Configuring Posture Assessment Settings

Configuring Posture Assessment Settings

Endpoint Security periodically scans endpoints against the list of applications specified on the signature server and detects vulnerable CVEs in applications.

00:00: Endpoint Security can scan and detect CVEs on endpoints. This video shows how to automatically apply patch updates for detected CVEs.

00:09: Log in to the Check Point Portal. Access the Endpoint Security Administrator Portal and then go to "Policy" and "Access and Compliance" and then click "Compliance and Posture".

00:20: Make sure Enable Vulnerability assessment is enabled and a scan is performed either manually or automatically.

00:28: Select "Enable patch updates" and click "Advanced Settings".

00:32: Select "Enable automated patch management".

00:35: Fill in the required information such as "patch update time", "applications" and "severities" and so on and click "OK".

00:42: Click Save and Install.

00:45: As a final step, review the changes and click "Install".

To configure the Posture Assessment Settings:

  1. Go to Policy > Access & Compliance.
  2. In the Capabilities & Exclusions pane on the right, click the Compliance & Posture tab.
  3. Scroll down to Posture Assessment Settings.
  4. Select the Enable Vulnerability assessment checkbox.
  5. Select the scan type:
    1. To manually start the scan, click Manual.
      Note:

      To start the scan for the first time:

      1. Go to Asset Management > Computers.

      2. Select the devices for which to run the scan.

      3. Right-click and select Vulnerabilities > Scan Now.

      Subsequent manual scans can be started by clicking Scan Now in Asset Management > Posture Management or by using the Run Diagnostics push operation.

    2. To automatically start the scan, click Automated and specify the Interval (Weekly or Monthly), at (time) and every (frequency in days).
  6. Under Update server type, select the signature server:
    1. External Check Point Signature Server
    2. Other External Source

      Under Path, enter the URL of the external source.

  7. To enforce the patch updates and reboot the endpoint immediately, select the Enable patch updates & reboot enforcement checkbox. To apply the patch manually, see xref href="../posture-management-new/applying-the-patch-for-cves.dita".
    1. To allow users to postpone patch updates, specify Max user delay in patch update and Force patch update after in hours or days.
  8. To enforce the patch updates, select the Enable patch updates checkbox:
    Note:

    To apply the patch manually, see xref href="../posture-management-new/applying-the-patch-for-cves.dita".

    • To allow users to postpone patch updates, select the Enable patch updates & reboot enforcement checkbox and specify Max user delay in patch update and Force patch update after in hours or days.

    • To enable automatic patch updates, click Advanced Settings and select the Enable automated patch management checkbox:

      Note:

      This is supported only with Endpoint Security Client version E88.20 and higher.

      1. To specify the interval for patch updates, from the Set automated patch on list, select Interval, Weekly or Monthly and specify the interval.

      2. In the Applications section, specify the application to which to apply the patch and select:

        • All applications

        • Select specific applications. Search and select one or more applications.

      3. In the Severities section, specify the severities to which to apply the patch and select:

        • All Severities

        • Select specific severity. Search and select one or more severities.

      4. To exclude an application from applying the patch, in the Exclude applications section, search and select one or more applications.

  9. Click Save.
  10. At the top, click Install Policy.

After Posture Assessment settings are enabled and the policy is installed, the detected CVE and its CVSS score are visible in Viewing Endpoint Posture.