The first time this happened I just had a bit of a laugh. Subsequent times made me question the effectiveness of Checkpoint.
I have just done a fresh install of Windows on a Surface Pro. After the image was applied, I logged onto the device for the first time......and almost immediately I got a Checkpoint popup telling me that 18 files had been harmed by a ransomware attack and been quarantined. I clicked the link to show me that 18 files that had been quarantined.......only to find they all had names along the lines of 'checkpoint curriculum vitae-don'tdelete.pptx' or 'sandblast zero-day-funddon't-delete.txt'.
I am not the Checkpoint administrator in my organisation, so my understanding of Checkpoint is fairly limited, but I believe these are honeypot files placed on my C drive by Checkpoint? I don't know if this is an indicator of the quality of Checkpoint - they have created honeypot files so convincing that it managed to fool itself, or an indicator of the lack of quality of Checkpoint - it doesn't know the difference between a real ransomware infection and it's own honeypot files. Either way doesn't really fill me with a lot of confidence.
And on the subject of the honeypot files, we have had the odd user - admittedly only 1 or two - who have had gigabytes of these honeypot files placed in their user profiles. This causes major problems for users with roaming profiles!