Push Operations

Push Operations are operations that the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. pushes directly to client computers with no policy installation required. Push operations are one-time operations. They are different to policy rules, which define the behavior of clients over time.

These Push Operations are available:

• Anti-Malware

  • Scan for malware - Run an Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. scan on the computer or computers, based on the configured settings.

  • Update malware signatures - Update malware signatures on the computer or computers, based on the configured settings.

  • Temporarily restore files from quarantine - Temporarily restores files from quarantine on the computer or computers, based on the configured settings.

• SandBlast Agent Anti-Ransomware, Behavioral Guard, and Forensics

  • Analyze by URL - Manually trigger incident analysis. Enter a URL to inspect and, optionally, search for an incident related to the URL.

  • Analyze by Process or File - Manually trigger incident analysis. Enter the full path to the file and, optionally, search for an incident related to the process or file.

  • File Remediation - Move files to quarantine or restore files from quarantine, based on filename or incident ID.

• Client Settings

  • Shut down computer - Shut down the computer or computers based in the configured settings.

  • Restart computer - Shut down the computer or computers based in the configured settings.

  • Collect client logs - Collect Debug logs that can be used to prepare CPinfo reports, from the computer or computers based in the configured settings. You can specify how much log information to collect (Maximum amount, Most common information, or Minimum amount). Logs are stored in a shared folder on the client computer. You can upload the logs to Check Point servers, and to corporate FTP servers.

  • Repair client - Repair the Endpoint Security client installation. This requires a computer restart.

From Reporting tab > Push Operations you can:

In the top pane:

• See all recent Push Operations activities, and their details. This includes: which objects were included in the operation, the status.

• Create new, Abort (stop), and Remove Push Operations.

• Click Configure Defaults to configure the default settings for a selected operation. These settings will apply each time you run Push Operations and do not configure different settings.

In the Endpoint List:

See the results of the operations on each endpoint.

You can also start Push Operations from everywhere in the SmartEndpoint A Check Point GUI application which connects to the Endpoint Security Management Server, to manage your Endpoint Security environment - to deploy, monitor and configure Endpoint Security clients and policies. where an object is shown. This includes reports in the Reporting tab and in the Users and Computers tab.

Starting Push Operations

To start Push Operations from an object in SmartEndpoint

1. Right-click an object (user or computer) and select a component, and then an operation.

2. Click Yes to confirm that you want to do the operation.

3. Optional: Click Advanced Settings to use settings that are not the default.

To start Push Operations from Reporting > Push Operations:

1. In Reporting > Push Operations, click Create new.

2. Select a component and an operation.

3. Click Next.

4. Select an OU, node, or computer to get the operation.

5. Click Next.

6. Configure the settings for the operation.

7. Click Next.

8. Click Finish.

To start Push Operations from Users and Computers > Global Actions

In Users and Computers > Global Actions, click Push Operation.

The Create Push Operation wizard opens.

Push Operations Settings

Click Configure Defaults to configure the default settings for a selected operation. These settings will apply each time you run Push Operations and do not configure different settings.

Select the operation to configure.

For each operation you can configure:

• User Notification -Are users notified about the operation and can they cancel or postpone it. The options are:

  • Execute operation immediately - Users cannot cancel or postpone it.

  Optional: Select Inform user and click Configure to configure a notification message that users see and in how many minutes the operation will occur. If you do not select Inform user, the operation runs silently.

  • Allow user to postpone or cancel operation - Users can cancel or postpone it. Click Configure to configure the notification message that users see and in how many minutes the operation will occur.

• Scheduling - When does the operation occur. The options are:

  • Execute operation immediately

  • Schedule operation for - Enter a date and time when the operation will start.

• Timeframe - The Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. will send the operation to clients for the selected number of hours.

For Anti-Malware Push Operations, see Configuring Anti-Malware Policy Rules.