rclone executable

Hi All, 

I have a question below if someone can answer, 

 

how to block Rclone (software) executable in checkpoint?

customer having issues with Rclone and wanted to block however the problem is Rclone is command line executable and not an application that can simply block within application control? here is the link if the web https://rclone.org/

is there a way to create an email alert if service on AD is down so the admin can receive when AD is disconnected? customer using Identity Collector. 

Can access role have both username and machines identity for ID-Awareness and if username not work (AD being disconnected or down) will machine Identity still works?

 

Thansk 

 

0 Kudos
3 Replies
_Val_
Admin
Admin
‎2023-10-19 04:34 AM

When you say "Block Rclone executable", do you mean on an endpoint? Or do you want to block access to the website?

0 Kudos
kamaladmire1
Contributor
Contributor
‎2023-10-19 06:23 AM
In response to _Val_

Hi, 

want to block this on firewall level, the issue with this particular one is it access Rclone via repository so not easy to block Web site IP. 

0 Kudos
PhoneBoy
Admin
Admin
‎2023-10-19 01:59 PM

You're asking three different questions, only two of them are related to each other.

Your ability to block rclone on a network device depends entirely on what it accesses.
I would assume the app just calls the various APIs for AWS/Azure directly.
Which means: to block this app, you'd need to block access to these services.
However, that is just a guess and I recommend watching the various logs on the gateway to confirm what it does.

At this point, there is no monitoring mechanism for Identity Collector.
I believe this is planned, but if you have specific requirements, reach out to your local office with an RFE request.

An individual Access Role is an "and" for each of the configurable options (User Group, Machine, Network, RA Client).
You can create another access role that specifies Machine without the User Group.
However, some user must log onto the system for a machine identity to be acquired.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top