Push Operations

Push Operations are operations that the Endpoint Security Management Server pushes directly to client computers with no policy installation required. Push operations are one-time operations. They are different to policy rules, which define the behavior of clients over time.

These Push Operations are available:

  • Anti-Malware

    • Scan for malware - Run an Anti-Malware scan on the computer or computers, based on the configured settings.

    • Update malware signatures - Update malware signatures on the computer or computers, based on the configured settings.

    • Temporarily restore files from quarantine - Temporarily restores files from quarantine on the computer or computers, based on the configured settings.

  • Harmony Endpoint Anti-Ransomware, Behavioral Guard, and Forensics

    • Analyze by URL - Manually trigger incident analysis. Enter a URL to inspect and, optionally, search for an incident related to the URL.

    • Analyze by Process or File - Manually trigger incident analysis. Enter the full path to the file and, optionally, search for an incident related to the process or file.

    • File Remediation - Move files to quarantine or restore files from quarantine, based on filename or incident ID.

  • Client Settings

    • Shut down computer - Shut down the computer or computers based in the configured settings.

    • Restart computer - Shut down the computer or computers based in the configured settings.

    • Collect client logs - Collect Debug logs that can be used to prepare CPinfo reports, from the computer or computers based in the configured settings. You can specify how much log information to collect (Maximum amount, Most common information, or Minimum amount). Logs are stored in a shared folder on the client computer. You can upload the logs to Check Point servers, and to corporate FTP servers.

    • Repair client - Repair the Endpoint Security client installation. This requires a computer restart.

From Reporting tab > Push Operations you can:

In the top pane:

  • See all recent Push Operation activities, and their details. This includes: which objects were included in the operation, the status.

  • Create new, Abort (stop), and Remove Push Operations.

  • Click Configure Defaults to configure the default settings for a selected operation. These settings will apply each time you run Push Operations and do not configure different settings.

In the Endpoint List:

See the results of the operations on each endpoint.

You can also start Push Operations from everywhere in the SmartEndpoint where an object is shown. This includes reports in the Reporting tab and in the Users and Computers tab.

Starting Push Operations

To start Push Operations from an object in SmartEndpoint

  1. Right-click an object (user or computer) and select a component, and then an operation.

  2. Click Yes to confirm that you want to do the operation.

  3. Optional: Click Advanced Settings to use settings that are not the default.

To start Push Operations from Reporting > Push Operations:

  1. In Reporting > Push Operations, click Create new.

  2. Select a component and an operation.

  3. Click Next.

  4. Select an OU, node, or computer to get the operation.

  5. Click Next.

  6. Configure the settings for the operation.

  7. Click Next.

  8. Click Finish.

To start Push Operations from Users and Computers > Global Actions

In Users and Computers > Global Actions, click Push Operation.

The Create Push Operation wizard opens.

Push Operations Settings

Click Configure Defaults to configure the default settings for a selected operation. These settings will apply each time you run Push Operations and do not configure different settings.

Select the operation to configure.

For each operation you can configure:

  • User Notification -Are users notified about the operation and can they cancel or postpone it. The options are:

    • Execute operation immediately - Users cannot cancel or postpone it.

    Optional: Select Inform user and click Configure to configure a notification message that users see and in how many minutes the operation will occur. If you do not select Inform user, the operation runs silently.

    • Allow user to postpone or cancel operation - Users can cancel or postpone it. Click Configure to configure the notification message that users see and in how many minutes the operation will occur.

  • Scheduling - When does the operation occur. The options are:

    • Execute operation immediately

    • Schedule operation for - Enter a date and time when the operation will start.

  • Timeframe - The Endpoint Security Management Server will send the operation to clients for the selected number of hours.

For Anti-Malware Push Operations, see Configuring Anti-Malware Policy Rules.