Appendix

Disabling the Anti-Malware Periodic Scan

"Anti-MalwareClosed A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. Scan Storms" can occur when anti-virus scans run at the same time on multiple virtual machines on the same physical server.

A degradation of system performance is possible that can affect disk I/O and CPU usage.

We recommend that you disable the Anti-Malware periodic scan in one of these ways:

  1. Go to the Policy Page.

  2. In the right pane, click Web & Files Protection.

  3. In the Perform periodic scan every field, select Never.

  4. Click Save.

  5. Install policy.

  1. In the Select action field, select Perform periodic anti-malware can every month.

  2. Clear the "Perform Periodic Scan option.

  3. Install policy.

  1. Connect with the Database Tool (GuiDBEdit Tool) (sk13009) to the Endpoint Security Management ServerClosed A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data..

  2. Configure the value false for the attribute enable_schedular_scan.

  3. In SmartEndpointClosed A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies., install policy.

  1. In Windows Registry, configure the value 0x0b for the AVSchedOf key:

    • On 64-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\CheckPoint\EndPoint Security\Anti-Malware\AVSchedOf=(DWORD)0x0b

    • On 32-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\EndPoint Security\Anti-Malware\AVSchedOf=(DWORD)0x0b

  2. Restart the machine to restore Self-Protection.

    Use the ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration. Software BladeClosed Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. to change the registry. See sk132932.

Advanced Settings Non-Persistent Desktops

This section shows how to configure clients manually for the Non-Persistent VDI solution in the Signature Server and Signature Server Consumers roles.

Use this approach if the "Policy Approach" is not available.

Configuring the Shared Signatures Server

You can configure the Signature Server manually or with a script.

Create a Shared Folder

  1. Create a folder to store the shared signatures.

  2. Share the folder and grant read access to members of the Domain Computers' group.

Note - On Workgroup machines, the "SYSTEM" account does not have network login rights. This configuration is not supported.

Configure the Windows Registry Keys

  1. Configure the value 0x01 for the key VdiSignatureServer (to configure the machine as "Shared Signatures Server"):

    • On 64-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security\Anti-Malware\VdiSignatureServer=(DWORD)0x01

    • On 32-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\Endpoint Security\Anti-Malware\VdiSignatureServer=(DWORD)0x01

  2. Configure the path to the shared signatures folder in the key AVSharedBases:

    • On 64-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security\Anti-Malware\AVSharedBases=(SZ)"DISK:\\Path\\To\\Shared\\Folder"

    • On 32-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\Endpoint Security\Anti-Malware\AVSharedBases=(SZ)"DISK:\\Path\\To\\Shared\\Folder"

    Notes:

    • If you do not configure the path, then the default shared folder is:

      C:\ProgramData\CheckPoint\Endpoint Security\Anti-Malware\bases\shared

    • The default shared folder exists after the first successful update.

  3. Reboot the machine to restart the Anti-Malware blade.

  1. Download the Shared Signatures Server Configuration script file.

  2. Execute the script on the Signature Server and follow the instructions.

  3. Make sure the script finishes successfully.

  4. Make sure you reboot the machine to restart the Anti-Malware blade.

Configuring the Client Machine

You can configure the Client Machine (the Golden Image) manually or with a script.

  1. Disable the Anti-Malware Periodic Scan. See the instructions above.

  2. In Windows Registry, configure the value 0x01 for the key AVBasesScheme (to enable the "Shared Signatures" scheme):

    • On 64-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security\Anti-Malware\AVBasesScheme=(DWORD)0x01

    • On 32-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\Endpoint Security\Anti-Malware\AVBasesScheme=(DWORD)0x01

  3. In Windows Registry, configure the path to the shared signatures folder in the key AVSharedBases:

    • On 64-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\CheckPoint\Endpoint Security\Anti-Malware\AVSharedBases=(SZ)"\\Server\FolderWithSharedSignatures"

    • On 32-bit operating system:

      HKEY_LOCAL_MACHINE\SOFTWARE\CheckPoint\Endpoint Security\Anti-Malware\AVSharedBases=(SZ)"\\Server\FolderWithSharedSignatures"

    Notes:

    • If you do not configure the path, then the default shared folder is:

      C:\ProgramData\CheckPoint\EndpointSecurity\Anti-Malware\bases\shared

    • The default shared folder exists after the first successful update.

  4. Reboot the machine or restart the Anti-Malware process.

  1. Download the Golden Image Configuration script file.

  2. Execute the script on the Golden Image and follow the instructions.

  3. Make sure the machine is rebooted.