Support Center > Search Results > SecureKnowledge Details
Check Point Capsule, Endpoint Security & Remote Access VPN E80.61 / R77.20.01 Known Limitations Technical Level

This article lists all of the known limitations of Check Point Capsule, Endpoint Security & Remote Access VPN E80.61 / R77.20.01.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.


Important notes:


Table of Contents

  • R77.20.01 Management Server
    • Management
    • UDM
  • Endpoint Security E80.61 Clients for Windows
    • General
    • Client UI
    • Capsule Docs
    • Anti-Malware
    • Media Encryption & Port Protection
    • Full Disk Encryption
    • Forensics
    • Application Control
    • UserCheck
    • URL Filtering
  • Endpoint Security E80.61 Clients for Mac
    • General
    • Installation
    • Capsule Docs
    • Compliance
    • Full Disk Encryption
    • Media Encryption & Port Protection
    • Media Encryption Offline Access Utility


R77.20.01 Management Server


ID Symptoms
01471981 In an environment with a Remote Help Server configured, only "Automatic synchronization when policy is installed + every time endpoint server database is modified" is supported. Manual sync is not supported. Configure these settings before you add the Remote Help Server. If you already have secondary server configured, use the procedure in the Administration Guide to change it to "automatic every time endpoint database is modified".
01580133 After a new R77.20.01 server on Windows starts for the first time, policies are installed on clients but the UI might show multiple blades as waiting for policy installation.
01652844, 01669080 If no licenses are applied for Security Management, it automatically uses a Plug and Play license for the first 15 days. If during that time, Endpoint Policy Management is activated, an Endpoint Policy trial license is shown in cplic, though the Plug and Play license is still valid. The trial license is not used until the Plug and Play license expires.
01677373, 01682144 R77.20.01 installation is not supported on top of a server installed with an R77.20 Jumbo hotfix. The R77.20 Jumbo hotfix is also not supported on top of R77.20.01. Users get a conflict message and must not continue with the installation.
01281459 The password for Client Uninstall must be in English.
01785426 Windows installation cannot be installed using custom path (with spaces) on drives other than C:

In a standalone deployment (Security Management and Gateway on the same computer), do these steps to activate UDM:

  1. Open SmartDashboard.
  2. Double-click on the management object.
  3. Click "OK" in the window that opens (no editing required).
  4. Click "Install Policy".


Endpoint Security E80.61 Clients for Windows


ID Symptoms
- E80.61 does not support Windows 10.
Client UI
01281219 On Windows XP, use .NET2 SP2 to see the client GUI correctly. The client GUI does not work on Windows XP if .NET Framework 2 or .NET2 SP1 is installed.
Capsule Docs

If you have a standalone Document Security or Capsule Docs client installed on a computer, and you uninstall it, you must reboot after the uninstallation.

If you do not reboot and then install the Endpoint Security client, the installation might fail due to issues with registry values.
01274634 On E80.50 and higher clients, the Disable Policy action is not enforced. The action from the previous policy installed is enforced instead.
Media Encryption & Port Protection
01584581 Sometimes when creating encrypted storage, the icon for the business data volume and the label are not updated. This is caused by the Windows cache functionality.
Full Disk Encryption
01534473 On Microsoft Surface Pro 3, TPM 2.0 pre-boot authentication might perform slowly.
01631435 Full Disk Encryption does not load on Dell Latitude **50 series in BIOS mode (UEFI is not affected).
Refer to sk105745.
00674516 It is not possible to perform recovery using recovery media for Lenovo X250.
Contact Check Point Support.
00673533 Boot Camp is not supported.
01603986 When using Internet Explorer version 11 to view a Forensics report, in some cases a java script error occurs.
You can click "Yes" and ignore the error.
01631726 Forensics reports are not supported for servers on Windows.
The link shows in SmartLog, but if you click it, a message shows "Failed to fetch the file".
01619773 SmartLog does not show Forensics reports from clients connected through Policy Servers.
Application Control
01615446 The Application Control Blade does not work with all Windows 8 and Windows 8.1 Windows Store Apps.
01666420 For Endpoint Security Clients to get triggers from Network Gateway blades, UserCheck portal must be configured for the gateway and UserCheck redirection must be configured in required rules for each blade. The trigger for the Endpoint Client response is based on UserCheck redirection and will only occur if UserCheck is configured in this way.
URL Filtering
01612262 After an advanced upgrade to R77.20.01, when URLF policy is being managed in a separate management, use the E80.61 Endpoint Security Administration Guide to set up SIC again between the Network and Endpoint Security Management Servers. Then install policy from SmartDashboard on the Endpoint Security Management Server.
01707225, 01704557 Some Windows Store Applications might not be blocked by Endpoint URL Filtering, even if the policy is configured to block related categories.
As a workaround, use Endpoint Application Control.


