Manual Analysis with CLI

You can configure the Forensics Software Blade to analyze incidents that are detected by a third party Anti-Malware solution. To use this, after an incident is triggered you can run analysis manually on the client computer or use a dedicated tool.

To run analysis manually on a client computer with CLI:

Use the command:
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe <Type>:<Malicious resource> [options]

Parameter	Description
<Type>	The type of <malicious>: URL, File, MD5, IP [Mandatory]
<Malicious>	The resource description (for example URL). [Mandatory] Note - File description can be full path or just file name.
-r, -remediation	Remediate malicious, suspicious, unknown processes based on policy configuration. [Optional]
-q, -quarantine	Enter the machine to restricted mode based on policy configuration. [Optional]
-id {GUID}	Set ID to incident. The format of the id is GUID. [Optional]
-b, -backup {Directory}	Backup Forensics Database to local file. [Optional]
-h, -help	Open help manual. [Optional]

Examples:

1. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe file:c:\test\test.doc url:www.test.com -r
2. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe file:test.doc -r -q
3. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe ip:170.12.1.180 file:test.doc
4. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe HYPERLINK "url:www.Malicious.com" md5:10010010010010010010010010010010 -q -b c:\ backupToFile.txt
5. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe -b c:\backupToFile.txt

Notes:

1. All combination between optional parameters are allowed, the order is not important.
2. Backup option does not require Mandatory parameters (example 5).