Policy Reports

A policy report shows information about the assigned policies on each Endpoint Security Client computer in the organization. You cannot see the Policy Report in SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies.. It is a CSV file that is created on the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. at scheduled times.

To enable scheduled Policy Reports:

1. On the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server., run: cpstop

2. Open the server's local.properties file: $UEPMDIR/engine/conf/local.properties

3. Find the line: #emon.scheduler.time=9:55:00,10:55:00,15:33:00

   • Delete the # from the line

   • Edit the times to show the hour when the reports will be created. Reports will be created each day at these times.

   • Make sure the line is in this format: emon.scheduler.time=HH:mm:ss,HH:mm:ss,HH:mm:ss
     with no spaces between the times and commas.

4. Find the line: #emon.scheduler.max.reports=10

   • Delete the # from the line

   • The number represents the maximum number of reports that can remain in the report directory. The oldest ones are overridden by newer ones. Optional: Edit the number.

   • Make sure the line is in this format: emon.scheduler.max.reports=<number of reports to save>.

5. Find the line: #emon.scheduler.policyreport=true

   • Delete the # from the line

   • Make sure the line is in this format: emon.scheduler.policyreport=true

6. Create a new folder in $FWDIR/conf/SMC_Files/uepm/reports/. Run:

   mkdir $FWDIR/conf/SMC_Files/uepm/reports
chmod 2777 $FWDIR/conf/SMC_Files/uepm/reports

   The name of the report will be: policyReport<number>.csv

   The number represents the creation time so newer reports have higher numbers.

7. Run: cpstart

When a Policy Report is generated, it includes these fields:

• General fields:

  • User Name - ntlocal for local user, ntdomain://<DOMAIN-NAME>/<USER LOGON NAME> for domain users

  • Computer Name - Name of the computer

  • User Location - User domain distinguished name (empty for local users)

  • Group Names - The names of the groups the user is in

  • IP Address - The most updated IP address of the device

  • Last Contact - The last time the computer had contact with the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.

  • OS Name - The full name of the Operating System, for example: Windows 8.1 Professional Edition

  • OS Version - The version of the Operating System, for example: 6.2-9200-SP0.0-SMP

  • OS Type - Workstation or Server

  • Machine Type - Laptop or Desktop

  • Domain Name - Active Directory domain, if relevant

• Policy (includes OneCheck OneCheck settings define how users authenticate to Endpoint Security client computers. User Settings, Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE., Media Encryption & Port Protection A component on Endpoint Security Windows clients. This component protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on). Acronym. MEPP., and Client Settings):

  • <Blade> ID - A unique identifier of a policy rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. that applies to the user or computer

  • <Blade> Name - The rule name (given by the administrator)

  • <Blade> Description - The rule comment (given by the administrator)

  • <Blade> Actions - The names of the rule actions

  • <Blade> Version - The version of the rule

  • <Blade> Modified By - The name of the administrator that last modified the rule

  • <Blade> Install Time - When the component was installed on the client

  • <Blade> Inherited From - The Active Directory path the rule was originally assigned on and inherited by this machine.