Support Center > Search Results > SecureKnowledge Details
Endpoint Security Suite and Remote Access Clients E80.51 Known Limitations

This article lists all of the known limitations of Endpoint Security Clients E80.51.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > My Profile > My Subscriptions.

Important notes:

For more information on Endpoint Security Clients E80.51, refer to sk101313 (Endpoint Security Clients E80.51).

Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:


Table of Contents

  • Endpoint Security E80.51 Clients for Windows
    • General
    • Media Encryption
    • Anti-Malware
    • Client User Interface
    • Full Disk Encryption
    • Compliance
  • Remote Access VPN E80.51 Clients for Windows

Endpoint Security E80.51 Clients for Windows


ID Symptoms
Upgrade to Endpoint Security client E80.50 and later is not supported on Windows XP systems with Cisco VPN installed.
It is not supported to remove the Media Encryption and Port Protection Blade during an upgrade. It will cause the upgrade to fail and create a second client. You can remove the blade before the upgrade or after the clients have successfully upgraded.
On Windows XP computers, you must have the latest updates installed before you install this release. If not, certificate verification will fail because the icslta.dll certificate path is invalid.
Windows 8.1 Metro applications fail to update their content. Refer to sk103728.
Media Encryption & Port Protection
NTFS support for encrypted drives does not work for drives bigger than 2TB.
When a user encrypts media, a window opens to configure some encryption parameters. In this window, negative values for disk size may show. This is only in the UI and does not affect the encryption process.

If you uninstall Media Encryption from "add or remove programs" (in the control panel), installation might fail with the error "Error 27302. Failed to uninstall one of Media Encryption & Port Protection drivers.".


  1. From elevated CMD, run:"C:\Program Files (x86)\CheckPoint\Endpoint Security\Data Loss Prevention\drivers\MeDrInst.exe" -u
  2. Start the uninstallation again from add or remove programs.

You cannot encrypt a USB drive that has very little available space because the file system meta-data in the encrypted part requires disk space. We recommend that 10% of the USB drive is available before you encrypt. When there is not enough available disk space, an error message shows.

Workaround: Remove some files from the USB before encrypting.

01424102 If you right-click on a removable media device and select 'New > create file', the action is blocked without a UserCheck message. Users get an 'access denied' message from Windows Explorer.

When upgrading from Windows 8 to Windows 8.1 with Media Encryption & Port Protection installed, you must reboot after the upgrade.

After the reboot, it is possible that the Media Encryption & Port Protection blade will be marked as "Not Running". If this happens, run an installation Repair and then reboot the system again.


The Remove Encryption operation does not always work correctly.


  1. When the encrypted media is mounted, manually copy the data to any folder on your internal hard disk drive.
  2. If necessary, also copy the data on the Non-Business part of the media.
  3. You can then reformat the media to delete the encrypted part.

If the policy is "Encrypt Business Data" and a user tries to copy a non-business file from a network location to the non-business drive, the user is asked to encrypt the file. This occurs even though it is a non-business file.

Workaround: First copy the files to the local computer and then copy them to the non-business drive.


If you use "Access to business data.exe" to open the encrypted container on an unmanaged machine, you cannot copy files from a network location to an encrypted container.

Workaround: First copy the files to the local computer and then copy them to the encrypted container.

If this error shows in the client UI: "on access monitor has failed to load", refer to sk101059.

Installation of Endpoint Security together with Kaspersky Anti-Virus is not supported. If you must use both on the same computer, contact Check Point Support.

00673775 Sometimes the Anti_Malware blade shows "Off" or "Initializing" even though it is running. It will usually resolve after a few minutes and show correctly.
Client User Interface


If you change the default language for UserCheck messages from English to German, the change is not enforced.
01406723 UserCheck messages in German do not show correctly.
01686467 "Update now" operation from Endpoint Security Client icon in system tray takes long time.
Refer to sk106840.
Full Disk Encryption
Self-encrypting disk (Opal) functionality is not supported on computers running 32-bit UEFI.
Decrypting Microsoft Surface Pro 2 with recovery media can show disk errors and abort. If that occurs please restart the recovery process and decryption will continue.
When Compliance runs on a 64 bit OS, it checks for both regular and 32 bit locations (Wow6432Node). Only one of the key (values) must equal the configured value.
01279732 On 64-bit Windows, BitDefender Anti-Virus engine version detection does not work with this version. If a Compliance rule is configured to check the minimum engine version of BitDefender Antivirus, the client will become non-compliant.

Remote Access VPN E80.51 Clients for Windows

ID Symptoms
Remote Access VPN
To allow back connections for Standalone Endpoint Security VPN, in the Desktop Policy add an inbound rule to allow connections from the encryption domain.

Give us Feedback
Please rate this document