Support Center > Search Results > SecureKnowledge Details
Check Point Capsule, Endpoint Security and Remote Access VPN E80.60
Solution

 Endpoint Security Homepage is now available.

Check Point recommends to always update your systems to the most recent software release to stay current with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.
Visit our discussion forums to ask questions and get answers from technical peers and Support experts.
Popular forums:

Table of Contents:

  • What's New in Endpoint Security Clients
  • Supplemental Software
  • Check Point Capsule, Endpoint Security Downloads and Documentation
  • What's New in Remote Access VPN E80.60 Clients
  • Remote Access VPN E80.60 Clients Downloads and Documentation
  • Revision History

Important:

  • The E80.60 Endpoint Security Management Server can be activated only on a management-only machine. (Not on a standalone machine, i.e. Gateway + Management)

  • The E80.60 Endpoint Security Server is based on the R77 Management Server. It has all the supported capabilities of a standard Check Point R77 Management Server. Upgrades FROM the E80.60 Management Server TO R77.10 Management Server and above are not supported.

  • The E80.60 Endpoint Security Server can manage E80.40 and higher Endpoint Security clients.

  • See Frequently Asked Questions (sk103124).

 

Show the Entire Article

 

What's New in Endpoint Security Clients

Show / Hide section

Check Point Capsule Docs

The Check Point Capsule Docs Software Blade, managed by an on-premise Security Management Server, lets organizations protect and share documents safely within the organization and with business partners, and manage the organizational Check Point Capsule Docs policy, monitoring, and deployment through SmartEndpoint.

The Check Point Capsule Docs Software Blade comes integrated with the Endpoint Security on Microsoft Windows computers. There is also a non-managed Check Point Capsule Docs plugin for supported applications, and the Check Point Capsule Docs Viewer. The Viewer does not require administrative privileges or the installation of Microsoft Office or Adobe Acrobat Reader, and gives read-only access to protected documents. The Check Point Capsule Docs plugin, which is mainly for the external users, and the Check Point Capsule Docs Software Blade give full editing capabilities and these benefits:

Control the parties that can access the data

  • Restrict access to individuals, groups or entire organizations
  • Use granular Classification model to assign different permissions for internal and external users
  • Control data distribution (Forward, Copy/Paste, Print)
  • Choose contacts from your Outlook address book with whom you usually communicate
  • Prevent unintentional data loss with the help of UserCheck

Protect data stored on untrusted servers and shared via untrusted channels

  • Each protected document remains protected even on untrusted servers
  • Prevent forwarding to unauthorized parties
  • Secure all created documents automatically

See full audit trail for data access

  • All actions on protected documents are logged and are available through SmartView Tracker and SmartLog
  • Follow paper trail for a single document
  • Audit distribution patterns for documents in an organization
  • Monitor access by external parties

Access protected documents easily from your platform of choice

  • Seamless integration with Microsoft Office and Adobe Acrobat on Windows platforms
  • Lightweight Windows Viewer that does not require administrative privileges or Microsoft Office or Adobe Acrobat clients installed
  • Lightweight flexible viewer for Mac OS X
  • Access protected documents from proprietary Apps on Android, and iOS mobile devices

Full Integration with Organizational Active Directory

  • Users that are defined in the Active Directory are automatically provisioned to use Check Point Capsule Docs
  • User's Active Directory account authentication is sufficient to access relevant protected documents
  • Customize Document Security policy for different Users, Organizational Units and Groups

Capsule Docs Proxy

  • Allows accessing protected documents managed with the on-premise Security Management Server for users outside of the organizational network.
  • Provides secured connectivity, leveraging HTTP security and IPS inspection on a hardened Gaia operating system.
  • Built on top of Check Point Mobile Access Blade.
  • Delivered as a Hotfix on top of R77.10 and on top of R77.20.

Check Point Capsule Docs encrypts documents to protect them from unauthorized access. It protects users from unintentional data leaks. It is not possible to prevent all intentional violations made by malicious authorized users and this is not the goal of Check Point Capsule Docs.

URL Filtering

The Check Point Endpoint URL Filtering Software Blade lets an organization control access to web sites by category, user or group. This way it improves network security and enhances user productivity.

User Check technology empowers and educates Endpoint users on web usage policy in real time.

