sc1.checkpoint.com
Open in
urlscan Pro
104.102.61.167
Public Scan
URL:
https://sc1.checkpoint.com/documents/R81.20/SmartEndpoint_OLH/EN/Content/Topics-EPSG-R81.20/Anti-Ransomware-Files.htm
Submission: On December 11 via api from UA — Scanned from PL
Submission: On December 11 via api from UA — Scanned from PL
Form analysis 1 forms found in the DOM
#
<form class="search" action="#">
</form>Text Content
* How to Search in this Book
* Important Information
* Introduction to Endpoint Security
* Endpoint Security Architecture
* Supported Operating Systems for the Endpoint Client
* Endpoint Security Licenses
* Logging Into SmartEndpoint
* Using SmartEndpoint
* Users and Computers
* Deploying Endpoint Security Clients
* Backup and Restore
* Defining Endpoint Security Policies
* External Endpoint Policy Servers
* Management High Availability
* Active Directory Authentication
* Full Disk Encryption
* User Authentication to Endpoint Security Clients (OneCheck)
* Media Encryption & Port Protection
* Capsule Docs
* Anti-Malware
* Anti-Malware
* Prerequisites for Anti-Malware
* Configuring Anti-Malware Policy Rules
* Configuring Anti-Malware Policy Rules
* Scan All Files on Access
* Malware Signature Updates
* Malware Signature Updates
* Anti-Ransomware Files
* Shared Signature Server for Anti-Malware
* Performing Periodic Anti-Malware Scans
* Periodic Scan Options
* Scan Optimization
* Malware Treatment
* Submitting Malware and False Detections
* Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics
* Harmony Endpoint Anti-Bot
* Harmony Endpoint Threat Extraction, Emulation and Anti-Exploit
* Firewall
* Compliance
* Application Control
* Client Settings
* Smart App Control
* Remote Access VPN
* Access Zones
* Remote Help
* Offline Mode
* Glossary
* How to Search in this Book
* Important Information
* Introduction to Endpoint Security»
* Endpoint Security Architecture»
* Supported Operating Systems for the Endpoint Client
* Endpoint Security Licenses»
* Logging Into SmartEndpoint
* Using SmartEndpoint»
* Users and Computers»
* Deploying Endpoint Security Clients»
* Backup and Restore»
* Defining Endpoint Security Policies»
* External Endpoint Policy Servers»
* Management High Availability»
* Active Directory Authentication»
* Full Disk Encryption»
* User Authentication to Endpoint Security Clients (OneCheck)»
* Media Encryption & Port Protection»
* Capsule Docs»
* Anti-Malware»
* Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics»
* Harmony Endpoint Anti-Bot»
* Harmony Endpoint Threat Extraction, Emulation and Anti-Exploit»
* Firewall»
* Compliance»
* Application Control»
* Client Settings»
* Smart App Control
* Remote Access VPN
* Access Zones»
* Remote Help»
* Offline Mode»
* Glossary
R81.20 Harmony Endpoint Server Administration Guide
Filter:
* All Files
Submit Search
* How to Search in this Book
* Important Information
* Introduction to Endpoint Security Introduction to Endpoint Security
* Endpoint Security Architecture Endpoint Security Architecture
* Supported Operating Systems for the Endpoint Client
* Endpoint Security Licenses Endpoint Security Licenses
* Logging Into SmartEndpoint
* Using SmartEndpoint Using SmartEndpoint
* Users and Computers Users and Computers
* Deploying Endpoint Security Clients Deploying Endpoint Security Clients
* Backup and Restore Backup and Restore
* Defining Endpoint Security Policies Defining Endpoint Security Policies
* External Endpoint Policy Servers External Endpoint Policy Servers
* Management High Availability Management High Availability
* Active Directory Authentication Active Directory Authentication
* Full Disk Encryption Full Disk Encryption
* User Authentication to Endpoint Security Clients (OneCheck) User
Authentication to Endpoint Security Clients (OneCheck)
* Media Encryption & Port Protection Media Encryption & Port Protection
* Capsule Docs Capsule Docs
* Anti-Malware Anti-Malware
* Prerequisites for Anti-Malware
* Configuring Anti-Malware Policy Rules Configuring Anti-Malware Policy
Rules
* Scan All Files on Access
* Malware Signature Updates Malware Signature Updates
* Anti-Ransomware Files
* Shared Signature Server for Anti-Malware
* Performing Periodic Anti-Malware Scans
* Periodic Scan Options
* Scan Optimization
* Malware Treatment
* Submitting Malware and False Detections
* Harmony Endpoint Anti-Ransomware, Behavioral Guard and Forensics Harmony
Endpoint Anti-Ransomware, Behavioral Guard and Forensics
* Harmony Endpoint Anti-Bot Harmony Endpoint Anti-Bot
* Harmony Endpoint Threat Extraction, Emulation and Anti-Exploit Harmony
Endpoint Threat Extraction, Emulation and Anti-Exploit
* Firewall Firewall
* Compliance Compliance
* Application Control Application Control
* Client Settings Client Settings
* Smart App Control
* Remote Access VPN
* Access Zones Access Zones
* Remote Help Remote Help
* Offline Mode Offline Mode
* Glossary
You are here: Anti-Malware > Configuring Anti-Malware Policy Rules > Malware
Signature Updates > Anti-Ransomware Files
ANTI-RANSOMWARE FILES
Anti-Ransomware creates honeypot files on client computers. It stops the attack
immediately after it detects that the ransomware modified the files.
The Anti-Ransomware creates the honeypot files in these folders:
* C:\Users\Public\Music
* C:\Users\<User>\Music (MyMusic)
* C:\Users\Public\Documents
* C:\Users\<User>\Documents (MyDocuments)
* C:\Users\Public\Videos
* C:\Users\<User>\Videos (MyVideos)
* C:\Users\Public\Pictures
* C:\Users\<User>\Pictures (MyPictures)
* C:\Program Files (x86)
* C:\ProgramData
* C:\Users\<User>\AppData\Roaming
* C:\Users\<User>\AppData\Local
* C:\Users\<User>\Downloads
You can identify these folders by the lock icon that is associated with the name
of the folder.
For example:
The file names include these strings, or similar:
* CP
* CheckPoint
* Check Point
* Check-Point
* Sandblast Agent
* Sandblast Zero-Day
* Endpoint
You can open and look at the files. They are real documents, images, videos, and
music.
If a file is deleted, it is automatically recreated after the next system boot.
04 December 2024
Was this helpful?
Thumbs UpThumbs Down
© 2022 - 2024 Check Point Software Technologies Ltd.
FEEDBACK