Support Center > Search Results > SecureKnowledge Details
Endpoint Security Homepage Technical Level
Solution



Important - Customer notification on Client VPN/Endpoint versions E81.10 or earlier - must update before January 1st 2021.

We strongly recommend reading this article in your web browser.

Endpoint News

  • Important: Starting January 1st, 2021, some outdated versions of Remote Client VPN and Endpoint Security Client may stop functioning correctly. Corrective actions are required before January 1st, 2021. This affects only versions E81.10 and lower which are already out of support. After January 1st, 2021, those versions may stop functioning, upgrade will fail and they will require a patch. The issue happens due to the internal certificate used by Endpoint services. One of the certificates expires on January 1st, 2021 therefore all services that use this certificate will stop working on January 1st, 2021. If you’re using Check Point Remote Access (VPN) /Endpoint 80.81-81.10 versions or Check Point SandBlast version E81.10 or earlier, you’ll have two options. Upgrade to a newer version (recommended) or apply a simple fix to the old version:
    • Upgrade to a newer version (E81.20 or later versions). Check Point recommends to always upgrade to the most recent recommended version, E84.00.
    • Apply a quick and temporary fix (sk171213).
  • Always check for compatibility before upgrading Windows OS. Refer to sk115192 - Check Point Endpoint Security Client Support Schedule for New Operating Systems.
  • Check Point R81 is now available:
    What’s New for Endpoint Management:
    • SandBlast Agent Web Management - A new Web-based management interface for Endpoint Threat Prevention components.
      Note: For the best user experience it is recommended to use SandBlast Agent Web Management with Google Chrome.
    • Communication with management services remains on port 443, instead of port 4434, when the Endpoint Management component is activated.
    • Anti-Malware support for shared signature locations to support non-persistent VDI environments.
    • Manage URL Filtering capabilities of SandBlast Agent Browser Extension.
    • Application Control policy changes - Support multiple versions per product, terminate application and block WSL. (Windows Subsystem for Linux).
    • New set of Developer Protections for developers computers.
    • Compliance integration with Windows Server Update Services (WSUS).
    • TACACS authentication for Web Remote Help (WebRH).
    • Media Encryption & Port Protection - Import device overrides from a file.
  • Enterprise Endpoint Security E85.10 Windows Clients is now available. It introduces new features such as: During an upgrade from E85.10, the firewall stays connected; Portuguese translations for the Client UI; Customers can now execute PowerShell scripts on client machines, using push operations; Browser Extension New Capability; Sandblast Agent is now called Harmony Endpoint. There are also many other features and enhancements under various categories.
  • Enterprise Endpoint Security E85.00 Windows Clients is now available. It adds support for Endpoint Security on Windows 10 21H1 (version 2103). It also introduces enhancements under Anti-Ransomware, Behavioral Guard and Forensics.
  • Enterprise Endpoint Security E84.71 Windows Clients is now available. It introduces a hotfix on top of E84.70, in addition to all the E84.70 contents. In this release, the PPL processes for Windows Security Center: Anti-Malware, Firewall and Threat Emulation were signed with a new cross-signed certificate. The new signature preempts the possibility that a future KB release of Microsoft Windows will block the Check Point PPL processes. This fixes an issue that only exists in E84.70.
  • Enterprise Endpoint Security E84.70 macOS Clients is now available. It provides support for Macs with Apple M1 chip using Rosetta 2 translator, Firefox and Safari extension URL-Filtering, Self-Protection and more.
  • Enterprise Endpoint Security E84.70 Windows Clients is now available. It introduces new features such as, connect to a VPN gateway via a hotspot, while restricting internet access from other applications, VPN support for the Security Assertion Markup Language (SAML) protocol in user authentications, and Management Servers can now limit registration to clients which have unique time-limited tokens. There are also many other features and enhancements under various categories.
  • Enterprise Endpoint Security E84.30 macOS Clients (General Availability) is now available. This release provides support for the Endpoint Security Clients on macOS Big Sur (11) and adds Machine Authentication for the VPN client. This release also adds a post-connect message for the VPN client. It allows to display a message to the end user upon every VPN connection.

Client Releases

 

E84.50 - Released in February 2021

Recommended

This release introduces enhancements under Anti-Ransomware, Full Disk Encryption and Installer. See the "What's New" section.

Client Downloads

E84.50 Endpoint Security
clients for Windows

E84.50 Threat Prevention clients for Windows

E84.50 Remote Access
clients for Windows

E84.40 Capsule Docs
Standalone Client

Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?


E85.10 - Released in June 2021

Latest

This release includes security improvements that add to the stability and resilience of the product. See the "What's New" section.

Client Downloads

E85.10 Endpoint Security
clients for Windows

E85.10 Threat Prevention clients for Windows

E85.10
Remote Access
clients for Windows

E85.10 Capsule Docs
Standalone Client

Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

Management Releases

 

R80.40 - Released in January 2020

Recommended

 

R81 - Released in October 2020

Latest

Documentation

Documentation

R80.40 Release Notes Endpoint Security R80.40 Administration Guide R81 Release Notes Endpoint Security R81 Administration Guide R81 Endpoint Security Web Management Administration Guide

Use the Standard R80.40 Management Server

Use the Standard R81 Management Server

SmartConsole Server Installation SmartConsole Server Installation
   
sk165473 sk170116
  It is also required to download the General Availability Take of the Jumbo Hotfix Accumulator for R80.40   It is also required to download the General Availability Take of the Jumbo Hotfix Accumulator for R81.

Cloud & Web Management for Harmony Endpoint

Main key features:

  • Hosted on Amazon Web Services (AWS), secured by Check Point.
  • Use the Harmony Endpoint Management Platform, to manage your Threat Prevention capabilities. 
  • Low latency by using USA or Europe AWS regions. 
  • Simple, easy and quick creation of a new tenant management environment. 
  • No installations and no pre-requisite required, everything is accessible through your browser.
  • Fully managed service by Check Point, removes the overhead of managing and maintaining the management server. 

