Performing Push Operations

Push operations are operations that the server pushes directly to client computers with no policy installation required.

Note - If there is no response from the Endpoint Security client, the Push Operation will time out after 24 hours. You must reinitiate the Push Operation.

00:00: The Run Diagnostics push operation allows you to collect CPU and RAM usage information of an endpoint for your analysis. 00:09: Log in to the Infinity Portal, access Harmony Endpoint and click Asset Management. 00:15: Expand Organization and select computers. 00:19: Right click the endpoint for which you want to perform the Run Diagnostics push operation, select diagnostics, and then click Run Diagnostics. Note that the Run Diagnostics push operation can be executed only on one endpoint at a time. 00:34: To view the status of the operation, click push operation and view the status column. When the status is complete, click View Report. 00:42: The report shows a graphical representation of the CPU and RAM usage of the endpoint. 00:48: Thank you for watching the video.

To add a Push Operation:

1. Go to the Push Operation view and click Add.

2. Select the push operation and click Next.

   Category	Push Operations	Windows	macOS	Linux
   Anti-Malware A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers.	Scan for Malware	Yes	Yes	Yes
   	Update Malware Signature Database	Yes	Yes	Yes
   	Restore Files from Quarantine	Yes	Yes	Yes
   Forensics and Remediation	Analyze by Indicator	Yes	Yes	No
   	File Remediation	Yes	Yes	Yes
   	Isolate Computer	Yes	Yes	No
   	Release Computer	Yes	Yes	No
   Agent Settings	Deploy New Endpoints	Yes	No	No
   	Collect Client Logs	Yes	Yes	No
   	Repair Client	Yes	No	No
   	Shutdown Computer	Yes	Yes	No
   	Restart Computer	Yes	Yes	No
   	Uninstall Client	Yes	Yes	No
   	Application Scan	Yes	Yes	No
   	Kill Process	Yes	Yes	No
   	Remote Command	Yes	Yes	Yes

3. Select the devices on which you want to perform the push operation.

   Note - You can perform Run Diagnostics on only one device at a time.

4. Click Next.

5. Configure the operation settings.

Anti-Malware

Push Operations	Description
Scan for Malware	Runs an Anti-Malware scan on the computer or computers, based on the configured settings.
Update Malware Signature Database	Updates malware signatures on the computer or computers, based on the configured settings.
Restore Files from Quarantine	Restores files from quarantine on the computer or computers, based on the configured settings. To restore files from quarantine: In the Full Path field, enter the path to file before it was quarantined including the file name. For example, c:\temp\eicar.txt Click OK.

Forensics and Remediation

Push Operations	Description
Analyze by Indicator	Manually triggers collection of forensics data for an endpoint device that accesses or executes the indicator. The indicator can be a URL, an IP, a path, a file name or an MD5.
File Remediation	Quarantines malicious files and remediates them as necessary. To move or restore files from quarantine: Click and select the organization. Click Update Selection. Select the device and click Next. Add Comment, optional comment about the action. To move the files to quarantine, select Move the following files to quarantine. To restore the files from quarantine, select Restore the following files to quarantine. Click . From the drop-down: Select Full file path or Incident ID: In the Element field, enter the incident ID from the Harmony Endpoint Security client or enter the incident UID for the corresponding incident from the Logs menu in the Harmony Endpoint portal. To obtain the incident UID, open the log entry and expand the More section to view the incident UID. Click OK Select MD5 Hash: Enter or upload the Element. Click OK. Click Finish.
Isolate Computer	Makes it possible to isolate a specific device that is under malware attack and poses a risk of propagation. This action can be applied on one or more devices. The Firewall component must be installed on the client in order to perform isolation. Only DHCP, DNS and traffic to the management server are allowed.
Release Computer	Removes device from isolation. This action can be applied on one or more devices.

Agent Settings

Push Operations	Description	2FA Required
Deploy New Endpoints	Installs the Initial Client on the target devices remotely using any device as the medium to run the push operation. This is suitable if do not have third party tools such as Microsoft System Center Configuration Manager (SCCM) or Intune to install the client. Field Description Comment Optional comment about the action. Select the deployment endpoint Target endpoint or device where you want to install the Initial Client. Caution - The target device must not be the same as the source device. Endpoint version Select the Harmony Endpoint Security Client version to install onm the target device.	No
Collect Client Logs	Collects CPInfo logs from an endpoint based on the configured settings. For Windows, client logs are stored in the directory C:\Windows\SysWOW64\config\systemprofile\CPInfo. For macOS, client logs are stored in the directory /Users/Shared/cplogs. Field Description Comment Optional comment about the action. Log set to collect Select the scope of information for the logs. Debug Info upload Select the location to upload the logs: Upload CPInfo reports to Check Point servers Upload CPInfo reports to Corporate server - Update the relevant corporate server information.	No
Repair Client	Repairs the Endpoint Security client installation. This requires a computer restart. Note - This push operation applies only to Harmony Endpoint Security clients that have been upgraded to a newer version at least once after the installation.	No
Shutdown Computer	Shuts down the computer or computers based on the configured settings.	No
Restart Computer	Restarts the computer or computers based on the configured settings.	No
Uninstall Client	Uninstalls the Endpoint Security client remotely on the selected devices. This feature is supported for E84.30 client and above.	Yes
Application Scan	Collects all available applications in a certain folder on a set of devices and then adds them to the application repository of the "Application Control Check Point Software Blade on a Security Gateway that allows granular control over specific web-enabled applications by using deep packet inspection. Acronym: APPI." blade on that specific tenant.	No
Kill Process	Remotely kills/ terminate the processes.	No
Remote Command	Allows administrators to run both signed (introduced by CP) and unsigned (ones the customer creates) scripts on the Endpoint Client devices. Especially useful in a non-AD environment. Supplies tools/fixes to customers without the need to create new EP client/server versions. Saves passwords securely when provided. The Remote Command feature is supported only in Windows clients running version E85.30 and above	Yes

6. Under User Notification:

   • To notify the user about the push operation, select the Inform user with notification checkbox.

   • To allow the user to post pone the push operation, select the Allow user to postpone operation checkbox.

7. Under Scheduling:

   • To execute the push operation immediately, click Execute operation immediately.

   • To schedule the push operation, click Schedule operation for and click to select the date.

8. Click Finish.

9. View the results of the operations on each endpoint in the Endpoint List section (in the Push Operations menu) at the bottom part of the screen.