Anti-Ransomware, Behavioral Guard, and Forensics

Anti-Ransomware, Behavioral Guard, and Forensics monitor file operations, processes, and network activity to identify malicious behavior.

If a ransomware attack occurs, you can restore your original files and delete encrypted files created by the attack. Your administrator might do this automatically. The best practice is to speak with your technical support before you do the Anti-Ransomware Restoration procedure.

Behavioral Guard monitors all attack types and can be configured to automatically or manually remediate attacks.

Forensics analyzes attacks detected by the client, the Check Point Security Gateway and some third-party security products.

In the Endpoint Security Main Page, you can see a list of incidents that Forensics has analyzed and click the incident to get more information.

Options

From the Endpoint Security Main Page, click Anti-Ransomware, Behavioral Guard, and Forensics to see details.

The status is shown to the right of the feature name:

• On - Function is correct.

• Off - Disabled by the policy.

• Initializing - In startup mode.

• Warning - Low disk space.

• Error - Very low disk space (stops sensors recording).

More information available:

• Policy Details - The enforced policy.

• Current Status - Data about the monitoring process

  • Monitor Duration - The period included in the saved data.

• Analyzed cases - A list of the incidents that the feature has examined that includes the ID, Source, Type, Description, and Date.

From the Analyzed cases list:

• Click the Incident ID to open a Forensics Analysis Report.

• Right-click an incident to delete it.

• Click Restore Files to restore files after a Ransomware attack. This might not be necessary if your administrator restored the files automatically.