Register at: https://portal.checkpoint.com/

Refer to:

For the supportability versions matrix, refer to the "Detailed information per release" section below or use sk107255.

More information regarding the above mentioned releases and earlier ones can be found under the Detailed Releases Information section below.

   Architecture and Getting Started   More


  • Clients communicate with the Management Server over HTTP/HTTPs.
  • The Endpoint Management architecture works in a "star" scheme to support large-scale environments.
  • The central "brain" of the system is the "Management Server" and the delegate servers are named "Policy Servers".
  • Each Management Server can support a maximum of ~10,000 endpoints. Multiple Policy Servers can be chained to support a management of up to 400,000 devices from a single environment.
  • The environment supports unified log reporting through SmartLog.

   Best Practices   More


   Client OS Support   More

Check Point Endpoint Security clients protect all of your Windows and Mac workstations, including laptops, Desktops, and Windows Servers.

Check Point takes part in various OS manufactures' development processes and we start the support of new versions when vendors release development builds.

We are committed to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however in practice we are delivering much faster. See sk115192 for OS support timeline.


   Detailed Information per Release   More

Detailed Server Releases Information


Server version GA Date Latest Revision Date End of Support Supported OS Supports EP & Gateway Management Supported Upgrade Paths Supported Client Versions Downloads Additional Information
R81 21-Oct-2020 27-Dec-2020   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R80.20

R80.30

R80.40

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac

Downloads

R81

What's New

R81

 

Documentation

R81

R80.40 28-Jan-2020 28-Jan-2020   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R77.30.x

R80.10

R80.20

R80.30

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac
Show Downloads
R80.40

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

What's New

R80.40

 

Documentation

R80.40

R80.30 07-May-2019 14-May-2019   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R77.30.x

R80.10

R80.20

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac 
Show Downloads
R80.30

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

What's New

R80.30

 

Documentation

R80.30

R80.20 26-Sep-2018 26-Sep-2018   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R77.30.x

R80.10 

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac 
Show Downloads
R80.20

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

What's New

R80.20

 

Documentation

R80.20


Note: For Endpoint Security Server Legacy Releases, refer to sk171583 - Endpoint Security Server Legacy Releases (Detailed Information per Release).



Detailed Client Releases Information

Client version GA Date Latest Revision Date End of Support Supported OS Supported Upgrade Paths OS In-place upgrade Supported Blades Supported Management Servers Downloads Additional Information
E85.10 30-Jun-2021 30-Jun-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009

Win 10 2103
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004/Win 10 2009 to Win 10 2103
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E85.10 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E85.10
Documentation
E85.00 18-May-2021 18-May-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009

Win 10 2103
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004/Win 10 2009 to Win 10 2103
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E85.00 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E85.00

New Features

  • The E85.00 release adds support for Endpoint Security on Windows 10 21H1 (version 2103) as an EA (Early Availability) version.

Enhancements

  • Anti-Ransomware, Behavioral Guard and Forensics
    • Fixed a high CPU usage issue with the Logon sensor in Forensics.
    • Improved Forensics performance by removing repeated DLL load operations.
Documentation
E84.71 10-May-2021 10-May-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.71 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.71
This release contains a hotfix on top of E84.70, in addition to all the E84.70 contents. 

Enhancements

  • In this release, the PPL processes for Windows Security Center: Anti-Malware, Firewall and Threat Emulation were signed with a new cross-signed certificate. The new signature preempts the possibility that a future KB release of Microsoft Windows will block the Check Point PPL processes. This fixes an issue that only exists in E84.70.
Documentation
E84.70 macOS Clients 8-June-2021 8-June-2021 Support Life Cycle Policy
Show Supported OS
Big Sur (11)
macOS Catalina (10.15)
macOS Mojave (10.14)
Show Upgrade Paths
E84.30
E83.20
E82.50
From Catalina (10.15)
From macOS Mojave (10.14)
Show supported blades
  • Anti-Malware
  • Remote Access VPN
  • Firewall for desktop security
  • Compliance
  • Media Encryption
  • Native Encryption Management
  • Threat Emulation
  • Forensics
  • Anti-Ransomware
  • Capsule Docs
  • SandBlast Agent Browser Extension for Chrome
    • TE
    • TEX
    • Zero Phishing
    • Password reuse
    • URL-Filtering
Show Supported Management Servers
R81, R80.40, R80.30 and R80.20 Endpoint Security Management Servers, both on-premises and EPMaas solutions.
Show Downloads

Endpoint Security E84.70 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.70 for Mac

New Features

  • Support for Macs with M1 chip.
    • Rosetta 2 translator must be installed.
    • Media Encryption blade internally uses FUSE, which is a 3rd party kernel extension. Apple is gradually introducing new alternatives to kernel extensions but in macOS BigSur, Apple recognizes FUSE as a supported kernel extension type. On Apple M1, to allow FUSE (just like any other 3rd party kernel extensions), the Security Policy needs to be “Reduced Security”. A Managed Mac purchased via Apple business or school manager programs, does not require “Reduced Security”. See Change Startup Disk Security Settings and Deployment Reference in macOS.
  • Firefox and Safari on MAC extensions now support the URL-Filtering capabilities. The admin can define URL categories to block and the users are blocked when they try to access URLs that belong to these categories. The feature supports Safari browser 14 and above. 
  • Anti-Malware now reduces the performance impact on the machine when the Mac is actively in use. As soon as the user touches the keyboard, mouse or trackpad, any scheduled scan runs at a reduced speed. 
  • The Self-Protection feature prevents the deletion of Check Point files and the termination of Check Point processes by end-users. In this release, the self-protection feature is disabled by default and in EA quality. See sk171012 for more details.
  • Software Deployment capabilities: In order to ease future EPS version upgrades, reducing dependency on MDMs and dedicated-scripts, this version can be upgraded to future versions using the Endpoint Management. In addition, you can upgrade to a GA build from EA builds of this version. This feature is EA quality, and is supported starting from the R81.10 version of the Management Server. See the Known Limitations section for more details.

Enhancements

  • This release includes stability, quality and performance fixes.

E84.70 25-Apr-2021 25-Apr-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.70 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.70

New Features

  • Customers can now connect to a VPN gateway via a hotspot, while restricting internet access from other applications. See sk172449.
  • Management Servers can now limit registration to clients which have unique time-limited tokens. See sk172643.
  • VPN support for the Security Assertion Markup Language (SAML) protocol in user authentications.  

Enhancements

  • Anti-Malware
    • Resolves an issue where the Anti-Malware blade applies its policy twice on startup.
  • Anti-Ransomware, Behavioral Guard and Forensics
    • Fixes an issue in the Forensics analysis where a file rename is not analyzed if the file is the trigger.
    • Fixes an issue where a file identified in the entry point of a Forensics Analysis is not sent for remediation.
    • Fixes a very rare issue in the analysis where a process is not included when it should be.
    • All processes attached to a Forensics Analysis are now scanned for Windows Antimalware Scan Interface (AMSI) content.
    • Adds Forensics Analysis support for a new type of stand-alone Kaspersky log.
    • Improves the performance of Forensics in the presence of a specific MS Office tool.
    • Fixes an issue where the remote execution sensor does not parse invalid Windows path characters correctly.
    • Fixes an issue where the automatic purge of the Ransomware backup folder on rare occasions results in persistent high CPU usage.
    • Enhances the kernel File sensor to provide loaded DLL information. This information is searchable in Threat Hunting.
    • Threat Hunting data now stores locally for up to 5 days if a machine is offline. On connection re-establishment, the stored data is sent.
    • All records sent to Threat Hunting now include the host IP.
    • Improves the performance for the transmission of data to Threat Hunting.
  • Firewall and Application Control
    • Resolves an issue where the Endpoint Firewall blocks IPV6 connections between the Endpoint Client and the Management Server.
    • Developer Protection allows exclusions based on the file name and detection string. You can now exclude any detection with a hash from an audit string sent to the server.
  • Full Disk Encryption
    • Fixes an issue in Full Disk Encryption offline mode where pre-boot can be enabled before the recovery file save occurs. 
    • Fixes an issue where the machine loads to a black screen when Full Disk Encryption is configured with pre-boot bypass.
  • Media Encryption and Port Protection
    • Fixes a cosmetic issue that can show a wrong file size for the Media Encryption file copy operation if the file size is larger than 2GB.
  • VPN
    • Fixes the issue where the VPN User Interface stalls if the user first maps a network driver which is not available at the VPN start.
    • Shows the VPN second authentication factor in the output of the "trac info" command.
  • Infrastructure
    • Improves client User Interface performance by caching the last Threat Emulation message.
    • Blade screens do not open now when the blade is off.
    • Adds a Secure Uninstall (Challenge-Response) mechanism for the Offline Policy Management Tool.
  • Installation
    • Adds the ability to remove McAfee endpoint protection products after a successful installation of Check Point Endpoint Security client. See sk167982.
    • The installer validates that a CA certificate is present on the machine during installation and prompts with an appropriate message when it is missing.
Documentation
E84.60 15-Mar-2021 15-Mar-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.60 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.60

New Features

  • E84.60 introduces process terminations with Endpoint's Push Operation. See sk171910.
  • This version introduces "Super Nodes" where clients share Anti-Malware signatures for less external network use. See sk171703.
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Enhances Behavioral Guard Anti-Credential Theft technology to identify advanced dumping techniques. 
    •  Enhances Behavioral Guard LNK file detections to cover more advanced techniques and exploits. 
    • Adds a new zip sensor that scans the names of embedded files on zip creation and stores this information in Threat Hunting and Forensics. The Forensics Analysis uses this information to improve the Entry Point analysis. 
    • The remote execution sensor now stores information for executions when the technique is unknown. This shows in Threat Hunting as type "Unknown". 
    •  Significantly improves Forensics Analysis performance and memory usage. Larger analyses can be 90% faster and consume 50% less memory. 
    • Significantly reduces Forensic report size to allow faster downloads and views in SmartLog and Threat Hunting. 

