Push Operations

Push Operations are operations that the Endpoint Security Management Server pushes directly to client computers with no policy installation required.

These Push Operations are available:

Anti-Malware
- Scan for malware - Run an Anti-Malware scan on the computer or computers, based on the configured settings.
- Update malware signatures - Update malware signatures on the computer or computers, based on the configured settings.
- Temporarily restore files from quarantine - Temporarily restores files from quarantine on the computer or computers, based on the configured settings.
SandBlast Agent Forensics Remediation and Anti-Ransomware
- Analyze by URL - Manually trigger incident analysis. Enter a URL to inspect and, optionally, search for an incident related to the URL.
- Analyze by Process or File - Manually trigger incident analysis. Enter the full path to the file and, optionally, search for an incident related to the process or file.
Client Settings
- Shut down computer - Shut down the computer or computers based in the configured settings.
- Restart computer - Shut down the computer or computers based in the configured settings.
- Collect client logs - Collect logs from the computer or computers based in the configured settings. Logs are stores in a shared folder on the client computer.
- Repair client - Repair the Endpoint Security client installation. This requires a computer restart.

From Reporting tab > Push Operations you can:

In the top pane:

See all recent Push Operations activities, and their details. This includes: which objects were included in the operation, the status.
Create new, Abort (stop), and Remove Push Operations.
Click Configure Defaults to configure the default settings for a selected operation. These settings will apply each time you run Push Operations and do not configure different settings.

In the Endpoint List:

See the results of the operations on each endpoint.

You can also start Push Operations from everywhere in the SmartEndpoint where an object is shown. This includes reports in the Reporting tab and in the Users and Computers tab.

Starting Push Operations

To start Push Operations from an object in the SmartEndpoint:

Right-click an object (user or computer) and select a Software Blade, and then an operation.
Click Yes to confirm that you want to do the operation.
Optional: Click Advanced Settings to use settings that are not the default.

To start Push Operations from Reporting > Push Operations:

In Reporting > Push Operations, click Create new.
Select a Software Blade and an operation.
Click Next.
Select an OU, node, or computer to get the operation.
Click Next.
Configure the settings for the operation.
Click Next.
Click Finish.

Push Operations Settings

Click Configure Defaults to configure the default settings for a selected operation. These settings will apply each time you run Push Operations and do not configure different settings.

Select the operation to configure.

For each operation you can configure:

User Notification - Are users notified about the operation and can they cancel or postpone it. The options are:
- Execute operation immediately - Users cannot cancel or postpone it.
Optional: Select Inform user and click Configure to configure a notification message that users see and in how many minutes the operation will occur. If you do not select Inform user, the operation runs silently.
- Allow user to postpone or cancel operation - Users can cancel or postpone it. Click Configure to configure the notification message that users see and in how many minutes the operation will occur.
Scheduling - When does the operation occur. The options are:
- Execute operation immediately
- Schedule operation for - Enter a date and time when the operation will start.
Timeframe - The Endpoint Security Management Server will send the operation to clients for the selected number of hours.

For Anti-Malware Push Operations, see Anti-Malware Policy Actions for more information.