Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security R77.30.03 Server and E80.65 Client Known Limitations Technical Level

This article lists all of the known limitations of Enterprise Endpoint Security R77.30.03/E80.65.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.

Important notes:


Table of Contents

  • Endpoint Security E80.65 Clients for Windows
    • Installation
    • Firewall
    • Full Disk Encryption
    • Full Disk Encryption Offline Mode
    • SandBlast Agent
    • SandBlast Agent Browser Extension
    • Remote Access VPN E80.65 Clients
  • SmartEndpoint
  • License

Endpoint Security E80.65 Clients for Windows

ID Description
If you are upgrading clients that have the Media Encryption and Port Protection blade, you cannot remove this blade during the upgrade.
02455291 Endpoint Security Clients cannot be upgraded or changed with Automatic Software Deployment while Full Disk Encrption disk encryption is in progress on the computer.
The Endpoint Security Client Firewall blade is not supported with other firewalls.
Full Disk Encryption

Full Disk Encryption Windows logon functionality such as User Acquisition, SSO, and Password synch do not function after Windows Update on January 10th - KB3213986.

See sk115485 for the list of KBs causing this issue and current workarounds.

Full Disk Encryption Offline Mode
When using the Offline Groups feature of Full Disk Encryption, "Get Initial Package" fails if the client package for SandBlast Agent only was uploaded.
Workaround: Delete packages that do not contain the Full Disk Encryption blade and try again. Make sure that your Software Deployment rules are the same as before the deletion.
01484073 The New Offline Group wizard shows: "64 bit machines are not supported."
Workaround: On the last page of the New Offline Group wizard, in Selected blades, clear the Full Disk Encryption blades option and then select it again.
SandBlast Agent
If a malicious file is deleted by a blade other than the SandBlast Agent blades, the SandBlast Agent remediation script is not generated for that file.
02439781 The remediation script deletes "malicious" files by name. If a legitimate file has the same name and same exact file path as as the malicious file, it will also be deleted.
02442436 The Forensics report does not open from R80 SmartLog with this error message in R80 SmartLog: "Failed to fetch the file."
  1. In SmartLog, open a new tab of General Overview.
  2. Double-click on the first widget until the Logs View tab opens with a Session Only gray box.
02448278 In rare cases, deletion of a file fails when a file is currently in use by another program or process. When this occurs, a message might show that the file was successfully deleted, when it was not.
02410125 When SandBlast Agent is installed, some external drives might not eject safely.
01837796 Threat Emulation local appliance detection logs will not contain emulation reports.
SandBlast Agent Browser Extension
The Chrome Browser Extension is only supported in AD environments.
02307283 In Chrome Incognito mode, the Browser Extension is disabled by default. If you enable it, users can disable it.
02454989 SandBlast Agent Chrome extension does not support choosing emulation images within EPM while working with local Threat Extraction appliance. If you wish to have the files emulated on different images, please change the profile in the Threat Extraction settings.
01885249 Files downloaded using one-time links will not get inspected and will be allowed/blocked according to fail-open/fail-close settings.

Remote Access VPN E80.65 Clients

Note: Limitations for Remote Access VPN Client when working with a Security Gateway that supports Multiple Login options (R80.10 and above)

ID Description
To work with a SecurID athentication method (KeyFob, PinPad, or SoftID), select 'Any' in the authentication type on the Security Gateway and not the specific type. Selecting a specific type might cause issues with authentication if the Administrator later changes to a different SecurID type.
02448822 When working with SecurID and PIN and choosing to reset the PIN, in the dialog that asks to reset it, press "yes" to confirm the reset. If you press "y", you wonÂ’t reset it.

The following limitations exist in the client command-line interface (CLI):

  • When creating a site from CLI, the default Login Option that is configured on the Security Gateway will be chosen.
  • When creating a site from CLI, and when only legacy Login Option is configured on the Security Gateway, the authentication method for this site will be username-password. The administrator can explicitly define the authentication methods in the create site command by using '-a' parameter.
  • Cannot connect from CLI with Login Option that has multiple authentication factors configured. "unsupported notification id" message will be displayed

P12 certificate Enrollment and CAPI certificate Import work from Connect dialog. They do not work from site properties.



ID Description
The SmartEndpoint Online Help is blocked, or not displayed correctly, in Internet Explorer and Edge browsers.



ID Description
02644433 After installing "SandBlast Agent" or "Endpoint Complete package EVAL" evaluation licenses on Endpoint Security Server, all other Endpoint licenses stop working.
Refer to sk120834.

Give us Feedback
Please rate this document