Edit C:\ProgramData\CheckPoint\Logs\Remediation.log
2019-11-01 11:19:44,647 [3812:5] RemediationServiceLib.Engine.Engine [INFO] -------------- Service version: '8.60.5.8003' started -------------- 2019-11-01 11:19:44,694 [3812:5] EPNetDAF.NetDAF [ERROR] No Location directory inside Device Agent in the registry 2019-11-01 11:19:44,709 [3812:5] RemediationCommon.SettingsPolicyProvider [INFO] Default Remediation policy received=<?xml version="1.0" encoding="utf-8"?> <SettingsPolicies xmlns:pol="http://schema.checkpoint.com/policy/v1/" xmlns:set="http://schema.checkpoint.com/remediationSettings/v1/" xmlns="http://schema.checkpoint.com/RemediationPolicy/v1/"> <pol:EFRPolicy> <pol:UepmPolicyInfo policyName="ATP_Forensics_Default_Policy" policyDescription="ATP_Forensics_Default_Policy" enforcementType="120" securityLevel="0" policyVersion="0" installedOn="1462175919713"/> <pol:RemediationPolicy> <pol:ExclusionPolicy> <pol:CheckReputationByDefault>true</pol:CheckReputationByDefault> <pol:OverridePredefineExclusionList>false</pol:OverridePredefineExclusionList> </pol:ExclusionPolicy> <pol:ExclusionList> <pol:entry> <pol:ListType>Certificate</pol:ListType> <pol:ExcludedItemList> <pol:ExcludedItem> <pol:AvoidTerminateProcess>true</pol:AvoidTerminateProcess> <pol:Value>Check Point Software Technologies Ltd.</pol:Value> </pol:ExcludedItem> </pol:ExcludedItemList> </pol:entry> <pol:entry> <pol:ListType>File</pol:ListType> <pol:ExcludedItemList> <pol:ExcludedItem> <pol:AvoidTerminateProcess>true</pol:AvoidTerminateProcess> <pol:Value>%WINDIR%\system32\smss.exe</pol:Value> </pol:ExcludedItem> <pol:ExcludedItem> <pol:AvoidTerminateProcess>true</pol:AvoidTerminateProcess> <pol:Value>%WINDIR%\system32\csrss.exe</pol:Value> </pol:ExcludedItem> <pol:ExcludedItem> <pol:AvoidTerminateProcess>true</pol:AvoidTerminateProcess> <pol:Value>%WINDIR%\system32\wininit.exe</pol:Value> </pol:ExcludedItem> <pol:ExcludedItem> <pol:AvoidTerminateProcess>true</pol:AvoidTerminateProcess> <pol:Value>%WINDIR%\system32\services.exe</pol:Value> </pol:ExcludedItem> </pol:ExcludedItemList> </pol:entry> </pol:ExclusionList> <pol:QuarantinePolicy> <pol:FolderToRestoreImportedFiles>%ProgramData%\CheckPoint\Endpoint Security\Remediation\InfectionsFarm\</pol:FolderToRestoreImportedFiles> <pol:MaxQuarantineSizeMB>5120</pol:MaxQuarantineSizeMB> <pol:QuarantineCopyDestination> <pol:Path></pol:Path> </pol:QuarantineCopyDestination> <pol:QuarantineExpirationDays>95</pol:QuarantineExpirationDays> <pol:QuarantineFolder>%ProgramData%\CheckPoint\Endpoint Security\Remediation\Quarantine\</pol:QuarantineFolder> <pol:AllowUsersToRestore>false</pol:AllowUsersToRestore> <pol:AllowUsersToDelete>true</pol:AllowUsersToDelete> </pol:QuarantinePolicy> </pol:RemediationPolicy> </pol:EFRPolicy> <set:Settings> <set:LogConfigurationFile>%ProgramData%\CheckPoint\Endpoint Security\Remediation\log4net.config</set:LogConfigurationFile> <set:FolderToRestoreFileStreams>%ProgramData%\CheckPoint\Endpoint Security\Remediation\InfectionsFarm\FileStreams\</set:FolderToRestoreFileStreams> <set:DataDirectory>%ProgramData%\CheckPoint\Endpoint Security\Remediation\</set:DataDirectory> <set:Password>Password</set:Password> <set:DumpCycleTime>10</set:DumpCycleTime> </set:Settings> </SettingsPolicies> 2019-11-01 11:19:45,163 [3812:5] RemediationCommon.SettingsPolicyProvider [INFO] Try fetching policies 2019-11-01 11:19:45,163 [3812:4] EPNetDAF.NetDAF [ERROR] DAF is not initialized. Get policy canceled 2019-11-01 11:36:06,609 [3812:15] RemediationServiceLib.Engine.Engine [INFO] Service is shutting down 2019-11-01 11:36:06,609 [3812:15] RemediationServiceLib.Engine.Engine [INFO] -------------- Service shutdown --------------
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de