Support Center > Search Results > SecureKnowledge Details
Endpoint Security Homepage
Solution

Endpoint News

  • E80.71 EA client with Windows 10 Fall Creators Update Support is now available. The EA version offers clean install on Windows 10 Fall Creators Update (RS3) as well as an upgrade from the following client versions: E80.70 HF1, E80.65 and E80.64.
  • Starting take 280, R77.30 jumbo hotfix can be installed on top of R77.30.03, allowing customers to manage their Endpoint Clients and Gateways from the same Management Server. The hotfix is publicly available since Take 286 – see sk106162.
  • R80.10 can now manage Endpoints running on Windows Creators Update (Redstone 2) by using E80.70 clients. Note that in order to get the latest E80.70 features and capabilities, E80.70 clients must be managed by an R77.30.03 server.
  • R77.30.03 / E80.70 is now available with exciting Anti-Ransomware capabilities that protect against attacks such as Petya, Petrwrap, WannaCry and others.
  • The next Endpoint Security Management version will be released on top of R80.10. This release will support the complete Endpoint Security suite, including Capsule Docs and SandBlast Agent.
  • Management Server is now supported on Microsoft's Azure (sk118133) and AWS (sk119393) cloud platforms.

R77.30.03 - Released in Feb 2017

 

R80.10 - Released in May 2017

Endpoint release on top of R77.30 for customers that wish to deploy SandBlast Agent and/or Capsule Docs Main-train release for customers that do not wish to deploy SandBlast Agent and/or Capsule Docs

Documentation

Documentation

R77.30.03 Release Notes R77.30.03 Endpoint Security Management Server Administration Guide R80.10 Release Notes R80.10 Endpoint Security Management Server Administration Guide

Endpoint Security Server Downloads

Use the Standard R80.10 Management Server



SmartConsole Server Installation SmartConsole Server Installation
  This archive contains two packages that should be installed by order.    
  1) R77.30 Jumbo Hotfix for Endpoint Security Server
2) R77.30.03 Endpoint Security Server Package for Gaia OS
   
 

E80.70 - Released in May 2017

This release adds support for Windows 10 Creators Update (version 1703), introduces improved Full Disk Encryption OneCheck Logon features and support for new VPN features. See the "What's New" section.

Client Downloads

E80.70 Endpoint Security
clients for Windows

E80.64 Endpoint Security
clients for macOS

E80.70 Remote Access
clients for Windows

E80.70 SandBlast Agent
clients for Windows

 

The Endpoint Security solution supports Clients/Servers backward compatibility. For supportability versions matrix, refer to the "Detailed information per release" section below or use sk107255.

More information regarding the above mentioned releases and earlier ones can be found under the Detailed Releases Information section below.

   Architecture and Getting Started   More


  • Clients communicate with the Management Server over HTTP/HTTPs.
  • The Endpoint Management architecture works in a "star" scheme to support large-scale environments.
  • The central "brain" of the system is the "Management Server" and the delegate servers are named "Policy Servers".
  • Each Management Server can support a maximum of ~10,000 endpoints. Multiple Policy Servers can be chained to support a management of up to 400,000 devices from a single environment.
  • The environment supports unified log reporting through SmartLog.

   Best Practices   More


   Client OS Support   More

Check Point Endpoint Security clients protect all of your Windows and Mac workstations, including laptops, Desktops, and Windows Servers.

Check Point takes part in various OS manufactures' development processes and we start the support of new versions when vendors release development builds.

We are committed to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however in practice we are delivering much faster. See sk115192 for OS support timeline.


   Detailed Information per Release   More

Detailed Server Releases Information


Server version
GA Date
Latest Revision Date
End of Support Supported OS
Supports EP & Gateway Management
Supported Upgrade Paths
Supported Client Versions Downloads
Additional Information

R77.30.03

RECOMMENDED

19-Feb-2017 19-Feb-2017 May 2019 Gaia Only


Yes
Aligned with Jumbo hotfix Take_143.

Public Jumbo hotfix that is compatible with R77.30.03 will be available in Q3 2017
Show Supported Upgrade Paths

In Place:

R77.30

R77.30.02

Advanced:

R77.30.01

Show Supported Client Versions

E80.70

E80.65

E80.64 Mac/Win

E80.62 HFA1

E80.62 Mac/Win

E80.61

E80.51

Server

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE Agent (sk92449) to the latest build.
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)


SmartConsole
SmartConsole for Endpoint Security Server R77.30.03 / E80.70
R80.10 (Maintrain)  17-May-2017 17-May-2017
May 2021  Gaia  Can manage both Gateway and Endpoints 

In Place:

R77.30 

E80.70

E80.64 Mac/Win

E80.62 HFA1

E80.62 Mac/Win


R77.30 EP6.5

[Large Scale]
25-May-2017 25-May-2017 May 2021 Gaia & Windows Endpoint only
Show Downloads

The packages provided below are Legacy CLI packages (not CPUSE packages).

Before installing the hotfix, you need R77.30 to be installed and to update the Deployment Agent (sk92449) to the latest build.

Description Download Link
Check Point Endpoint Security Server Hotfix for Gaia OS
Check Point SmartConsole for Endpoint Security Server
EP6.5 - Offline Tool for Endpoint Security Clients
EP6.5 - Offline Tool for Endpoint Security Clients (Japanese)
R77.30 EP6.5 Server Migration Tools for Gaia OS
What?s New

New in this release:

  • Support for managing E80.70 clients. See sk117155.
  • Improved scaling and response times to Full Disk Encryption client messages.
  • Directory Scanner initial scan and full re-scan take significantly less time
  • Stability and performance enhancements for Online Automatic Synchronization (High Availability).
  • Support for new Full Disk Encryption algorithms, XTS-AES 128-bit and XTS-AES 256-bit for UEFI systems.
  • New Web Remote Help SDK - See the Endpoint Security Web Remote Help SDK Reference Guide for details.
  • General performance improvements.


R77.30.02 22-Aug-2016 29-Sep-2016 May 2019 Gaia Only
Yes

Aligned with Jumbo hotfix Take_143.

 

Public Jumbo hotfix that is compatible with R77.30.03 will be available in Q3 2017

Show Supported Upgrade Paths

In Place:

R77.30

Advanced:

R77.30.01

R77.20.01

Show Supported Client Versions

E80.70

E80.65

E80.64 Mac/Win

E80.62 HFA1

E80.62 Mac/Win

E80.61

E80.51

Show Downloads

Endpoint Security Server Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE Agent (sk92449) to the latest build. (Endpoint Security Servers are only supported on Gaia.)
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security (TGZ)
2 R77.30.02 Endpoint Security Server Package for Gaia OS (TGZ)

Management Console Downloads

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Version (R77.30.02)

Endpoint Security Server Package Link
R77.30.02 SmartConsole for Endpoint Security Server R77.30.02 / E80.64 (EXE)

Previous Versions

Endpoint Security Server Package Link
R77.30.01 SmartConsole for Endpoint Security Server R77.30.01 / E80.64 (EXE)
R77.30 SmartConsole for Endpoint Security Server R77.30 / E80.64 (EXE)

R77.30.01

R77.30.01 HFA1

7-Dec-2015 7-Apr-2016 May 2019 Gaia & Windows Endpoint only
Show Supported Upgrade Paths

In Place:

R77.30

Advanced:

R77.20.01

Show Supported Client Versions

E80.64 (HFA1 only)

E80.62 HFA1

E80.62 Mac/Win

E80.61

E80.60

E80.51

E80.50

Show Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Endpoint Security R77.30.01 HFA1 Server

Note: The packages provided below are Legacy CLI packages (not CPUSE packages).

Platform Package Link
Gaia R77.30.01 HFA1 Check Point Endpoint Security Server Hotfix for Gaia OS (TGZ)
Windows R77.30.01 HFA1 Check Point Endpoint Security Server Hotfix for Windows OS (TGZ)

Important: It is strongly recommended to apply the Gaia server hotfix provided in sk112099.

Installation

  • The R77.30.01 HFA1 Endpoint Security Server is based on the R77.30 Management Server and must be installed on the R77.30 Management Server. It has all the supported capabilities of a standard Check Point R77.30 Management Server.

  • The following upgrades are supported:
    • In place upgrade from R77.30
    • In place upgrade from R77.30.01
    • Advanced upgrade from R77.20.01

    Note: Other upgrades paths or methods are not supported

  • Installing R77.30.01 HFA1 together with the R77.30 Jumbo Hotfix Accumulator is not supported. All existing security fixes are integrated into R77.30.01 HFA1.

  • For installation and upgrade instructions, use the procedures in the relevant guide:

  • The R77.30.01 HFA1 Endpoint Security Management Server can be activated only on a management-only machine (Standalone machine is not supported, i.e., Gateway + Management)

  • The R77.30.01 HFA1 Endpoint Security Server can manage Endpoint Security Clients E80.40 and higher.

Management Console Downloads

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Platform Package Link
Windows SmartConsole for Endpoint Security Server R77.30.01 HFA1 (EXE)
SmartConsole for Endpoint Security Server E80.62 / R77.20 (EXE)
SmartConsole for Endpoint Security Server E80.62 / R77.30 (EXE)
R77.30 (Maintrain) 19-May-2015 2-Mar-2017 May 2019 Gaia & Windows Can manage both Gateway and Endpoints
Show Supported Upgrade Paths

In Place:

R77.20

R77.10

R77

R76

R75.45/E80.41

R75.40/E80.40

Show Supported Client Versions

E80.70

E80.65

E80.64 Mac/Win

E80.62 HFA1

E80.62 Mac/Win

E80.51

E80.50

E80.42

E80.41

E80.40


R77.20.01 14-May-2015 14-May-2015 May 2019 Gaia & Windows Endpoint only
Show Supported Upgrade Paths

In Place:

R77.20

Advanced:

R77/R80.60

Show Supported Client Versions

E80.62 HFA1

E80.62 Mac/Win

E80.61

E80.60

E80.51

E80.50

E80.42

E80.41

E80.40

Show Downloads

Endpoint Security Server R77.20.01

Note: The packages provided below are Legacy CLI packages (not CPUSE packages).

Platform Package Link
Gaia R77.20.01 Check Point Endpoint Security Server HF for Gaia OS (TGZ) (TGZ)
Windows R77.20.01 Check Point Endpoint Security Server HF for Windows OS (TGZ) (TGZ)

Installation

Management Console Downloads

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Package Link
R77.20.01 SmartConsole for Endpoint Security Server (EXE)
R77.20 (Maintrain) 3-Jul-2014 20-Jul-2014 July 2018 Gaia & Windows Can manage both Gateway and Endpoints
Show Supported Upgrade Paths

In Place:

R77.10

R77

R76

R75.45/E80.41

R75.40/E80.40

Show Supported Client Versions
E80.51

E80.50

E80.42

E80.41

E80.40


R77.10 (Maintrain) 15-Jan-2014 13-Apr-2014 January 2018 Gaia & Windows Can manage both Gateway and Endpoints
Show Supported Upgrade Paths

In Place:

R77

R76

Show Supported Client Versions
E80.51

E80.51

E80.50

E80.42

E80.41

E80.40



Detailed Client Releases Information

Client version
GA Date Latest Revision Date End of Support Supported OS Supported Upgrade Paths OS In-place upgrade Supported Blades Supported Management Servers Downloads Additional Information

E80.70

RECOMMENDED

11-May-2017 11-May-2017 May 2021
Show Supported OS
Win7 32/64

Win10 1607

Win10 1703
Show Upgrade Paths
E80.65

E80.64

E80.62 HFA1

E80.51 EP 6.0
From Win7 to Win10 1607 or higher
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers
R77.30 EP 6.5

R77.30.03

R77.30.02

R77.30
Show Downloads

Endpoint Security E80.70 Clients

Platform Package Link
Windows E80.70 Endpoint Security Clients for Windows OS (Recommended) (ZIP)
E80.70 Complete Endpoint Security Client for 32 bit systems (ZIP)
E80.70 Complete Endpoint Security Client for 64 bit systems (ZIP)
E80.70 Complete Endpoint Security Client without Anti-Malware for 32 bit systems (ZIP)
E80.70 Complete Endpoint Security Client without Anti-Malware for 64 bit systems (ZIP)
E80.70 SandBlast Agent client for 32 bit systems (ZIP)
E80.70 SandBlast Agent client for 64 bit systems (ZIP)
E80.70 Full Disk Encryption and Media Encription and Port Protection client for 32 bit systems (ZIP)
E80.70 Full Disk Encryption and Media Encription and Port Protection client for 64 bit systems
(ZIP)
E80.70 Initial client (ZIP)

Note: Initial client is a very thin client without any blade that allows the admin to use it in order to download the large ZIP file and then distribute it in his organization.

Remote Access VPN E80.70 Clients

Platform Package Link
Windows E80.70 Remote Access Clients for Windows (MSI)
E80.70 Remote Access VPN Clients - Automatic Upgrade file (CAB)
E80.70 Remote Access VPN Clients for ATM (MSI)
E80.70 Remote Access VPN Clients for ATM - Automatic Upgrade file (CAB)

Capsule Docs E80.70 Clients

Platform Package Link
Windows E80.70 Capsule Docs Standalone Client (EXE)
E80.70 Capsule Docs PC Viewer Get from: Capsule Docs Portal
What?s New in E80.70

This release supports all Software Blades and features of previous releases. It adds support for Windows 10 Creators Update (version 1703) and support for new VPN and improved features.

Remote Access VPN

New VPN Features
  • Option to exclude local network traffic when Hub mode (Route all traffic) is configured.
  • Register to hotspots with the computer's default browser instead of the client?s embedded browser.
  • Support for Multiple Login Options (from E80.65).
For more information about E80.70 Remote Access VPN, see the E80.70 Remote Access VPN Clients for Windows Release Notes.

Third Generation OneCheck

The Full Disk Encryption OneCheck Logon features are improved to continue to work transparently with new versions of operating systems.

SandBlast Agent

The SandBlast Web Extension is supported on Internet Explorer 11. While the Web Extension is enabled automatically for Google Chrome, for Internet Explorer it is disabled by default.


Known Limitations

Documentation
Platform Document
Endpoint Security Clients
Windows E80.70 Endpoint Security Client for Windows User Guide
Windows E80.70 Endpoint Security Client for Windows Release Notes
Remote Access VPN Clients
Windows E80.70 Remote Access Clients for Windows Release Notes
Windows E80.70 Remote Access Clients for Windows Administration Guide
Capsule Docs Client
Windows E80.70 Capsule Docs Plugin User Guide
Windows E80.70 Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Windows Capsule Docs Bulk Protection Guide
E80.65 19-Feb-2017 19-Feb-2017 February 2021
Show Supported OS
Win7 32/64

Win10 1607

Win10 1703
Show Upgrade Paths

E80.64

E80.62 HFA1

E80.61

E80.51

R73

From Win7 to Win10 1607 or higher
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R77.30 EP 6.5

R77.30.03

R77.30.02

R77.30

Show Downloads

Endpoint Security E80.65 Clients

Platform Package Link
Windows E80.65 Endpoint Security Clients for Windows OS (ZIP)
E80.65 Complete Endpoint Security Client for 32 bit systems (ZIP)
E80.65 Complete Endpoint Security Client for 64 bit systems (ZIP)
E80.65 Complete Endpoint Security Client without Anti-Malware for 32 bit systems (ZIP)
E80.65 Complete Endpoint Security Client without Anti-Malware for 64 bit systems (ZIP)
E80.65 SandBlast Agent client for 32 bit systems (ZIP)
E80.65 SandBlast Agent client for 64 bit systems (ZIP)
E80.65 Initial client (ZIP)

Note: Initial client is a very thin client without any blade that allows the admin to use it in order to download the large ZIP file and then distribute it in his organization.

Remote Access VPN E80.65 Clients

Platform Package Link
Windows E80.65 Remote Access Clients for Windows (MSI)
E80.65 Remote Access VPN Clients - Automatic Upgrade file (CAB)

Capsule Docs E80.64 Clients

Platform Package Link
Windows E80.64 Capsule Docs Standalone Client (EXE)
E80.64 Capsule Docs PC Viewer (EXE)
What?s New in E80.65

This release supports all Software Blades and features of previous releases. It includes new SandBlast Agent features and enhancements and support for new VPN features.

SandBlast Agent

Anti-Ransomware As part of the Forensics blade, Anti-Ransomware constantly monitors files and processes for unusual activity. Before a ransomware attack can encrypt files, Anti-Ransomware backs up files to a safe location. After the attack is stopped, it deletes files involved in the attack and restores the original files from the backup location.
Improved Browser Extension The SandBlast Agent Browser Extension protects against malicious files that come from Internet sources. It supports Google Chrome for Threat Emulation, Threat Extraction, and Zero Phishing. The new Zero Phishing feature provides:
  • Phishing Prevention - Checks different characteristics of a website to make sure that a site does not pretend to be a different site and use personal information maliciously.
  • Password Reuse Prevention - Alerts users not to use their corporate password in non-corporate domains.
Simple Integration with Third Party Anti-Virus Vendors

Refer to sk116024 - SandBlast Integration with Third Party Anti-Virus Vendors.

