How to disable SandBlast Agent Data Collection

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk129753
Technical Level
Product	Harmony Endpoint, Endpoint Security Client
Version	E80.85, E80.86, E80.87, E80.88, E80.89, E80.90, E80.92, E80.94, E80.95, E80.96, E80.97, E81, E81.10, E81.20, E81.30, E81.30_HF, E81.40, E82, E82.10, E82.20, E82.30, E82.40, E82.50, E82.55, E83, E83.10, E83.11, E83.15, E83.20, E83.30, E83.40, E83.50, E84, E84.10, E84.20, E84.30, E84.40, E84.50, E84.60, E84.70, E84.71, E85
OS	Windows
Platform / Model	All
Date Created	18-Jun-2018
Last Modified	22-Jun-2021

Solution

SandBlast Agent Data Collection sends anonymized incident related data to the CheckPoint ThreatCloud. This data helps improve protections for all our customers. The data currently being sent may include:

Anonymized Forensic Reports
Memory Dumps of Malicious/Compromised Processes (currently disabled)
Malicious Files (currently disabled)

To disable Data Collection please do the following:

Open SmartEndpoint console.
Go to the Policy tab.
Open the SandBlast Agent Forensics, Remediation And Anti-Ransomware policy.
Edit the Monitoring and Exclusions action.
Click on Add location.
Choose Process.
Add the following text to the Process name test box:

<DcPolicy enabled="false" xmlns="http://schema.checkpoint.com/policy/v1/"></DcPolicy>
Click "OK".
Save and Install Policy.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating