Print Download PDF Send Feedback

Previous

Next

SandBlast Agent Anti-Ransomware, Behavioral Guard and Forensics

In This Section:

Overview of Forensics and Anti-Ransomware

Anti-Ransomware Files

Configuring Forensics and Anti-Ransomware Policy Rules

Integration with Third Party Anti-Virus Vendors

Manual Analysis with CLI

Manual Analysis with Push Operations

Forensics

SandBlast Agent Dynamic Updates

SandBlast Agent Use Case

Ransomware Use Case

Quarantine Management

Overview of Forensics and Anti-Ransomware

The SandBlast Agent Forensics and Anti-Ransomware Software Blade monitors file operations, processes, and network activity for suspicious behavior. It also analyzes attacks detected by other client Software Blades or the Check Point gateway. It applies remediation to malicious files.

Anti-Ransomware constantly monitors files and processes for unusual activity. Before a Ransomware attack can encrypt files, Anti-Ransomware backs up your files to a safe location. After the attack is stopped, it deletes files involved in the attack and restores the original files from the backup location.

All details of attacks are organized in the Forensics Analysis Report.

For example, if SandBlast Agent Anti-Bot detects a malicious URL, it notifies Forensics through internal communication. Forensics starts a complete investigation and generates a Forensics Analysis Report.

You can also configure the Forensics Software Blade to analyze incidents that are detected by a third party Anti-Malware solution.

Configure the settings in the SandBlast Agent Forensics and Anti-Ransomware rule of in the SmartEndpoint Policy tab.

If Endpoint Security servers do not have internet connectivity, Forensics information is stored and sent for evaluation immediately when a server connects to the internet.