Forensics can use information from the Windows Event Log to monitor and analyze malware events from third party anti-virus vendors.
  • Works with most common vendors without manual configuration.
  • Events are detected when the client is online or offline.
SandBlast Agent Dynamic Updates

SandBlast Agent dynamic updates enable stronger security for endpoints, with regular updates to SandBlast Agent files. This keeps clients protected from the latest threats.

Remote Access VPN

Support for Multiple Login Options and Dynamic ID

E80.65 Remote Access VPN clients have the ability to connect to an IPsec VPN gateway that is configured with Multiple Login Options.

One of the authentication factors can be Dynamic ID - Users who successfully complete the first-phase authentication can be challenged to provide an additional credential: a Dynamic ID One Time Password (OTP). The OTP is sent by text message or email.

The new support requires an R80.10 or higher IPsec VPN gateway.

For more information about E80.65 Remote Access VPN, see the E80.65 Remote Access VPN Clients for Windows Release Notes.


Known Limitations

E80.64 22-Aug-2016 9-May-2017 August 2020
Show Supported OS
Win7 32/64

Win10 1607

Mac
Show Upgrade Paths

E80.62 HFA1

E80.62 Mac

E80.61

E80.61 Mac

E80.51

R73

FDE 3.4.4 Mac

From Win7 to Win10 1607
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R77.30.02

R77.30.01

R77.30

Show Downloads

Endpoint Security E80.64 Clients

Important: Download the updated SmartConsole to work with the E80.64 Mac clients.

For E80.64 users with R77.30.02 server who do not use SmartCards, download the fixed client: E80.64 HFA1 Check Point Endpoint Security Clients for Windows OS.

Platform Package Link
Windows E80.64 Endpoint Security Clients for Windows OS (ZIP)
macOS E80.64 Endpoint Security Client and Capsule Docs for macOS
(used with R77.30.02 Endpoint Security Server)
(ZIP)
macOS E80.64 Endpoint Security Client for macOS (without Capsule Docs)
(used with R77.30 Endpoint Security Server)
(ZIP)

Users with Windows 10 Anniversary Update should refer to sk115485.

Remote Access VPN E80.64 Clients

Important: Download the updated SmartConsole to work with the E80.64 Mac clients.

Platform Package Link
Windows E80.64 Remote Access Clients for Windows (MSI)
E80.64 Remote Access VPN Clients - Automatic Upgrade file (CAB)
E80.64 Remote Access VPN Clients for ATM (MSI)
E80.64 Remote Access VPN Clients for ATM - Automatic Upgrade file (CAB)
macOS E80.64 Endpoint Security VPN for macOS - Disc Image (DMG) (DMG)
E80.64 Endpoint Security VPN for macOS - Installation package (PKG) (PKG)
E80.64 Endpoint Security VPN for macOS - Signature for automatic upgrade (signature)

Capsule Docs E80.64 Clients

Platform Package Link
Windows E80.64 Capsule Docs Standalone Client (EXE)
E80.64 Capsule Docs PC Viewer (EXE)
macOS E80.64 Capsule Docs Mac Viewer (Alpha) (DMG)
What?s New in E80.64

This release supports all Software Blades and features of previous releases. It includes new platform support, technologies, and features.

SandBlast Agent

Show / Hide this section
Check Point SandBlast Agent delivers advanced Threat Extraction and Threat Emulation, Forensics, and Anti-Bot to endpoint devices. Refer to SandBlast Agent Product Page.
Key Benefits
  • Defends against multiple attack vectors, including web downloads, external storage devices, lateral movement, or encrypted content.
  • Quickly delivers safe, sanitized versions of documents without business interruption.
  • Identifies and contains infected hosts to limit damage and spread of malware.
  • Continuously collects data about user systems for later forensics use.
  • Automatically builds actionable forensics reports with important attack information.
  • Integrates monitoring and investigation of security events through SmartEvent and SmartLog.
Key Features
  • Check Point SandBlast Agent delivers advanced Threat Extraction and Threat Emulation, Forensics, and Anti-Bot to endpoint devices.
  • Threat Emulation for web downloads and for files copied to the file-system.
  • Automated Forensic analysis of security events.
  • Quarantine of infected hosts.
  • Malware removal based on Forensic analysis.
  • Threat Extraction for web downloads.

Endpoint Core

Show / Hide this section
  • Platforms and Alignment to R77.30 Jumbo Hotfix

    • Windows 10 Anniversary Update (version 1607) support for Endpoint Security clients.
    • Endpoint Security Server installation on R77.30 with a dedicated Jumbo Hotfix for Endpoint Security. (This Jumbo hotfix is aligned to Take 143 of the Jumbo Hotfix Accumulator for R77.30.)
  • Management

    • New Policies & Reports.
    • Offline Management Tool for Full Disk Encryption Offline Mode.
    • Faster synchronization between Endpoint Security Management and Policy Servers.
    • General performance improvements.
    • New Client UI look and feel.
  • Full Disk Encryption

    • Offline Mode - Provides Endpoint Security client support for computers that are not connected to an Endpoint Security Management Server, with the same level of security as regular deployments. Features include:
      • Policy management.
      • Data recovery and Emergency Access.
      • Logs, Statistics, and Reporting.
      • New Deployment User type for creating Offline Mode users at preboot.
    • XTS-AES Encryption on UEFI Systems - Supports new AES algorithms for optimal performance and security:
      • XTS-AES 128 (2x128) encryption.
      • XTS-AES 256 (2x256) encryption.
    • Performance optimizations for disk I/O.
    • Pre-boot usability improvements.
  • Media Encryption

    • Media Encryption Default container size configuration.
    • Optical Media Scan support.
  • Capsule Docs

    • Support for new File Types.
    • Support for Adobe Acrobat Reader DC.
    • New Document Expiration feature- Set an expiration date for protected files. After the expiration date, only the author can access the document.
    • Ability to set, change, and remove protection from Microsoft Office and PDF files with a right-click context menu.
  • Remote Access VPN

    • VPN performance enhancements in upload and download paths.
    • Support for ATM client.
  • Endpoint Security Clients for macOS

    • macOS Sierra (10.12) support for the Endpoint Security clients.
    • VPN support for SHA-256 and Diffie-Helman group 14.
    • Support for Smart Card authentication in Full Disk Encryption Pre-boot.
    • New compliance checks for the Endpoint Security Compliance blade:
      • Check if a computer is in an Active Directory Domain
      • Check for a Mac OS build number and hotfix number


Known Limitations

Resolved Issues

E80.62

E80.62 HFA

7-Dec-2015 27-Jun-2016 December 2019
Show Supported OS
Win10 10586

Win10 10240

Win8.1

Win7

Mac
Show Upgrade Paths

E80.61

E80.61 Mac

E80.60

E80.60 Mac

E80.51

E80.50.03 Mac

E80.50

R73

FDE EW 6.3.1

VPN E75 and higher

FDE 3.4.4

From Win7 or Win8 or Win8.1 to Win10  
Show Supported Management Servers

R77.30.03

R77.30.02

R77.30.01 HFA

R77.30.01

R77.30

R77.20.01

R77.20

Show Downloads

Endpoint Security Client E80.62 HFA1 Downloads

Platform Package Link
Windows E80.62 HFA1 Endpoint Security Clients for Windows OS (ZIP)
Mac OS X * E80.62 Endpoint Security Client and Capsule Docs for Mac OS X
(used with R77.30.01 Endpoint Security Server)
(ZIP)
Mac OS X * E80.62 Endpoint Security Client for Mac OS X (without Capsule Docs)
(used with R77.30 Endpoint Security Server)
(ZIP)

* Note: Mac OS X 10.11 can work only with E80.62 clients. Therefore, you must upgrade the
Endpoint Security Client to E80.62 version before you can upgrade the Mac OS X to 10.11.
For Endpoint Security clients that include Full Disk Encryption, refer to:
sk108060 - How to upgrade Mac OS X with installed Full Disk Encryption to 10.11 (El Capitan).


Remote Access VPN E80.62 HFA1 Clients Downloads

Platform Package Link
Windows E80.62 HFA1 Remote Access VPN Clients (MSI)
E80.62 HFA1 Remote Access VPN Clients - Automatic Upgrade file (CAB)
E80.62 HFA1 Remote Access VPN Clients for ATM (MSI)
E80.62 HFA1 Remote Access VPN Clients for ATM - Automatic Upgrade file (CAB)
Mac OS X * E80.62 Endpoint Security VPN for Mac OS X - Disc Image (DMG) (DMG)
E80.62 Endpoint Security VPN for Mac OS X - Installation package (PKG) (PKG)
E80.62 Endpoint Security VPN for Mac OS X - Signature for automatic upgrade (signature)

* Note: Mac OS X 10.11 can work only with E80.62 clients. Therefore, you must upgrade the
Remote Access VPN Client to E80.62 version before you can upgrade the Mac OS X to 10.11.


Capsule Docs Client E80.62 Downloads

Platform Package Link
Windows E80.62 HFA1 Capsule Docs Standalone Client (EXE)
E80.62 HFA1 Capsule Docs PC Viewer (EXE)
Mac OS X E80.62 Capsule Docs Mac Viewer (Alpha) (DMG)
What?s New in E80.62/R77.30.01 HFA1

  • Bulk Protection Services

    Capsule Docs Bulk Protection Services applies protection to documents based on location and properties. The protection is based on your configuration.

    There are two options to manage Bulk Protection Services:
    • Content-Aware File Protection for CIFS and NFS-compatible Network Locations - Protection is applied through a network gateway with the DLP Software Blade to files that match specified data types.
    • File Protection for Windows-based Servers and Workstations - Protection is applied locally and runs on the Windows computer. Continuous monitoring on specific targets is also available to protect new files as soon as they are created. Refer to the Capsule Docs Bulk Protection Guide
  • Content-Aware Protection for Mail Attachments

    This feature enables DLP Gateway administrators to set protect action for E-mails:
    • Seamless experience - Automatic protection based on administrator configuration.
    • Flexibility - The administrator can allow sending protected documents, and allow or block attachments.
    • Content Awareness - Different protection settings for different types of data.
    • Access Control - The authorized user list can include defined users and groups and/or e-mail sender/recipients.
    • End User Education - UserCheck alerts the user to the organization security policy.
  • Capsule Docs Development Tools

    Note: Refer to sk108950 - Capsule Docs Development Tools and SDK
  • Enhanced Remote Access VPN Client Verification

    • Verifies the identity of the Endpoint Server that manages the client through the Endpoint Server?s certificate.
    • Verifies the client?s minimum version.*
      *For SmartEndpoint-managed Remote Access VPN clients only

  • Performance improvements and bugs fixes


Known Limitations

E80.62 / R77.30.01 HFA1 Resolved Issues

Documentation
E80.61 14-May-2015 14-May-2015 May 2019
Show Supported OS
Win8.1

Win8

Win7

WinXP
Show Upgrade Paths

E80.60

E80.60 Mac

E80.51

E80.50.03 Mac

E80.50

E80.50 Mac

E80.42

E80.42 Mac

E80.41

E80.41 Mac

E80.40

R73

FDE EW 6.3.1

VPN E75 and higher

FDE 3.4.4

   
Show Supported Management Servers
R77.30.03

R77.30.02

R77.30.01 HFA

R77.30.01

R77.20.01

Show Downloads

Endpoint Security Client E80.61 Downloads

Platform Package Link
Windows E80.61 Endpoint Security Clients for Windows (ZIP)
Mac E80.61 Endpoint Security Client and Capsule Docs for Mac
(used with R77.20.01 Endpoint Security Server)
(ZIP)
Mac E80.61 Endpoint Security Client for Mac (without Capsule Docs)
(used with R77.20/R77.30 Endpoint Security Server)
(ZIP)

Note: On October 22, 2015, both E80.61 Endpoint Security Client on Mac downloads were replaced.

Remote Access VPN E80.61 Clients Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

Platform Package Link
Windows E80.61 Remote Access Clients for Windows - MSI file (MSI)
E80.61 Remote Access Clients for Windows - Automatic Upgrade file (CAB)
E80.61 Remote Access Clients for Windows - ATM MSI file (MSI)
E80.61 Remote Access Clients for Windows - Automatic Upgrade file for ATM (CAB) (CAB)
Mac E80.61 Endpoint Security VPN for Mac - Disc Image (DMG) (DMG)
E80.61 Endpoint Security VPN for Mac - Installation package (PKG) (PKG)
E80.61 Endpoint Security VPN for Mac - Signature for automatic upgrade (signature) (signature)

Capsule Docs Client Downloads

Platform Description Link
Windows E80.61 Endpoint Security Clients (ZIP)
Capsule Docs Standalone Client (EXE)
Capsule Docs PC Viewer (EXE)
What?s New in E80.61

User and Device Management (UDM)

UDM is a web based application that manages a range of user and device related tasks in an organization. A typical user accesses organizational resources from multiple devices: computers, laptops, smartphones, and tablets. UDM provides a unified environment for managing various user and device related tasks, such as provisioning, transparency of access via SmartLog logs, viewing user and device details, certificate management, AD user management, and FDE password recovery (for Endpoint Security clients).

With UDM, security administrators can delegate user and device management tasks to Help Desk administrators. This delegation of responsibilities lets the network security team handle security policy issues and the Help Desk team manage some user access tasks.

UDM includes:

  • Remote Access certificate management
    • Manage, create, and revoke user certificates for remote access.
    • Use email templates to send information to users on how to connect remotely from their devices.
  • Integration with Active Directory
    • See all users in the organization and the devices they are using to connect to organizational resources.
    • Change the status of Active Directory users when necessary (expired, disabled, or locked).
    • Manage Active Directory user groups.
  • Integration with SmartLog
    • See user login and activity logs.
    • Search and filter logs for a specified user.
    • See if a device is connected or disconnected.
  • Integration with Endpoint Security Server
    • See activity of users and devices.
    • Use Full Disk Encryption password recovery.
    • Active Directory integration.
  • Integration with Capsule Cloud
    • See logs of Capsule Cloud users.
    • Send new registration codes to users.

  • Full Disk Encryption

    • TPM support for version 1.2 and 2.0.
    • Support for Active Directory groups in Pre-boot.

  • Mobile Access Blade

    • Simple and comprehensive mobile/remote access solution that delivers exceptional operational efficiency.
    • Allows mobile and remote workers to connect easily and securely from any location, with any Internet device to critical resources while protecting networks and endpoint computers from threats.
    • Data transmitted by remote access is decrypted and then filtered and inspected in real time by Check Point?s award-winning gateway security services such as Anti-Virus, Intrusion Prevention and Web Security.
    • Includes in-depth authentications, and the ability to check the security posture of the remote device. This further strengthens the security for remote access.

    The Mobile Access Blade is available in its latest versions in R77.20 (sk101208).

  • Endpoint Security Client for Mac

    This release adds these new features:
    • Support for the Endpoint Security client on Mac OS X 10.10 Yosemite.
    • Support for the Media Encryption Offline Access utility on Mac OS X 10.10 Yosemite.
    Features:
    • From E80.60: New Capsule Docs Software Blade (alpha) for Mac
      • Compatibility with both Check Point On-Premises deployment and Cloud Deployment
      • Enhanced rendering capabilities
      • Support unprotecting a document based on user permissions
    • From R77.20 (and higher): Full Disk Encryption Software Blade new features
      • Dynamic Tokens
      • Remote Help Response Length

    Full Disk Encryption support for In-place major OS upgrade (until September, 2015, this is available only as EA, see sk106668.)

  • Remote Access VPN

    • Remote Access Clients for Windows
      • Improved stability, and bug fixes.
      • Configure password complexity requirements in the VPN Configuration Utility.
    • Endpoint Security VPN for Mac
      • Improved stability, and bug fixes.


  • Known Limitations

    Documentation
    E80.60 28-Oct-2014 28-Oct-2014 October 2018
    Show Supported OS
    Win8.1

    Win8

    Win7

    WinXP
    Show Upgrade Paths

    E80.51

    E80.50

    E80.50 Mac

    E80.42

    E80.42 Mac

    E80.41

    E80.41 Mac

    E80.40

    R73

    FDE EW 6.3.1

    VPN E75 and higher

    FDE 3.4.4

       
    Show Supported Management Servers

    R77.30.01 HFA

    R77.30.01

    R77.20.01

    R77 with E80.60

    Show Downloads

    Endpoint Security E80.60 Clients

    Platform Description Download Link
    Windows Endpoint Security E80.60 Clients (ZIP)
    Mac E80.60 Endpoint Security Client on Mac (ZIP)

    Remote Access VPN E80.60 Clients Downloads

    Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

    Platform Description Download Link
    Windows Remote Access Clients E80.60 msi file (MSI)
    Remote Access Clients E80.60 Automatic Upgrade file
    (CAB)
    Remote Access Clients E80.60 for ATM msi file (MSI)
    Remote Access Clients E80.60 Automatic Upgrade file for ATM (CAB) (CAB)
    Mac Endpoint Security VPN for Mac E80.60 - Disc Image (DMG) (DMG)
    Endpoint Security VPN for Mac E80.60 - Installation package (PKG) (PKG)
    Endpoint Security VPN for Mac E80.60 - Signature for automatic upgrade (signature) (signature)

