Compliance

The Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. component of Endpoint Security makes sure that endpoint computers comply with security rules that you define for your organization. Computers that do not comply show as non-compliant and you can apply restrictive policies to them.

The Compliance component makes sure that:

• All assigned components are installed and running on the endpoint computer.

• Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. is running and that the engine and signature databases are up to date.

• Required operating system service packs and Windows Server updates are installed on the endpoint computer through WIndows Servers Update Services.

  Note - This is not supported through Windows Settings > Update & Security on your endpoint computer.

• Only authorized programs are installed and running on the endpoint computer.

• Required registry keys and values are present.

  Note - For macOS limitations, see sk110975.

If an object (for example an OU or user) in the organizational tree violates its assigned policy, its compliance state changes, and this affects the behavior of the endpoint computer:

• The compliant state is changed to non-compliant.

• The event is logged, and you can monitor the status of the computer and its users.

• Users receive warnings or messages that explain the problem and give a solution.

• Policy rules for restricted computers apply. See Connected, Disconnected and Restricted Rules.