The Endpoint URL Filtering Software Blade has these benefits:

  • Lets you utilize a database of over 200 million websites, updated in real-time
  • Lets you choose from 64 predefined content categories or create custom categories and URL families
  • Works inside and outside of the organization - policy is enforced on the client
  • Does unified management - lets the administrator configure one Rule Base in SmartDashboard for an Endpoint and a Gateway policy
  • Does unified log reporting through SmartLog
  • Uses Identity Awareness - lets the administrator grant, limit, or block user access, group access, or access from specific machines to individual web sites or categories of web sites
  • Fully integrates the organization's Active Directory
  • Utilizes SSL Inspection

Supported Features for Endpoint Security URL Filtering

URL Filtering in Endpoint Security supports most features of URL Filtering from SmartDashboard. See the R77 Application Control and URL Filtering Administration Guide.

Anti-Bot

The Anti-Bot Software Blade:

  • Uses the ThreatCloud repository to receive updates, and queries it for classification of unidentified IP, URL, and DNS resources.
  • Prevents damage by blocking bot communication to C&C sites and makes sure that no sensitive information is stolen or sent out of the organization.
The Endpoint Anti-Bot blade uses these procedures to identify bot infected computers:
  • Identify the C&C addresses used by criminals to control bots.
  • These web sites are constantly changing and new sites are added on an hourly basis. Bots can attempt to connect to thousands of potentially dangerous sites. It is a challenge to know which sites are legitimate and which are not.
Check Point uses the ThreatCloud repository to find bots based on these procedures.

The ThreatCloud repository contains more than 250 million addresses that were analyzed for bot discovery and more than 2,000 different botnet communication patterns. The ThreatSpect engine uses this information to classify bots and viruses.

The Endpoint Anti-Bot blade gets reputation updates from the ThreatCloud repository. It can query the cloud for new, unclassified URL/DNS resources that it finds.

Media Encryption & Port Protection

This release adds NTFS file system support for encrypted storage devices. NTFS file system lets you encrypt files over 4GB.

Notes:

  • Check Point Media Encryption Offline Utility lets you access NTFS encrypted storage devices on non-managed MS Windows computers in admin mode.
  • Apple Mac computers do not by default support the NTFS file system. To make an encrypted storage device accessible on a Mac computer, format it as a FAT32.
  • To create encrypted NTFS storage on a Windows 7 computer, you must first install SP1 on it.

Forensics

The Check Point Endpoint Forensics Software Blade monitors files and the registry for suspicious processes and network activity. When the Anti-Malware or the Anti-Bot Client Software Blade, or the Check Point Gateway Software Blade detects an attack, the Check Point Endpoint Forensics Software Blade analyzes the attack, and uploads the complete attack report to the Endpoint Security Management Server.

Note: The Check Point Endpoint Forensics Software Blade is not supported on Microsoft Windows XP operating system.

Full Disk Encryption Features

This release adds support for these features:

  • Use of TPM to measure integrity of Pre-boot components.
  • Password synchronization between the OS and Pre-boot after Remote Help.

Remote Access VPN

For new features in the Remote Access VPN blade and standalone Remote Access Clients see
What's New in Remote Access VPN E80.60 Clients

For more information about E80.60, refer to Endpoint Security Client E80.60 Known Limitations.

Supplemental Software

Show / Hide section

Mobile Access Blade

  • Simple and comprehensive mobile/remote access solution that delivers exceptional operational efficiency.
  • Allows mobile and remote workers to connect easily and securely from any location, with any Internet device to critical resources while protecting networks and endpoint computers from threats.
  • Data transmitted by remote access is decrypted and then filtered and inspected in real time by Check PointÂ’s award-winning gateway security services such as antivirus, intrusion prevention and web security.
  • Includes in-depth authentications, and the ability to check the security posture of the remote device. This further strengthens the security for remote access.
The Mobile Access Blade is available in its latest versions in R77.10 (sk97617) and R77.20 (sk101208)

User and Device Management

  • Helps organizations roll out Check Point Capsule to users.
  • Provides Remote Access certificate management for organizational Active Directory users.
  • Provides visibility of organizational Active Directory users and the devices they use to connect.
  • Leveraging SmartLog for user login and activity logs, including filtering capabilities.
  • Provides Integration with Endpoint Security Server for Full Disk Encryption password recovery.
User and Device Management is available via sk101672.

