Protection for Servers

These components can be installed on supported servers in the same way that they are installed on workstations:

• Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers.

• Firewall

• Compliance Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration.

  Important - Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI. is not supported on all versions of Windows Server. Do not deploy this component on clients that run operating systems that are not supported. You can also disable it in the policy. To disable components on operating systems that are not supported: Configure a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. that disables the unsupported component. Install the policy on all clients that run operating systems that do not support the component.

If you install Anti-Malware and Firewall policies on servers, it is best for the policies to be machine-based and not user-based. In machine-based policy, the policies assigned to the machine have priority over the policies assigned to users who connect to the machine.

To enforce machine-based policies, we strongly recommend that you put all servers in a server Virtual Group.

For supported servers, see the Release Notes for your Endpoint Security client version.