Configuring Automatic Remediation

If there is a ransomware attack on ATMs, the administrator is unlikely to be able to restore files on the machines manually. This is because (by default) the Endpoint Security client for ATMs does not have a GUI forAnti-Ransomware Restoration. Also, it is not practical to give individual attention to many ATMs.

We recommend that you configure SmartEndpoint so that the Endpoint Security Clients for ATMs:

• Automatically restore files after a ransomware attack.

• Analyze incidents based on the Check Point recommended triggers, and apply remediation automatically.

To configure automatic file restoration and infection remediation:

1. In SmartEndpoint, click the Policy tab.

2. From the Forensics and Anti-Ransomware rule, right-click the Anti-Ransomware Backup Settings action and select Edit Shared Action.

3. Select Anti-Ransomware Automatic Restore and Remediate.

4. Click OK.

5. In the Forensics and Anti-Ransomware rule, hover over the Action with the icon.
   It has the tooltip Triggers and Automatic Response.

6. Select Automatically analyze and remediate infections.

7. Install the Policy.