Remediation & Response

The Endpoint Security File Remediation component applies Remediation to malicious files. When Endpoint Security components detect malicious files, they can quarantine those files automatically based on policy, and remediate them if necessary.

You can manually define the confidence level in which Remediation is performed: Always, High, Medium & High, or Never. The confidence level is how sure Endpoint Security is that a file is malicious. High confidence means that it is almost certain that a file is malicious. Medium confidence means that it is very likely that a file is malicious. The default value is Medium & High.

Advanced Remediation & Response Settings

File Quarantine

Define the settings for files that are quarantined. By default, items are kept in quarantine for 90 days and users can delete items from quarantine.

  • File quarantine - Select the confidence level in which Remediation is performed: Always High, Medium & High, Never. The default value is Medium & High.

  • Allow users to delete items from quarantine - When selected, users can permanently delete items from the quarantine file on their computers.

  • Allow users to restore items from quarantine - When selected, users can restore items from the quarantine file on their computers.

  • Copy quarantine files to central location -Enter a central location to which the quarantined files from the client computers are copied.

File Remediation

Define what happens to the components of an attack that is detected by Forensics. When files are quarantined, they are deleted and put in a secure location from which they can be restored, if necessary.

You can manually edit the treatment for each category of file: Malicious, Suspicious, or Unknown. For each category, you can select:

  • Quarantine - Files are deleted and put in a secure location from which they can be restored, if necessary.

  • Delete - Files are permanently deleted.

  • Backup -- Delete the file and create an accessible duplicate.

  • None -- No action is taken.

Trusted files s are those defined as trusted by the Check Point Reputation Service. The Remediation options for Trusted Files are:

  • Terminate - stop the suspicious process.

  • Ignore - Do not terminate processes. Activity is monitored.