Enhancements

  • Anti-Malware
    • Resolves an issue where the Anti-Malware blade applies new "Client Settings" policy only if there is an update of the Anti-Malware policy.
  • SandBlast Agent Static Analysis
    • Enhances the current machine-learning model with a significantly increased detection rate for executables.
  • Anti-Ransomware, Behavioral Guard and Forensics
    • Improves the credential dumping protection to detect non-standard techniques.
    • Fixes an issue where the most recent two versions of the Endpoint Security Client incorrectly disable Credential Dumping improvements.
    • Adds new capabilities to the LNK sensor that allow Behavioral Guard to improve its malicious LNK detection rate.
    • Adds the ability to exclude PowerShell file execution by a folder or a signer.
    • Adds a new sensor that monitors the creation of zip files and stores the zipped content information for Forensics and Threat Hunting.
    • Significantly improves the Forensics analysis time and memory usage. The more complex the analysis, the greater the improvement.
    • Reduces the average size of the Forensics report by 40%. The larger the report, the greater the improvement.
    • Remote executions now show as generic remote execution records, if they do not map as one of the supported types.
    • Fixes an issue in the remote execution sensor for Forensics that causes an incorrect mapping of the source machine IP in rare scenarios.
    • Fixes an issue where Remote Desktop Protocol (RDP) connections incorrectly show as remote executions.
    • Reduces the Remote execution sensor's memory usage in Forensics.
    • Fixes a very rare crash in the Forensics component.
    • Improves Forensics performance on machines with the reduction of logged exceptions when a sensor does not activate.
    • Improves Forensics performance with the reduction of logged exceptions when reputation is not available.
    • Improves the performance of Behavioral Guard's rule matching when looking at file-related behaviors.
    • Fixes an issue where Forensics can cause high CPU usages when the reputation service is inaccessible.
    • Adds an optimization that improves the performance of the File Sensor in Forensics as it deletes duplicated records.
    • Fixes multiple issues in missing Forensic log information. Now the resource field and related file fields display correctly where relevant.
    • Fixes an issue where the associated Forensics log for an Anti-Ransomware event sends out a few hours later.
    • Fixes an issue where the Anti-Ransomware does not restore deleted honeypot files.
    • Fixes an issue where file operations may be lost immediately after the creation of an LNK file.
    • Fixes a rare issue where the user login information in a Forensics report does not calculate correctly.
    • Fixes an issue in the Forensics Analysis entry point where an incorrect process shows for files that download in the presence of the browser extension.
    • Fixes an issue where a GPO launched detection no longer adds other GPO scripts and processes to the Forensics incident.
    • Fixes an issue where a file operation does not show in the Forensics report if the operation succeeds after a failure.
    • Fixes an issue where the Forensics Report Overview redirects incorrectly if there is no execution tree or network data in the report.
    • Adds a new icon for unsigned and unknown reputation processes in the Forensics report.
  • Firewall and Application Control
    • Resolves a rare issue where the Application Control Process (Vsmon.exe) crashes when the "Termination On Execution" feature is set in policy.
  • Full Disk Encryption
    • Resolves an issue where 2 reboots are needed for the install of FDE in offline mode.
    • Pre-boot bypass with the Trusted Platform Module (TPM) resolves the issue with reboots during a Windows startup.
    • Improves the stability for reboots during the initial encryption of UEFI machines.
    • Improves Windows upgrades with FDE to address mistakes if the user does not follow sk120667.
    • The initial encryption of FDE for only data is now part of the FDE policy. See sk102026 for more details.
  • Media Encryption and Port Protection
    • Fixes the issue where Windows 10 upgrades require an extra restart to repair Media Encryption and Port Protection. Now, an extra restart is only necessary for Windows 10 version 1709 and lower.
    • Enhances the procedures for virtual drives to prevent file operation interruptions.
  • VPN
    • Fixes an issue with Always Connect after a reboot, if the user authenticates with the certificate from the CAPI store.
    • Fixes SCV for the TrendMicro Anti-Virus.
    • Corrects Japanese and Chinese text.
    • Adds stability improvements.
  • SandBlast Agent Browser Extension
    • Adds redesigned block-pages for URL Filtering, Zero Phishing, and Corporate Password Reuse. The new pages show when the browser extension blocks a page and notifies the user.
  • Installation
    • Resolves an issue where a redundant reboot occurs after an Endpoint Security Client upgrade due to an inaccurate calculation of the blades list.
    • Resolves an issue where the "Upgrade Now" option is still available after a manual upgrade.
    • Resolves an issue where the Endpoint Security Client does not connect and the VPN site configuration is missing after a clean install from an exported package, when the username has spaces and 8.3 names are disabled in the target OS.
    • Resolves an issue where it is not possible to access the cached MSI of a previous version during an Endpoint Security Client upgrade.
    • Fixes an issue where the client uninstall through the "Uninstall all blades" operation does not complete.
    • Improves the Endpoint Security Client installation performance when Full Disk Encryption (FDE) is in offline mode.
    • Fixes an issue where the client does not connect to the server after a clean installation of an exported dynamic package.
  • Infrastructure
    • Resolves high CPU usage by the EP Watch Dog (EPWD) process while it tries to restart a monitored process. 
    • Resolves an issue when 'Hosts' and 'Imhosts' files (at 'C:\Windows\System32\drivers\etc') are locked and users can not edit them. 
    • Resolves an issue where most blades falsely show as not active for a few seconds after an Endpoint Security Client upgrade.
    • Resolves a rare issue where the blades falsely show as not active due to internal communication issues. 
    • Increases the internal report buffer size to allow more reports to reach the server when the network throughput is low.
Documentation
E84.50 21-Feb-2021 21-Feb-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.50 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.50

Enhancements

  • Full Disk Encryption BitLocker fixes self-protection permissions for the nemcontrol program.
  • Installation improves the cleaning process of an uninstalled Endpoint Security Client after the client fails to install. 
  • Installation resolves a rare case where a consecutive upgrade of Anti-Malware fails after the previous upgrade failure.
  • Resolves an issue where removal or addition of Anti-Malware or Media Encryption and Port Protection blades results in an incorrect protection state for these blades. 
  • Fixes an issue where an Anti-Ransomware signature in detect mode disables remediation if a signature on prevent blocks the same attack later.
Documentation
E84.40 31-Jan-2021 31-Jan-2021 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.40 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.40

New Features

  • E84.40 introduces a new technique in Anti-Ransomware that significantly improves the time to detection of many ransomware families. This technique is behavioral. It is not based on signatures. It continues to work with all existing techniques. 
  • These sensors are now active in Threat Hunting and Forensics: 
    • Remote Execution
    • Service Creation
    • Process Discovery
    • Application Window Discovery
    • Scheduled Task
    • Screen Capture
    • Input Capture
    • DDE (Dynamic Data Exchange)

