Print Download PDF Send Feedback

Previous

Next

Manual Analysis with CLI

You can configure the Forensics blade to analyze incidents that are detected by a third party Anti-Malware solution. To use this, after an incident is triggered you can run analysis manually on the client computer or use a dedicated tool.

To run analysis manually on a client computer with CLI:

Use the command:
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe <Type>:<Malicious resource> [options]

Parameter

Description

<Type>

The type of <malicious>: URL, File, MD5, IP [Mandatory]

<Malicious>

The resource description (for example URL). [Mandatory]
Note - File description can be full path or just file name.

-r, -remediation

Remediate malicious, suspicious, unknown processes based on policy configuration. [Optional]

-q, -quarantine

Enter the machine to restricted mode based on policy configuration. [Optional]

-id {GUID}

Set ID to incident. The format of the id is GUID. [Optional]

-b, -backup {Directory}

Backup Forensics Database to local file. [Optional]

-h, -help

Open help manual. [Optional]

Examples:

  1. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe file:c:\test\test.doc url:www.test.com -r
  2. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe file:test.doc -r -q
  3. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe ip:170.12.1.180 file:test.doc
  4. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe HYPERLINK "url:www.Malicious.com" md5:10010010010010010010010010010010 -q -b c:\ backupToFile.txt
  5. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe -b c:\backupToFile.txt

Notes:

  1. All combination between optional parameters are allowed, the order is not important.
  2. Backup option does not require Mandatory parameters (example 5).