SandBlast Agent Data Collection sends anonymized incident related data to the Check Point ThreatCloud. This data helps improve protections for all our customers. The data currently being sent may include:
- Anonymized Forensic Reports
- Memory Dumps of Malicious/Compromised Processes (currently disabled)
- Malicious Files (currently disabled)
To disable Data Collection, do this:
- Open SmartEndpoint console.
- Go to the Policy tab.
- Open the SandBlast Agent Forensics, Remediation And Anti-Ransomware policy.
- Edit the Monitoring and Exclusions action.
- Click on Add location.
- Choose Process.
- Add this text to the Process name test box:
<DcPolicy enabled="false" xmlns="http://schema.checkpoint.com/policy/v1/"></DcPolicy>
- Click "OK".
- Save and Install Policy.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.