Manual Analysis with CLI

You can configure the Forensics component to analyze incidents that are detected by a third party Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. solution. To use this, after an incident is triggered you can run analysis manually on the client computer or use a dedicated tool.

To run analysis manually on a client computer with CLI:

Use the command:
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe <Type>:<Malicious resource> [options]

Parameter	Description
<Type>	The type of <malicious>: URL, File, MD5, IP [Mandatory]
<Malicious>	The resource description (for example URL). [Mandatory] Note - File description can be full path or just file name.
-r, -remediation	Remediate malicious, suspicious, unknown processes based on policy configuration. [Optional]
-q, -quarantine	Enter the machine to restricted mode based on policy configuration. [Optional]
-id {GUID}	Set ID to incident. The format of the id is GUID. [Optional]
-b, -backup {Directory}	Backup Forensics Database to local file. [Optional]
-h, -help	Open help manual. [Optional]

Examples:

1. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe file:c:\test\test.doc url:www.test.com -r

2. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe file:test.doc -r -q

3. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe ip:170.12.1.180 file:test.doc

4. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe HYPERLINK "url:www.Malicious.com" md5:10010010010010010010010010010010 -q -b c:\ backupToFile.txt

5. C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe -b c:\backupToFile.txt

Notes:

1. All combination between optional parameters are allowed, the order is not important.

2. Backup option does not require Mandatory parameters (example 5).