Enhancements

  • Anti-Malware 
    • Adds the ability to change the trusted processes flag mask to resolve high CPU usage by the PowerShell script. See sk171524 for more information.
    • Resolves an issue where Anti-Malware scanning cannot stop in the middle of an archive file scan.
    • Resolves an issue where Anti-Malware's web monitor blocks URLs although the Anti-Malware configuration runs the blade in "Detect Mode".
    • Resolves an issue where the Threat Prevention package contains a malformed Anti-Malware signature on x86 platforms for Endpoint Security Client versions E83.15 and higher.
  • Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware 
    • Significantly improves the time it takes to detect ransomware based on encryptions. The majority of ransomware attacks are now detectable after very few encryptions.
    • Adds a new Remote Execution sensor for Forensics and Threat Hunting. The sensor provides additional data about remotely executed processes.
    • Adds a new Service Creation sensor that integrates with both Threat Hunting and Forensics. This sensor identifies the target and the creation of a new service.
    • Adds a new Process Discovery sensor that integrates with both Threat Hunting and Forensics. This sensor identifies a process that tries to identify other running processes.
    • Adds a new Application Window Discovery sensor that integrates with both Threat Hunting and Forensics. This sensor identifies a process that queries other running processes with a GUI.
    • Adds a new Scheduled Task sensor that integrates with both Threat Hunting and Forensics. The sensor captures identifies the target and the type of a scheduled task as well as the process that initiates the scheduled task.
    • Adds a new Screen Capture sensor that integrates with both Threat Hunting and Forensics. The sensor identifies processes if they attempt to take screenshots.
    • Adds a new Input Capture sensor to identify processes that monitor keyboard activity. This data shows in the Forensics report and it is visible in Threat Hunting.
    • Adds a new DDE (Dynamic Data Exchange) sensor that integrates with both Threat Hunting and Forensics. The sensor identifies the use of DDE to execute a process.
    • Adds the ability to follow DDE executions in the Forensics analysis.
    • Renames Injections/Objects tab to Other Ops in the Tree and Tree-Timeline views of the Forensics report. Adds a new "Miscellaneous" table in the Other Ops tab to showcase information from all the new sensors such as Input Capture and Screen Capture.
    • Provides the ability to disable new Forensic sensors with policy.
    • Adds more information such as "start URL" and "start file" from the Forensic analysis entry point to the Forensic detection events in Threat Hunting.
    • Adds additional fields that relate to the trigger in the General view of the Forensics report. These include trigger process arguments, the actual trigger to start the analysis, and the trigger type.
    • Adds a description of the trigger or protection in the General View of the Forensics report.
    • Improves Anti-Malware integration with Forensics when it detects malicious behavior. Now a specific process triggers the Forensics analysis rather than all processes of a file. This significantly improves the accuracy of the Forensics report.
    • Fixes an issue where the Forensics memory utilization does not drop immediately for released memory.
    • Fixes an issue that can cause high CPU usage in Forensics.
    • Fixes an issue that can result in a slow termination of the Forensics service in an upgrade.
    • Improves the Forensic performance on Windows upgrades.
    • Improves Forensics performance with the optimization of the data that the remote login sensor sends.
    • Removes WMI-Get messages with no security value to improve Forensics performance.
    • Reduces the DNS-related socket operations when the DNS sensor is enabled to improve Forensics performance.
    • Fixes an issue that can cause an incorrect entry point in the Forensics analysis, when it does not accurately identify the System Process.
    • Fixes an issue in Forensics and Threat Hunting where the System Process incorrectly sets to PID 0 with the name "Unknown". Now the System Process correctly shows its name and PID 4.
    • Fixes an issue for Forensics analysis to handle 7zip correctly.
    • Fixes an issue where processes can add to the Forensic analysis incorrectly.
    • The Forensics analysis now looks for downloaded file information from SandBlast Agent for Browsers in MS Edge and Firefox.
    • Fixes an issue with the Forensics analysis that looks too far back to implicate a zip file.
    • Fixes an issue in the Forensics analysis where the Entry Point misses the opening of a zip file, included as part of an incident.
    • Enhances the Forensics analysis to follow file copies in the entry point.
    • Fixes an issue where the Forensics analysis does not determine the URL of a downloaded file, if the file data is not present from SandBlast Agent for Browsers.
    • Fixes an issue where certain views in Forensics can result in double vertical scrollbars, when they are not necessary.
    • Fixes an issue where the General screen information in the Forensics report does not show completely.
    • Fixes a rare issue where the DNS sensor does not activate.
    • The Anti-Ransomware UI no longer displays when Anti-Ransomware is set to "detect" mode. The UI appears when Anti-Ransomware is in "prevent".
    • Clicks on the unsigned process section in the Overview of the Forensics report now link to the General view instead of the Reputation view.
    • Fixes an issue with sorts of Socket Ops in the Forensics report.
    • The Socket ops table in the Forensic report's Tree and Tree-Timeline Views now show bytes sent, bytes received, and the direction of the connection.
  • Compliance
    • Resolves an issue where the Compliance Blade fails to check for the Cylance Protect status. 
    • Adds the ability to separate the Windows Server Update Services (WSUS) check to drivers and software. See sk164060.
    • Resolves an issue where the Compliance blade does not download a file during the Remediation phase without user permissions.
  • Firewall and Application Control
    • Resolves a rare issue where the "vsmon.exe" process crashes when the "Developer Protection" feature is enabled.
    • Resolves a rare issue where the Application Control blade causes "high CPU" usage due to some redundant validations.
    • Application Control's "Terminate On Execution" feature can now apply without a client reboot. See sk141692.
    • Improves the Firewall driver's unload capability when the Terminate on Execution feature is on.
  • VPN
    • Fixes an issue with the metric of the Virtual Network Adapter. See sk171378.
  • Anti-Bot and URL Filtering  
    • Corrects some fields in the SandBlast Agent Logs. 
  • SandBlast Agent's Browser Extension 
    • Improves the Zero-Phishing scanning algorithm to align with foreign language pages.
    • Edge-Chromium browser extension now installs even when the user does not connect to a domain.
  • Installation 
    • Endpoint Security's "Repair - Push Operation" now performs a client reboot only when necessary.
    • Resolves a possible issue where cpda.exe crashes as the client upgrades.
    • Resolves an issue where an installation does not work, when it resumes from an interrupted previous installation attempt which stops when the machine power is off.
    • A rollback from a failed upgrade of Endpoint Security Client versions prior to E83.10 requires a reboot. The installer now displays an appropriate message.
    • Resolves a rare case where the installation process can crash due to a race condition of an asynchronous task that accesses the installation log.
    • Resolves an issue where a consecutive installation attempt fails if it occurs after a failed clean install.
    • Resolves a rare issue where the upgrade fails with an installer error that shows an issue with access to the cached MSI of a previous version.
    • The Endpoint Security installer now installs .NET 4.8 if the installed .NET version is lower than 4.6.1.
    • Upgrades now succeed while Microsoft Sandbox or Application Guard runs.
  • Infrastructure 
    • Resolves an issue where the "Remote Deployment" fails when an "Initial Client" with the wrong certificate validation can not connect to the Management Server.
    • Resolves a rare issue where cpda.exe causes "high CPU" usage when it tries to check information about previous unexpected shutdowns.
    • Resolves a possible issue of high CPU usage in cpda.exe when it calculates the right proxy to use while the machine is in an offline state.
Documentation
E84.30 21-Dec-2020 21-Dec-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.30 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.30