Check Point Capsule, Endpoint Security Downloads and Documentation

Show / Hide section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages). 
 

Endpoint Security E80.60 Server

Platform Description Documentation Download Link
Gaia Gaia Security Management Server (ISO) (Release Notes) (ISO)
Windows Windows Security Management Server (ISO) (Release Notes) (ISO)
  E80.60 Endpoint Security Administration Guide (Administration Guide)  
  E80.50 and E80.60 Endpoint Security Scalability and Sizing Guide (Scalability Guide)  

Installation

For installation and upgrade instructions, use the procedures in the R77 Installation and Upgrade Guides.

For upgrades to E80.60, only Advanced Upgrade procedures are supported.

Endpoint Security E80.60 Clients

Platform Description Documentation Download Link
Windows Endpoint Security E80.60 Clients (Release Notes) (ZIP)
  E80.60 Endpoint Security Client on Windows User Guide (User Guide)  
  E80.60 Endpoint Security Administration Guide (Administration Guide)  
Mac E80.60 Endpoint Security Client on Mac

(User Guide)

(ZIP)

 

Check Point Capsule Docs

Description Documentation Download Link
Endpoint Security E80.60 Clients (Release Notes) (ZIP)
Capsule Docs Standalone Client   (EXE)
Capsule Docs PC Viewer   (EXE)
E80.60 Check Point Capsule Docs Plugin User Guide (User Guide)  
E80.60 Check Point Capsule Docs Viewer User Guide (User Guide)  
Capsule Docs Proxy (R77.10)   (TGZ)
Capsule Docs Proxy (R77.20)   (TGZ)

 

SmartConsole for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Description Download Link
SmartConsole for Endpoint Security E80.60 (EXE)

 

What's New in Remote Access VPN E80.60 Clients

Show / Hide section

New in this release:
  • SHA-256 (SHA-2) IPSEC support for Remote Access (Windows) Clients Data Integrity encryption
  • Certificate Enhancements:

    • Display the Friendly Name for a certificate
    • Filter certificates according to the Enhanced Key Usage attribute (certificates without client authentication are not shown)
    • Choose not to show expired certificates in the certificate selection list
  • Automatic upgrades from the gateway with a customized package
  • Support for the visually impaired with MSAA (Microsoft active accessibility component) integration
  • Ability to close open session before you make configuration changes
  • Improved server certificate verification for less browser warnings
  • Added support for Certificate Subject Alternative Name (DNS entries only) as part of certificate verification (previously only based on CN)
  • Policy Compression for gateways that support it, to enable policy compression for faster topology download
  • UTF-8 support in all user input fields (user names, passwords, CN). P12 certificate paths still must have only ASCII characters.
  • Dual hotspot detection mechanism.
  • Hotspot registration and mini-browser in Endpoint Security Suite (was previously in Standalone client only).
  • Improved stability, and bug fixes.

For more information about E80.60, refer to Endpoint Security Client E80.60 Known Limitations.

Remote Access VPN E80.60 Clients Downloads and Documentation

Show / Hide section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Platform Description Documentation Download Link
Windows Remote Access Clients E80.60 msi file (Release Notes) (MSI)
Remote Access Clients E80.60 Automatic Upgrade file
(Release Notes) (CAB)
Remote Access Clients E80.60 for ATM msi file (Release Notes) (MSI)
Remote Access Clients E80.60 Automatic Upgrade file for ATM (CAB) (Release Notes) (CAB)
E80.60 Remote Access Clients for Windows Administration Guide
(Admin Guide)  
Mac Endpoint Security VPN for Mac E80.60 - Disc Image (DMG) (Release Notes) (DMG)
Endpoint Security VPN for Mac E80.60 - Installation package (PKG) (Release Notes) (PKG)
Endpoint Security VPN for Mac E80.60 - Signature for automatic upgrade (signature) (Release Notes) (signature)
E80.60 Endpoint Security VPN for Mac Administration Guide (Admin Guide)  

 

Revision History

Date Description
28 October 2014 First release of this document.
31 December 2014 Added links for E80.60 Endpoint Security Client on Mac

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment