Port Protection, a feature within the Media Encryption & Port Protection (MEPP) component of Check Point Harmony Endpoint, is designed toprotect activity on the ports of a client computer to help prevent data leakage. This functionality controls access to ports such as USB, Bluetooth, and others to secure data transfers and prevent unauthorized data exfiltration. TheCP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdfprovides clear evidence onpage 280, under "Media Encryption & Port Protection":
"Protects data stored on the computers by encrypting removable media devices and allowing tight control over computers' ports (USB, Bluetooth, and so on)."
Additionally, onpage 288, under "Configuring Peripheral Device Access," it elaborates:
"Port Protection prevents unauthorized access to devices connected to the computer’s ports, helping to prevent data leakage through unauthorized devices."
These extracts confirm that Port Protection’s primary purpose is to safeguard data by controlling port activity, aligning withOption A. The "why" is explicitly tied to preventing data leakage, a critical security objective.
Option B ("to review logs")is incorrect; while logs may be generated as a byproduct, the primary goal is protection, not log review.
Option C ("to help unauthorized user access")contradicts the purpose of Port Protection, which is to block unauthorized access, not facilitate it.
Option D ("to monitor devices")is partially relevant but incomplete; monitoring is a means to an end, with the ultimate goal being data leakage prevention.
[References:, CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 280: "Media Encryption & Port Protection" (describes port control for data protection)., CP_R81.20_Harmony_Endpoint_Server_AdminGuide.pdf, Page 288: "Configuring Peripheral Device Access" (specifies prevention of data leakage via ports)., ]