New Features

  •  Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware 
    • Adds a new sensor to monitor WMI-Get requests. Behavioral Guard rules can use data from the sensor. The data can appear in Forensics reports and in Threat Hunting. 
    • The redesigned logon sensor for Forensics and Threat Hunting now shows all logon events in Threat Hunting, not just remote logons.
  • VPN
    • VPN can now display a warning message with custom text prior to a VPN connection. If the user accepts the conditions, VPN connects. If the user discards the conditions, VPN does not connect. See sk75221 for configuration information.
  • Infrastructure
    • This release adds the option to uninstall the Endpoint Security Client with a Push Operation from the Management Server. See sk170444 for more information.

Enhancements

  • Anti-Malware 
    •  Resolves a rare issue where the Anti-Malware blade downloads signatures from an external mirror instead of from the local Management Server.
    • Resolves a rare issue where the Anti-Malware Blade runs in "Disconnected Mode" with the "Disconnected" policy while the client still connects to the Management Server. 
    • Resolves a rare issue where the Anti-Malware blade does not function correctly after the Endpoint Security Client's Repair procedure. 
    • Resolves a rare issue where the Anti-Malware blade does not run correctly due to corrupted signatures. 
    • Anti-Virus Resolves installation issue when the Endpoint Security Client does not install due to an Anti-Malware driver error. 
  •  Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware 
    • Improves the performance of Forensics and lessens the time necessary for Windows Updates. 
    • When the DNS sensor is active, Forensics does not monitor raw DNS data. This improves Forensics performance. 
    • Forensics does not monitor specific instances of msiexec.exe related to installation and thus improves Forensics performance.
    • Fixes an issue that can lead to high CPU utilization during a maintenance purge of the Forensics database.
    • Improves performance by aggregating network events sent to Threat Hunting. 
    • Adds the option in policy to disable and to enable the API sensor that injects and monitors processes. 
    • Fixes an issue that can cause a crash in the Forensics service during an uninstallation. 
    • Fixes a Forensics crash that involves badly formed Registry data.
  • Full Disk Encryption
    •  BCDBOOT mode is now the default on upgrades. 
    •  Adds a new option to fdecontrol to set a custom message to display when UOL fails. 
  •  Media Encryption and Port Protection 
    • Resolves a very rare issue where a machine with the Media Encryption blade may not function after a sleep or a long idle time if users configure SearchIndexer to index removable drives. 
  • VPN
    • Fixes the issue where the VPN disconnects when the Windows desktop locks.
  • Installation  
    • Resolves a rare issue where Dynamic Package upgrades can fail due to a locked file on the client. 
    • Resolves a rare issue where the Watchdog does not start processes after an upgrade.
    • Resolves an issue where some leftovers remain in the registry after an Endpoint Security Client uninstall. 
    • Resolves an issue where an Endpoint Security Client upgrade fails when it happens after an installation with a renamed exported file other than eps.msi. 
    • Optimizes Endpoint Security Client Repair and Upgrade procedures with fewer and unnecessary file deletions.
    • Resolves an issue where the Repair procedure fails when it is unable to create a folder in %temp%. 
    • Resolves an issue where the Endpoint Security Client Repair procedure fails after an upgrade procedure fails.
  • Infrastructure 
    • Resolves a rare issue where the Endpoint Security Client upgrade downloads the dynamic package of files twice.
    • Optimizes Endpoint Security Client self-protection from intrusions by unwanted software programs.
    • Resolves a very rare memory allocation issue in the vsdatant driver. 
    • Resolves an issue where the "Remote Install" feature makes only one registration attempt to the Management Server. 
    • Resolves a rare issue where the Endpoint Security Client remains in an inconsistent state after an Operating System upgrade. 
E84.20 24-Nov-2020 24-Nov-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.20 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.20

New Features

  • Remote Installation of Initial Client 
    • In Endpoint Security Client E83.30 and higher, you can now install the Initial Client remotely without third party tools. See the SandBlast Agent Administration Guide for more information. 
  • Virtual Desktop Infrastructure
    • Endpoint Security now supports Citrix VDI (Virtual Desktop Infrastructure) for persistent and non-persistent virtual machines. See sk167072.
  • Firewall and Application Control
    • Endpoint Security Client supports a new "Isolated" mode that isolates the computer from the outside world. See sk169758.
    • The Application Control blade can now choose to terminate applications on execution through policy. See sk141692.
  • VPN
    • Adds an option to switch the language of the user interface to the Windows locale. See sk75221 for configuration information
      • The option only affects standalone clients.
      • The installation process sets the language of the Endpoint Security full suite and the user cannot change it after the installation.
    • Adds the ability to withhold the name of the last VPN user. See sk75221 for configuration information.
  • Media Encryption and Port Protection
    • A new file audit log value contains the sha256 file checksum for written files on removable medias.
  • Infrastructure
    • The Endpoint Security Client now includes the Greek language.

Enhancements

  • Anti-Malware 
    • Resolves an issue where the Anti-Malware engine delays its start for a few seconds after the application of a new policy.
  • Threat Hunting
    • Introduces the ability to isolate a machine through the Threat Hunting interface.
    • Fixes a rare issue with the Threat Hunting batch size where large batches block all data reporting until the next reboot.
  • Threat Emulation and Anti-Exploit
    • Anti-Exploit now blocks the actively exploited vulnerability CVE-2020-17087.
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Fixes an issue that can cause a delay for an Anti-Ransomware detection when a specific Windows process is active.
    • Reduces false positives in Anti-Ransomware with improvements to the thresholds for detecting mass encryption.
    • Improves performance for a hard-coded Anti-Ransomware feature with a move to Behavioral Guard. Rule updatability and exclusions for this feature are now possible in Behavioral Guard.
    • Anti-Ransomware exclusions now support environment variables.
    • Improves the Credential Dumping detection technique to reduce False Positives.
    • In Server environments, Forensics no longer delete files created by Windows processes that may do a lot of file processing.
    • Fixes a rare issue where Forensics drivers do not enforce exclusions. Forensics now enforces exclusions in user mode to handle these rare scenarios.
    • Fixes an issue where the Forensics Analysis fails to add a process to the incident model.
    • Fixes an issue which causes high CPU usage while Forensics purges older database data.
    • Windows scripts processes such as PowerShell.exe and wscript.exe are now "Suspicious" in Forensics Analysis. Remediation settings for "Suspicious" processes now apply.
  • Firewall and Application Control
    • Resolves a rare issue where the Firewall and Application Control process consumes high CPU on a blade startup.
    • Resolves a rare issue where the Firewall blade still blocks IPv6 traffic after the user stops network protection.
  • Full Disk Encryption
    • Fixes the issue where there is an unapplied preboot bypass configuration during the Operating System upgrade.
    • Fixes an incompatibility with the Google Drive File Stream where the EPS client can not install, upgrade or delete with the FDE blade.
    • Fixes the stretched screen in preboot on certain machines.
    • Fixes a rare scenario where Self Encrypting Disks are stuck on 0% encryption.
    • Fixes an issue with Smart Card single sign-on.
  • URL Filtering
    • URL Filtering now supports Mozilla Firefox along with the Chrome and Edge-Chromium browsers.
  • Installation  
    • Resolves a rare issue where the Anti-Malware and Firewall blades do not unregister "Windows Security Center" correctly in Endpoint client uninstalls.
    • Resolves a rare issue in the Software deployment process where the package downloads while it already resides on the disk.
    • Resolves a rare issue where an Endpoint Security Client upgrade fails due to an Anti-Malware upgrade failure.
    • Resolves an issue where a command line window pops ups for a few seconds in the Anti-Malware uninstallation process.
    • Resolves a rare issue where an Endpoint Security component (cpda.exe) silently crashes as it tries to gather information from the installation file.
    • CVE-2020-6021: Resolves an issue in Check Point Endpoint Security Client for Windows prior to version E84.20 where users have write access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker prior to E84.20 can initiate the installation repair and place a specially crafted DLL in the repair folder which runs with the Endpoint Security Client’s privileges.
  • Infrastructure 
    • Resolves a rare issue where an Endpoint Security component (cpda.exe) crashes during the Endpoint Security Client upgrade process.
    • Resolves a rare issue where the Windows Security Center does not recognize Anti-Malware and Firewall blades correctly.
    • Non-Persistent VDI is now configurable through policy. See the Endpoint Security VDI Administration Guide.
    • Resolves an issue where clients enter the Restrict state by mistake after the client removes a blade from the command line.
    • Resolves a rare issue where the client User Interface does not appear after a clean Endpoint Security Client installation.
    • Resolves a rare issue where an Endpoint Security Client component (cpda.exe) leaks memory as it attempts upgrades.
E84.30 macOS Clients 14-Jan- 2021 18-Nov-2020 Support Life Cycle Policy
Show Supported OS
Big Sur (11)
macOS Catalina (10.15)
macOS Mojave (10.14)
Show Upgrade Paths
E83.20
E82.50
E82.00
From Catalina (10.15)
From macOS Mojave (10.14)
Show supported blades
  • Anti-Malware
  • Remote Access VPN
  • Firewall for desktop security
  • Compliance
  • Media Encryption
  • Native Encryption Management
  • Threat Emulation
  • Forensics
  • Anti-Ransomware
  • Capsule Docs
  • SandBlast Agent Browser Extension for Chrome
    • TE
    • TEX
    • Zero Phishing
    • Password reuse
    • URL-Filtering
Show Supported Management Servers
R81, R80.40, R80.30 and R80.20 Endpoint Security Management Servers, both on-premises and EPMaas solutions.
Show Downloads

Endpoint Security E84.30 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.30 for Mac

New Features

  • Support for the Endpoint Security Clients on macOS Big Sur (11).
  • Machine Authentication for the VPN client. It allows to perform VPN authentication with a machine certificate from the system keychain of the macOS. Machine Authentication works in user and machine authentication mode, which is a combination of a machine certificate and the selected user authentication method.

Enhancements

  • This release includes stability, quality and performance fixes.
E84.10 31-Oct-2020 31-Oct-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.10 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.10

New Features

  • ThreatHunting
    • The E84.10 release introduces Threat Hunting, an investigative tool to collect all events from endpoints. This allows an Endpoint Security administrator to get the full scope of an attack, or to uncover stealth attacks. Threat Hunting also provides Security administrators with multiple manual remediation options, such as Quarantine, KillProcess and Forensics Analysis with remediation.
      Threat Hunting on-boarding instructions are available in sk170052
  •  Anti-Malware 
    • Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials.
    • The Anti-malware blade can now work in "Detect only" mode. See sk169753.
  •  VPN
    • The E84.10 release adds the ability to display relevant certificates only during user authentication. See sk169453.
    • Adds the ability to disable client shutdowns through the Windows tray icon menu. See sk75221.
    • Adds the ability to define the site display name when you create a new VPN site with the trac.exe command line utility. 
  • Infrastructure
    • Endpoint Security can now connect to the Management server from an authenticated NTLM proxy with a logged in user's credentials.

