Support Center > Search Results > SecureKnowledge Details
Check Point Endpoint Security Client for macOS - General Limitations Technical Level

This article lists general limitations for Check Point Endpoint Security Client for macOS.
These limitations are in addition to those listed in the corresponding Known Limitations articles for each release.

For the list of macOS releases, see Endpoint Security Homepage

  • General Limitations
  • Forensics
  • Compliance Blade  
  • VPN Blade
  • Firewall Blade
  • FileVault Blade
  • Media Encryption Blade           
  • Compliance Blade
  • Anti-Malware Blade
  • Anti-Ransomware
  • URL Filtering Blade
  • Capsule Docs Blade

General Limitations

Emulation on local Threat Emulation (TE) appliances is supported
    EPS-47949: Time-limited installations are not supported.
    EPS-41116: Push Operations are ignored for macOS client.
    Centralized Client Deployment from Software Deployment Policy is not supported.
    Endpoint Client User Interface Localization is not supported.
    The following configurations in Common Client Settings Policy are not supported:
    • Client user interface settings: configurations such as custom preboot and One Check images and appearance of tray icon.
    • Allowing users to disable network protection on their computers.
    Telemetry data is not generated.
    To use SideCar and Airdrop features, starting E83.20 for macOS client, you need to allow IPv6 traffic in the Endpoint Firewall policy. See sk171972.
    Only English is supported as the interface's language.
    The Big Sur macOS, (and later) may ask users to grant access to security modules after some special activities. In such cases, follow OS directives. To avoid this, Check Point recommends MDM management tools to predefine the desired configurations.
    The Big Sur macOS version does not display correctly in SmartEndpoint reports.
    If nodeJS is installed on the Mac, build directories should be excluded in SBA policy (AR/EFR and TE) to improve performance.
    EPS-40903: Time machine restore of a backup containing an Endpoint Security installation is not supported.
    The Forensics report does not show Network events.
    Compliance Blade
    Remediation actions are not triggered on macOS.
    Environment variables in path of checked files are not supported
    Compliance blade on macOS currently supports checks for the following Anti-Virus vendors:
    • Kaspersky
    • Check Point
    • Sophos
    • McAfee
    • Symantec
    • TrendMicro
    • Norton
    The following compliance checks are not supported:
    • Latest service packs installed
    • running secure screen saver
    If the default name of the compliance rule for checking if assigned blades are running is changed, i.e. cloned or edited, this rule will not be applied to the macOS Compliance blade. Then, on the server side there will be no compliance reporting (inform, warn, restrict). Client will also not go into the assumed compliance state.
    VPN Blade
    SCV Compliance check ("Use Compliance Blade" state should be defined in order to enforce client compliance prior to VPN connection).
    [Not relevant for Big Sur and higher] In some rare cases during the upgrade of VPN client from previous version, user may experience temporary inability to connect to VPN site. Delay may be from seconds to several minutes. To address this issue user should perform reboot of operating system.
    A certificate for user authentication should be stored in the keychain when you use Secondary Connect.
    Remote Access VPN clients do not support the use of a personal certificate as an authentication method if the saved certificate is on SmartCard. This is relevant for macOS 11 Big Sur.
    Remote Access VPN clients do not support the use of personal certificates as an authentication method, if the certificate is in storage on a SmartCard. This is relevant for macOS 11 BugSur.
    Firewall Blade
    Firewall cannot block traffic in a VPN tunnel.
    Disable Wireless On Lan feature is not supported.
    Application Control is not supported.
    Individual IPv6 addresses cannot be blocked. One can set "IPv6 block all" for all IPv6 addresses.
    FileVault Blade
    Starting from E80.71 LA, the FDE Blade is replaced by FileVault Blade
    Only system volume is encrypted.
    Institutional Recovery Key can only be imported once.
    Audit logs are not generated.
    Assigning FileVault users using SmartEndpoint is not supported.
    User Acquisition setting "Continue to acquire users after pre-boot has been enforced” is not supported.
    User Acquisition setting “Pre-boot enforcement will begin after at least one user has been acquired after X days” is not supported.
    EPS-36528: Apple FileVault encryption cannot be stopped or reversed. Avoid install/uninstall/upgrade when FileVault is encrypting/decrypting.
    Smart Card login is not supported.
    OneCheck is not supported.
    Media Encryption Blade
    Offline Mode Remote Help (MEPP / macOS Offline Access Tool does not support Remote Help).
    Custom Encryption is not supported (Media Encryption does not support configuration of which file(s) should be encrypted).
    Port Protection is not supported. Early Availablity release of the feature is available in E85.30. See sk176366 for more details. 
    CD/DVDs and storage devices connected to ports other than USB, are not supported.
    External Media that are mounted as virtual devices (Core Storage or APFS (Apple File System )) are not supported.
    Time Machine using external media is not supported.
    Media formatted as NTFS is not supported.
    Media scan is not supported.
    Anti-Malware Blade
    Anti-Malware Blade is not supported on macOS client.
    Contextual scan is not supported (Finder does not have option for scan).
    EPS-26010: Enable Web protection - not supported (always off)
    EPS-26011: Scan Mail messages - not supported (always off)
    EPS-26012: Signature source settings - not supported (only External Check Point Signature server setting is supported)
    EPS-26016: Configure Threat Cloud knowledge sharing - not supported
    EPS-26017: Process exclusion - MD5 not supported
    EPS-26059: Anti-Malware detections integration with Forensics report - not supported.
    Backup configurations for the file types in the Anti-Ransomware policy are not enforced.
    Backup configurations for the file size in Anti-Ransomware policy are not enforced.
    URL Filtering Blade
    URL Filtering is supported using Agent Chrome Browser Extension for SandBlast Agent Web Management users.
    Capsule Docs Blade
    For the list of Capsule Docs limitations, refer to sk108376

    Give us Feedback
    Please rate this document