Endpoint Security E80.61 Clients for Mac


ID Symptoms
Uninstallation is not protected by the Uninstallation password configured on Server
00674774 Mac client is not uploaded by "load latest supported version from internet".
01836669 No indication on the client that there is no license available on Server.
Capsule Docs
01481564 In PowerPoint, slide thumbnails on the left side of the app window might be displayed upside down and in reverse order.
01516114 Capsule Docs client cannot open hyperlinks from protected Word documents on OS X 10.10.
01516199 Protected Word document cannot open pictures from external sources, only text will be displayed.
01521382 In Word, embedded picture might not show in .docx documents.
01718240 "screen capture" permission is not enforced.
01520284 Administrator cannot configure compliance blade with remediation for Mac OS.
Full Disk Encryption
00673349 Password sync only possible from OS X to Preboot.
00674809 The SmartEndpoint setting "Windows recommended password complexity" is not supported with Mac clients.
01483181 During upgrades from legacy Full Disk Encryption, all Full Disk Encryption user accounts are removed, including token users.

Custom protection selects incorrect partition order.

SmartEndpoint lets an administrator input custom encryption 1-N for disks and volumes. However, on Mac, disks and partitions are 0-N.

  • SmartEndpoint disk value range 1...N is mapped to Mac disk number 0...N-1
  • The Mac disk and partition numbers can be listed using the "diskutil list" command.
00673531 Smart Card authentication is not supported for Full Disk Encryption on Mac.
00673534 Hibernation, or smartsleep, is not supported with Full Disk Encryption.
00674612 Mac Endpoint installation on local machine can not be moved to domain.
00674630 Endpoint Security may request AD credentials from user.
01685163 OneCheck is not supported.
01690447 Preboot rebranding is not supported.
01703655 FDE SSO requires an OS X mobile account.
00674706 dmumount utility fails to mount volume. (Fixed in E80.62).
The Mac OS X login screen might take a long time to open and then show: "Unable to connect to FDE service, press OK to continue OS X login". Sometimes this happens when external media devices are attached to the computer.
00673532 A disk marked as "non revertible Core Storage" is not supported. This is the case for a disk encrypted with FileVault2 or a Fusion Drive. See sk98247 on how to disable the feature if enabled before Endpoint Security client installation
Media Encryption & Port Protection
01855795 Media Encryption for Mac always uses FAT32 file encryption for business data. NTFS is not supported on OS X.
01849299 The SmartEndpoint settings for offline access are not supported.
01617088 If there are connectivity issues with the server when encrypting a USB device, sometimes the encryption does not start and no error messages show.
01267552 The Media Encryption Blade does not treat CDs as portable devices, does not show them in the client UI, and does not create encrypted storage on them.
01346029 The option "Block All, but allow to delete files" is not supported. All writing and deleting are blocked, if that option is selected.
01349494 You cannot differentiate between various USB devices by vendor or type, when enforcing a Media Encryption policy.
01349555 Port Protection is not supported. You cannot block mounting or attaching Mac peripheral device based on the Endpoint Security policy.
01349571 You cannot enforce which types of files must be encrypted on storage devices. If you configure business-related data to be encrypted, Media Encryption will require encryption for all files saved to a storage device.
01368312 When a user tries to copy files to non-encrypted storage, when the policy is "Encrypt all," the user can request to override the policy or to block the operation. Users do not get the option to automatically copy the files to the encrypted storage.
01370999 If a user responds to a UserCheck message for a device by clicking "Cancel" or "Override" (with justification), this action applies to all future events on the device until the device is re-inserted.
01371714 After a user creates encrypted storage on a device, it might not be visible in the Finder main window. It is visible in the left bar of Finder.
Workaround: Remove the device and insert it again to see the encrypted storage in the Finder main window.
01695432 Formatting DOK succeeds only after 2 trials.
01708194 Media Encryption blade does not support Time Machine.
01841977 Cannot see encrypted partition when encrypting 100% of USB with Hierarchical File System (HFS).
(HFS is a proprietary file system developed by Apple Inc. for use in computer systems running Mac OS.)
00674782 After you encrypt a removable media device, you might need to eject the device and re-insert it before you can use it.
01848229 Custom Encrypted Media Access Rules are not supported for Mac.
01734490 No option to recover by RH if media owner is local user.
01483853 When attempting to write file to unencrypted media on Mac OS X client, Endpoint Client does not prompt to encrypt media even though UserCheck Policy set to prompt for Encryption.
Media Encryption Offline Access Utility
01368628 If the utility is installed after a device is inserted, the encrypted storage will not mount. Remove the device and insert it again.
01368635 After a user enters the offline password, the encrypted storage is mounted and visible, but the decrypted storage is not.
To access the non-encrypted storage, a user must press "Cancel" in the "Enter Offline Password" window.

Give us Feedback
Please rate this document