In This Section: |
The SandBlast Agent Forensics and Anti-Ransomware Software Blade monitors file operations, processes, and network activity for suspicious behavior. It also analyzes attacks detected by other client Software Blades or the Check Point gateway. It applies remediation to malicious files.
Anti-Ransomware constantly monitors files and processes for unusual activity. Before a Ransomware attack can encrypt files, Anti-Ransomware backs up your files to a safe location. After the attack is stopped, it deletes files involved in the attack and restores the original files from the backup location.
All details of attacks are organized in the Forensics Analysis Report.
For example, if SandBlast Agent Anti-Bot detects a malicious URL, it notifies Forensics through internal communication. Forensics starts a complete investigation and generates a Forensics Analysis Report.
You can also configure the Forensics Software Blade to analyze incidents that are detected by a third party Anti-Malware solution.
Configure the settings in the SandBlast Agent Forensics and Anti-Ransomware rule of in the SmartEndpoint Policy tab.
If Endpoint Security servers do not have internet connectivity, Forensics information is stored and sent for evaluation immediately when a server connects to the internet.