How to disable SandBlast Agent Data Collection

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk129753
Product	SandBlast Agent, Endpoint Security Client
Version	E80.85, E80.86, E80.87, E80.88, E80.89, E80.90, E80.92, E80.94, E80.95, E80.96, E80.97, E81
OS	Windows
Platform / Model	All
Date Created	18-Jun-2018
Last Modified	16-Jun-2019

Solution

SandBlast Agent Data Collection sends anonymized incident related data to the CheckPoint ThreatCloud. This data helps improve protections for all our customers. The data currently being sent may include:

Anonymized Forensic Reports
Memory Dumps of Malicious/Compromised Processes (currently disabled)
Malicious Files (currently disabled)

To disable Data Collection please do the following:

Open SmartEndpoint console.
Go to the Policy tab.
Open the SandBlast Agent Forensics, Remediation And Anti-Ransomware policy.
Edit the Monitoring and Exclusions action.
Click on Add location.
Choose Process.
Add the following text to the Process name test box:

<DcPolicy enabled="false" xmlns="http://schema.checkpoint.com/policy/v1/"></DcPolicy>
Click "OK".
Save and Install Policy.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback

Please rate this document

[1=Worst,5=Best]

Comment
	Submitting rating