Enhancements

  • Anti-Malware 
    • Resolves a possible issue where Anti-Malware and UI processes crash during a machine shutdown. 
    • Resolves a possible issue where the current Anti-Malware process crashes as Endpoint Security Client upgrades. 
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Fixes a Local Privilege Escalation vulnerability that relates to the Anti-Ransomware file restoration process.
    • Fixes a vulnerability that can allow arbitrary file deletions when files restore in Anti-Ransomware.
    • Fixes a very rare issue that can cause an upgrade to fail when it does not delete Anti-Ransomware related files.
    • Fixes an Anti-Ransomware False Positive from a Java installation.
    • Fixes an issue where only the first trigger information was correct among multiple LNK file related triggers in Behavioral Guard.
    • Reduces the likelihood that Forensics quarantines user documents and files from False Positives on Windows Servers.
    • Fixes a rare issue that can cause permanent high CPU usage while Forensics monitors specific API calls.
    • Fixes a rare race condition that can cause Forensics to use the default policy instead of the latest installed policy.
    • Fixes a crash that can occur in injected processes if Forensics receives multiple monitored API events within a short period of time.
    • Forensics can now parse and process Spanish Symantec triggers. 
  • Full Disk Encryption
    • Allows BitLocker Management to install on hardware RAID disks.
    • Adds the ability to use high resolution custom images in the FDE pre-boot. 
    • Adds support for disk sectors larger than 512 bytes in FDE. 
  • Installation  
    • CVE-2020-6015: Resolves a denial of service vulnerability in releases before E84.10 to prevent the storage of service log files in non-standard locations. This is relevant to clean installs only.  Customers with completed installations of Endpoint Security are not vulnerable. 
    • Resolves a possible issue where a clean install with dynamic package fails due to a missing selected .NET framework.
    • Resolves a possible issue where the "Upgrade Time Change" popup does not appear after upgrades fail. 
    • Resolves a possible issue where no lock icon displays in the system tray after Endpoint Security Client fails to upgrade.
    • Resolves a possible issue where some Anti-Malware driver leftovers remain after an Endpoint Security Client uninstall. 
    • Resolves a possible issue where an Endpoint upgrade fails when it tries to remove an existing version of the product. 
    • Resolves a possible issue where the Endpoint uninstall fails as it tries to upgrade itself with a software deployment rule. 
    • Improves the upgrade performance for Forensics blade installations.
  • Infrastructure 
    • Endpoint Security Client now ensures that blade logs and additional information go to the same policy server.
    • Resolves an issue where the Shutdown command does not execute from SmartEndpoint if a user on a client system does not have permission to perform a shutdown.
E84.00 25-Oct-2020 25-Oct-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E80.64

and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.00 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.00

New Feature

  • The E84.00 release adds support for Endpoint Security on Windows 10 20H2 (version 2009).

Note: For Endpoint Security Client Legacy Releases, refer to sk171496 - Endpoint Security Client Legacy Releases (Detailed Information per Release).



   Relevant Documents and SecureKnowledge   More

 


Revision History

Show / Hide this section
Date Description
06-May-2021 Updated link to "E80.85 and higher Endpoint Security Client for Windows User Guide"
18-Jan-2021 Added information about R81
Added link to sk171583 (Endpoint Security Server Legacy Releases (Detailed Information per Release))
12-Jan-2021 Added link to sk171496 (Endpoint Security Client Legacy Releases (Detailed Information per Release))
22-Sep-2020 Added information about E83.30
26-Aug-2020 Added information about E83.20
12-Aug-2020 Added information about E83.20 macOS Clients
14-Jul-2020 Added information about E83.11
22-Jun-2020 Added information about E83.10
02-Jun-2020 Set R80.40 as "Recommended & Latest", and stated that "It is also required to download the General Availability Take of the Jumbo Hotfix Accumulator for R80.40."
06-May-2020 Added information about E83.00
23-Apr-2020 Added information about E82.55
07-Apr-2020 Added information about E82.50 for macOS
31-Mar-2020 Added information about E82.50
16-Feb-2020 Added information about E82.40
28-Jan-2020 Added information about R80.40
19-Jan-2020 Added information about E82.30
19-Dec-2019 Added information about E82.20
24-Nov-2019 Added information about E82.10
20-Nov-2019 Added information about E82.00 for macOS
03-Nov-2019 Added information about E82.00
06-Oct-2019 Added information about E81.30_HF
24-Sept-2019 Added information about E81.40
26-Aug-2019 Added information about E81.30
07-Aug-2019 Added information about E81.20
30-Jun-2019 Added information about E81.10
27-May-2019 Added information about E80.97
22-May-2019 Added information about E81.00
16-Apr-2019 Added information about E80.96
31-Mar-2019 Added information about E80.95
12-Mar-2019  Added information about E80.94
14-Feb-2019 Added information about E80.92
31-Dec-2018 Added information about E80.90
30-Dec-2018 Added information about E80.89 for macOS
09-Dec-2018 Added information about E80.89
08-Nov-2018 Added information about E80.88
27-Sep-2018 Added information about E80.87
22-Aug-2018 Added information about E80.86
11-July-2018 Added information about E80.85
20-June-2018 Added information about E80.84
08-Mar-2018 Added information about E80.81
06-Feb-2018 Added information about E80.80
21-Dec-2017 Added information about E80.71 for macOS
30-Nov-2017 Added information about E80.71
27-Aug-2017 First release of this document

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment