Manual Analysis with CLI
R81 Harmony Endpoint Server Administration Guide|322
Manual Analysis with CLI
You can configure the Forensics component to analyze incidents that are detected by a third
party Anti-Malware solution. To use this, after an incident is triggered you can run analysis
manually on the client computer or use a dedicated tool.
To run analysis manually on a client computer with CLI:
Use the command:
C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\cpefrcli.exe
<Type>:<Malicious resource> [options]
Parameter Description
<Type> The type of <malicious>: URL, File, MD5, IP [Mandatory]
<Malicious> The resource description (for example URL). [Mandatory]
Note - File description can be full path or just file name.
-r, -Remediation Remediate malicious, suspicious, unknown processes based on policy
configuration. [Optional]
-q, -quarantine Enter the machine to restricted mode based on policy configuration.
[Optional]
-id {GUID} Set ID to incident. The format of the id is GUID. [Optional]
-b, -backup
{Directory}
Backup Forensics Database to local file. [Optional]
-h, -help Open help manual. [Optional]
Examples:
1.
C:\Program Files (x86)\CheckPoint\Endpoint
Security\EFR\cpefrcli.exe file:c:\test\test.doc url:www.test.com
-r
2.
C:\Program Files (x86)\CheckPoint\Endpoint
Security\EFR\cpefrcli.exe file:test.doc -r -q
3.
C:\Program Files (x86)\CheckPoint\Endpoint
Security\EFR\cpefrcli.exe ip:170.12.1.180 file:test.doc
To Next Page
Loading...