    Check Point Capsule Docs

    Description Download Link
    Endpoint Security E80.60 Clients (ZIP)
    Capsule Docs Standalone Client (EXE)
    Capsule Docs PC Viewer (EXE)
    Capsule Docs Proxy (R77.10) (TGZ)
    Capsule Docs Proxy (R77.20) (TGZ)
    What?s New in E80.60

    What's New in Endpoint Security Clients

    Check Point Capsule Docs

    The Check Point Capsule Docs Software Blade, managed by an on-premise Security Management Server, lets organizations protect and share documents safely within the organization and with business partners, and manage the organizational Check Point Capsule Docs policy, monitoring, and deployment through SmartEndpoint.

    The Check Point Capsule Docs Software Blade comes integrated with the Endpoint Security on Microsoft Windows computers. There is also a non-managed Check Point Capsule Docs plugin for supported applications, and the Check Point Capsule Docs Viewer. The Viewer does not require administrative privileges or the installation of Microsoft Office or Adobe Acrobat Reader, and gives read-only access to protected documents. The Check Point Capsule Docs plugin, which is mainly for the external users, and the Check Point Capsule Docs Software Blade give full editing capabilities and these benefits:

    Control the parties that can access the data

    • Restrict access to individuals, groups or entire organizations
    • Use granular Classification model to assign different permissions for internal and external users
    • Control data distribution (Forward, Copy/Paste, Print)
    • Choose contacts from your Outlook address book with whom you usually communicate
    • Prevent unintentional data loss with the help of UserCheck

    Protect data stored on untrusted servers and shared via untrusted channels

    • Each protected document remains protected even on untrusted servers
    • Prevent forwarding to unauthorized parties
    • Secure all created documents automatically

    See full audit trail for data access

    • All actions on protected documents are logged and are available through SmartView Tracker and SmartLog
    • Follow paper trail for a single document
    • Audit distribution patterns for documents in an organization
    • Monitor access by external parties

    Access protected documents easily from your platform of choice

    • Seamless integration with Microsoft Office and Adobe Acrobat on Windows platforms
    • Lightweight Windows Viewer that does not require administrative privileges or Microsoft Office or Adobe Acrobat clients installed
    • Lightweight flexible viewer for Mac OS X
    • Access protected documents from proprietary Apps on Android, and iOS mobile devices

    Full Integration with Organizational Active Directory

    • Users that are defined in the Active Directory are automatically provisioned to use Check Point Capsule Docs
    • User's Active Directory account authentication is sufficient to access relevant protected documents
    • Customize Document Security policy for different Users, Organizational Units and Groups

    Capsule Docs Proxy

    • Allows accessing protected documents managed with the on-premise Security Management Server for users outside of the organizational network.
    • Provides secured connectivity, leveraging HTTP security and IPS inspection on a hardened Gaia operating system.
    • Built on top of Check Point Mobile Access Blade.
    • Delivered as a Hotfix on top of R77.10 and on top of R77.20.

    Check Point Capsule Docs encrypts documents to protect them from unauthorized access. It protects users from unintentional data leaks. It is not possible to prevent all intentional violations made by malicious authorized users and this is not the goal of Check Point Capsule Docs.

    URL Filtering

    The Check Point Endpoint URL Filtering Software Blade lets an organization control access to web sites by category, user or group. This way it improves network security and enhances user productivity.

    User Check technology empowers and educates Endpoint users on web usage policy in real time.

    The Endpoint URL Filtering Software Blade has these benefits:

    • Lets you utilize a database of over 200 million websites, updated in real-time
    • Lets you choose from 64 predefined content categories or create custom categories and URL families
    • Works inside and outside of the organization - policy is enforced on the client
    • Does unified management - lets the administrator configure one Rule Base in SmartDashboard for an Endpoint and a Gateway policy
    • Does unified log reporting through SmartLog
    • Uses Identity Awareness - lets the administrator grant, limit, or block user access, group access, or access from specific machines to individual web sites or categories of web sites
    • Fully integrates the organization's Active Directory
    • Utilizes SSL Inspection

    Supported Features for Endpoint Security URL Filtering

    URL Filtering in Endpoint Security supports most features of URL Filtering from SmartDashboard. See the R77 Application Control and URL Filtering Administration Guide.

    Anti-Bot

    The Anti-Bot Software Blade:

    • Uses the ThreatCloud repository to receive updates, and queries it for classification of unidentified IP, URL, and DNS resources.
    • Prevents damage by blocking bot communication to C&C sites and makes sure that no sensitive information is stolen or sent out of the organization.
    The Endpoint Anti-Bot blade uses these procedures to identify bot infected computers:
    • Identify the C&C addresses used by criminals to control bots.
    • These web sites are constantly changing and new sites are added on an hourly basis. Bots can attempt to connect to thousands of potentially dangerous sites. It is a challenge to know which sites are legitimate and which are not.
    Check Point uses the ThreatCloud repository to find bots based on these procedures.

    The ThreatCloud repository contains more than 250 million addresses that were analyzed for bot discovery and more than 2,000 different botnet communication patterns. The ThreatSpect engine uses this information to classify bots and viruses.

    The Endpoint Anti-Bot blade gets reputation updates from the ThreatCloud repository. It can query the cloud for new, unclassified URL/DNS resources that it finds.

    Media Encryption & Port Protection

    This release adds NTFS file system support for encrypted storage devices. NTFS file system lets you encrypt files over 4GB.

    Notes:

    • Check Point Media Encryption Offline Utility lets you access NTFS encrypted storage devices on non-managed MS Windows computers in admin mode.
    • Apple Mac computers do not by default support the NTFS file system. To make an encrypted storage device accessible on a Mac computer, format it as a FAT32.
    • To create encrypted NTFS storage on a Windows 7 computer, you must first install SP1 on it.

    Forensics

    The Check Point Endpoint Forensics Software Blade monitors files and the registry for suspicious processes and network activity. When the Anti-Malware or the Anti-Bot Client Software Blade, or the Check Point Gateway Software Blade detects an attack, the Check Point Endpoint Forensics Software Blade analyzes the attack, and uploads the complete attack report to the Endpoint Security Management Server.

    Note: The Check Point Endpoint Forensics Software Blade is not supported on Microsoft Windows XP operating system.

    Full Disk Encryption Features

    This release adds support for these features:

    • Use of TPM to measure integrity of Pre-boot components.
    • Password synchronization between the OS and Pre-boot after Remote Help.

    Remote Access VPN

    For new features in the Remote Access VPN blade and standalone Remote Access Clients see
    What's New in Remote Access VPN E80.60 Clients

    For more information about E80.60, refer to Endpoint Security Client E80.60 Known Limitations.

    Supplemental Software

    Mobile Access Blade

    • Simple and comprehensive mobile/remote access solution that delivers exceptional operational efficiency.
    • Allows mobile and remote workers to connect easily and securely from any location, with any Internet device to critical resources while protecting networks and endpoint computers from threats.
    • Data transmitted by remote access is decrypted and then filtered and inspected in real time by Check Point?s award-winning gateway security services such as antivirus, intrusion prevention and web security.
    • Includes in-depth authentications, and the ability to check the security posture of the remote device. This further strengthens the security for remote access.
    The Mobile Access Blade is available in its latest versions in R77.10 (sk97617) and R77.20 (sk101208)

    User and Device Management

    • Helps organizations roll out Check Point Capsule to users.
    • Provides Remote Access certificate management for organizational Active Directory users.
    • Provides visibility of organizational Active Directory users and the devices they use to connect.
    • Leveraging SmartLog for user login and activity logs, including filtering capabilities.
    • Provides Integration with Endpoint Security Server for Full Disk Encryption password recovery.
    User and Device Management is available via sk101672.

    What's New in Remote Access VPN E80.60 Clients

    • SHA-256 (SHA-2) IPSEC support for Remote Access (Windows) Clients Data Integrity encryption
    • Certificate Enhancements:

      • Display the Friendly Name for a certificate
      • Filter certificates according to the Enhanced Key Usage attribute (certificates without client authentication are not shown)
      • Choose not to show expired certificates in the certificate selection list
    • Automatic upgrades from the gateway with a customized package
    • Support for the visually impaired with MSAA (Microsoft active accessibility component) integration
    • Ability to close open session before you make configuration changes
    • Improved server certificate verification for less browser warnings
    • Added support for Certificate Subject Alternative Name (DNS entries only) as part of certificate verification (previously only based on CN)
    • Policy Compression for gateways that support it, to enable policy compression for faster topology download
    • UTF-8 support in all user input fields (user names, passwords, CN). P12 certificate paths still must have only ASCII characters.
    • Dual hotspot detection mechanism.
    • Hotspot registration and mini-browser in Endpoint Security Suite (was previously in Standalone client only).
    • Improved stability, and bug fixes.


    Known Limitations

    Documentation

    Endpoint Security E80.60 Clients

    Platform Description Documentation
    Windows Endpoint Security E80.60 Clients (Release Notes)
      E80.60 Endpoint Security Client on Windows User Guide (User Guide)
      E80.60 Endpoint Security Administration Guide (Administration Guide)
    Mac E80.60 Endpoint Security Client on Mac

    (User Guide)


    Remote Access VPN E80.60 Clients Documentation

    Platform Description Documentation
    Windows Remote Access Clients E80.60 msi file (Release Notes)
    Remote Access Clients E80.60 Automatic Upgrade file
    (Release Notes)
    Remote Access Clients E80.60 for ATM msi file (Release Notes)
    Remote Access Clients E80.60 Automatic Upgrade file for ATM (CAB) (Release Notes)
    E80.60 Remote Access Clients for Windows Administration Guide
    (Admin Guide)
    Mac Endpoint Security VPN for Mac E80.60 - Disc Image (DMG) (Release Notes)
    Endpoint Security VPN for Mac E80.60 - Installation package (PKG) (Release Notes)
    Endpoint Security VPN for Mac E80.60 - Signature for automatic upgrade (signature) (Release Notes)
    E80.60 Endpoint Security VPN for Mac Administration Guide (Admin Guide)

    Check Point Capsule Docs

    Description Documentation
    Endpoint Security E80.60 Clients (Release Notes)
    E80.60 Check Point Capsule Docs Plugin User Guide (User Guide)
    E80.60 Check Point Capsule Docs Viewer User Guide (User Guide)
    E80.51 23-Jul-2014 23-Jul-2014 October 2017
    Show Supported OS
    Win8.1

    Win8

    Win7

    Win Vista

    WinXP
    Show Upgrade Paths

    E80.50

    E80.42

    E80.42 Mac

    E80.41

    E80.41 Mac

    E80.40

    E80.32

    E80.3x

    R73

    FDE EW 6.3.1

    VPN E75 and higher

    FDE 3.4.4

    From Win8 to Win8.1  
    Show Supported Management Servers

    R80

    R77.30.03

    R77.30.02

    R77.30.01 HFA

    R77.30.01

    R77.30

    R77.20.01

    R77.20

    R77.10

    R77 with E80.60

    R77

       

    Management Server Releases Trains and Timeline

     


       Relevant Documents and SecureKnowledge   More

     


    Revision History

    Show / Hide this section
    Date Description
    27 Aug 2017 First release of this document.
    This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment