Support Center > Search Results > SecureKnowledge Details
Endpoint Security Homepage Technical Level
Solution



Important - Customer notification on Client VPN/Endpoint versions E81.10 or earlier - must update before January 1st 2021.

We strongly recommend reading this article in your web browser.

Endpoint News

  • Important: Starting January 1st, 2021, some outdated versions of Remote Client VPN and Endpoint Security Client may stop functioning correctly. Corrective actions are required before January 1st, 2021. This affects only versions E81.10 and lower which are already out of support. After January 1st, 2021, those versions may stop functioning, upgrade will fail and they will require a patch. The issue happens due to the internal certificate used by Endpoint services. One of the certificates expires on January 1st, 2021 therefore all services that use this certificate will stop working on January 1st, 2021. If you’re using Check Point Remote Access (VPN) /Endpoint 80.81-81.10 versions or Check Point SandBlast version E81.10 or earlier, you’ll have two options. Upgrade to a newer version (recommended) or apply a simple fix to the old version:
    • Upgrade to a newer version (E81.20 or later versions). Download link. Check Point recommends to always upgrade to the most recent recommended version, E84.00
    • Apply a quick and temporary fix (sk171213).
  • Always check for compatibility before upgrading Windows OS. Refer to sk115192 - Check Point Endpoint Security Client Support Schedule for New Operating Systems.
  • Check Point R81 is now available:
    What’s New for Endpoint Management:
    • SandBlast Agent Web Management - A new Web-based management interface for Endpoint Threat Prevention components.
      Note: For the best user experience it is recommended to use SandBlast Agent Web Management with Google Chrome.
    • Communication with management services remains on port 443, instead of port 4434, when the Endpoint Management component is activated.
    • Anti-Malware support for shared signature locations to support non-persistent VDI environments.
    • Manage URL Filtering capabilities of SandBlast Agent Browser Extension.
    • Application Control policy changes - Support multiple versions per product, terminate application and block WSL. (Windows Subsystem for Linux).
    • New set of Developer Protections for developers computers.
    • Compliance integration with Windows Server Update Services (WSUS).
    • TACACS authentication for Web Remote Help (WebRH).
    • Media Encryption & Port Protection - Import device overrides from a file.
  • Enterprise Endpoint Security E84.30 macOS Clients (General Availability) is now available. This release provides support for the Endpoint Security Clients on macOS Big Sur (11) and adds Machine Authentication for the VPN client. This release also adds a post-connect message for the VPN client. It allows to display a message to the end user upon every VPN connection.
  • Enterprise Endpoint Security E84.30 Windows Clients is now available. It adds a new sensor to monitor WMI-Get requests, adds the option to uninstall the Endpoint Security Client with a Push Operation from the Management Server, and VPN can now display a warning message with custom text prior to a VPN connection. There are also many other features and enhancements under various categories..
  • Enterprise Endpoint Security E84.20 Windows Clients is now available. It introduces new features such as, Remote Installation of Initial Client, Citrix VDI (Virtual Desktop Infrastructure), new "Isolated" mode that isolates the computer from the outside world, Adds an option to switch the language of the VPN standalone client user interface to the Windows locale. There are also many other features and enhancements under various categories.
  • Enterprise Endpoint Security E84.10 Windows Clients is now available. It introduces new features such as, Threat Hunting, an investigative tool to collect all events from endpoints and provides Security administrators with multiple manual remediation options such as Quarantine, KillProcess and Forensics Analysis with remediation. Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials and can also work in "Detect only" mode. There are also many other features and enhancements under various categories.
  • Enterprise Endpoint Security E84.00 Windows Clients is now available. It adds support for Endpoint Security on Windows 10 20H2 (version 2009).

Client Releases

 

E84.00 - Released in October 2020

Recommended

This release includes many quality improvements that add to the stability and resilience of the product, including support for Endpoint Security on Windows 10 20H2 (version 2009). See the "What's New" section.

Client Downloads

E84.00 Endpoint Security
clients for Windows

E84.00 Threat Prevention clients for Windows

E84.00 Remote Access
clients for Windows

E83.20 Capsule Docs
Standalone Client

Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?


E84.30 - Released in December 2020

Latest

This release includes security improvements that add to the stability and resilience of the product. See the "What's New" section.

Client Downloads

E84.30 Endpoint Security
clients for Windows

E84.30 Threat Prevention clients for Windows

E84.30
Remote Access
clients for Windows

E84.30 Capsule Docs
Standalone Client

Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

Management Releases

 

R80.40 - Released in January 2020

Recommended

 

R81 - Released in October 2020

Latest

Documentation

Documentation

R80.40 Release Notes Endpoint Security R80.40 Administration Guide R81 Release Notes Endpoint Security R81 Administration Guide

Use the Standard R80.40 Management Server

Use the Standard R81 Management Server

SmartConsole Server Installation SmartConsole Server Installation
   
sk165473 sk170116
  It is also required to download the General Availability Take of the Jumbo Hotfix Accumulator for R80.40   It is also required to download the General Availability Take of the Jumbo Hotfix Accumulator for R81.

Cloud & Web Management for SandBlast Agent

Main key features:

  • Hosted on Amazon Web Services (AWS), secured by Check Point.
  • Use the SandBlast Agent Management Platform, to manage your Threat Prevention capabilities. 
  • Low latency by using USA or Europe AWS regions. 
  • Simple, easy and quick creation of a new tenant management environment. 
  • No installations and no pre-requisite required, everything is accessible through your browser.
  • Fully managed service by Check Point, removes the overhead of managing and maintaining the management server. 

Register at: https://portal.checkpoint.com/

Refer to:

For the supportability versions matrix, refer to the "Detailed information per release" section below or use sk107255.

More information regarding the above mentioned releases and earlier ones can be found under the Detailed Releases Information section below.

   Architecture and Getting Started   More


  • Clients communicate with the Management Server over HTTP/HTTPs.
  • The Endpoint Management architecture works in a "star" scheme to support large-scale environments.
  • The central "brain" of the system is the "Management Server" and the delegate servers are named "Policy Servers".
  • Each Management Server can support a maximum of ~10,000 endpoints. Multiple Policy Servers can be chained to support a management of up to 400,000 devices from a single environment.
  • The environment supports unified log reporting through SmartLog.

   Best Practices   More


   Client OS Support   More

Check Point Endpoint Security clients protect all of your Windows and Mac workstations, including laptops, Desktops, and Windows Servers.

Check Point takes part in various OS manufactures' development processes and we start the support of new versions when vendors release development builds.

We are committed to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however in practice we are delivering much faster. See sk115192 for OS support timeline.


   Detailed Information per Release   More

Detailed Server Releases Information


Server version GA Date Latest Revision Date End of Support Supported OS Supports EP & Gateway Management Supported Upgrade Paths Supported Client Versions Downloads Additional Information
R81 21-Oct-2020 27-Dec-2020   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R80.20

R80.30

R80.40

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac

Downloads

R81

What's New

R81

 

Documentation

R81

R80.40 28-Jan-2020 28-Jan-2020   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R77.30.x

R80.10

R80.20

R80.30

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac
Show Downloads
R80.40

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

What's New

R80.40

 

Documentation

R80.40

R80.30 07-May-2019 14-May-2019   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R77.30.x

R80.10

R80.20

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac 
Show Downloads
R80.30

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

What's New

R80.30

 

Documentation

R80.30

R80.20 26-Sep-2018 26-Sep-2018   Gaia Can manage both Gateway and Endpoints  CPUSE & Advanced:

R77.30.x

R80.10 

E80.64 Win and higher 

E80.64 Mac

E80.89 Mac

E82.00 Mac 
Show Downloads
R80.20

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

What's New

R80.20

 

Documentation

R80.20


Note: For Endpoint Security Server Legacy Releases, refer to sk171583 - Endpoint Security Server Legacy Releases (Detailed Information per Release).



Detailed Client Releases Information

Client version GA Date Latest Revision Date End of Support Supported OS Supported Upgrade Paths OS In-place upgrade Supported Blades Supported Management Servers Downloads Additional Information
E84.30 21-Dec-2020 21-Dec-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.30 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.30

New Features

  •  Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware 
    • Adds a new sensor to monitor WMI-Get requests. Behavioral Guard rules can use data from the sensor. The data can appear in Forensics reports and in Threat Hunting. 
    • The redesigned logon sensor for Forensics and Threat Hunting now shows all logon events in Threat Hunting, not just remote logons.
  • VPN
    • VPN can now display a warning message with custom text prior to a VPN connection. If the user accepts the conditions, VPN connects. If the user discards the conditions, VPN does not connect. See sk75221 for configuration information.
  • Infrastructure
    • This release adds the option to uninstall the Endpoint Security Client with a Push Operation from the Management Server. See sk170444 for more information.

Enhancements

  • Anti-Malware 
    •  Resolves a rare issue where the Anti-Malware blade downloads signatures from an external mirror instead of from the local Management Server.
    • Resolves a rare issue where the Anti-Malware Blade runs in "Disconnected Mode" with the "Disconnected" policy while the client still connects to the Management Server. 
    • Resolves a rare issue where the Anti-Malware blade does not function correctly after the Endpoint Security Client's Repair procedure. 
    • Resolves a rare issue where the Anti-Malware blade does not run correctly due to corrupted signatures. 
    • Anti-Virus Resolves installation issue when the Endpoint Security Client does not install due to an Anti-Malware driver error. 
  •  Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware 
    • Improves the performance of Forensics and lessens the time necessary for Windows Updates. 
    • When the DNS sensor is active, Forensics does not monitor raw DNS data. This improves Forensics performance. 
    • Forensics does not monitor specific instances of msiexec.exe related to installation and thus improves Forensics performance.
    • Fixes an issue that can lead to high CPU utilization during a maintenance purge of the Forensics database.
    • Improves performance by aggregating network events sent to Threat Hunting. 
    • Adds the option in policy to disable and to enable the API sensor that injects and monitors processes. 
    • Fixes an issue that can cause a crash in the Forensics service during an uninstallation. 
    • Fixes a Forensics crash that involves badly formed Registry data.
  • Full Disk Encryption
    •  BCDBOOT mode is now the default on upgrades. 
    •  Adds a new option to fdecontrol to set a custom message to display when UOL fails. 
  •  Media Encryption and Port Protection 
    • Resolves a very rare issue where a machine with the Media Encryption blade may not function after a sleep or a long idle time if users configure SearchIndexer to index removable drives. 
  • VPN
    • Fixes the issue where the VPN disconnects when the Windows desktop locks.
  • Installation  
    • Resolves a rare issue where Dynamic Package upgrades can fail due to a locked file on the client. 
    • Resolves a rare issue where the Watchdog does not start processes after an upgrade.
    • Resolves an issue where some leftovers remain in the registry after an Endpoint Security Client uninstall. 
    • Resolves an issue where an Endpoint Security Client upgrade fails when it happens after an installation with a renamed exported file other than eps.msi. 
    • Optimizes Endpoint Security Client Repair and Upgrade procedures with fewer and unnecessary file deletions.
    • Resolves an issue where the Repair procedure fails when it is unable to create a folder in %temp%. 
    • Resolves an issue where the Endpoint Security Client Repair procedure fails after an upgrade procedure fails.
  • Infrastructure 
    • Resolves a rare issue where the Endpoint Security Client upgrade downloads the dynamic package of files twice.
    • Optimizes Endpoint Security Client self-protection from intrusions by unwanted software programs.
    • Resolves a very rare memory allocation issue in the vsdatant driver. 
    • Resolves an issue where the "Remote Install" feature makes only one registration attempt to the Management Server. 
    • Resolves a rare issue where the Endpoint Security Client remains in an inconsistent state after an Operating System upgrade. 
E84.20 24-Nov-2020 24-Nov-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R81

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.20 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.20

New Features

  • Remote Installation of Initial Client 
    • In Endpoint Security Client E83.30 and higher, you can now install the Initial Client remotely without third party tools. See the SandBlast Agent Administration Guide for more information. 
  • Virtual Desktop Infrastructure
    • Endpoint Security now supports Citrix VDI (Virtual Desktop Infrastructure) for persistent and non-persistent virtual machines. See sk167072.
  • Firewall and Application Control
    • Endpoint Security Client supports a new "Isolated" mode that isolates the computer from the outside world. See sk169758.
    • The Application Control blade can now choose to terminate applications on execution through policy. See sk141692.
  • VPN
    • Adds an option to switch the language of the user interface to the Windows locale. See sk75221 for configuration information
      • The option only affects standalone clients.
      • The installation process sets the language of the Endpoint Security full suite and the user cannot change it after the installation.
    • Adds the ability to withhold the name of the last VPN user. See sk75221 for configuration information.
  • Media Encryption and Port Protection
    • A new file audit log value contains the sha256 file checksum for written files on removable medias.
  • Infrastructure
    • The Endpoint Security Client now includes the Greek language.

Enhancements

  • Anti-Malware 
    • Resolves an issue where the Anti-Malware engine delays its start for a few seconds after the application of a new policy.
  • Threat Hunting
    • Introduces the ability to isolate a machine through the Threat Hunting interface.
    • Fixes a rare issue with the Threat Hunting batch size where large batches block all data reporting until the next reboot.
  • Threat Emulation and Anti-Exploit
    • Anti-Exploit now blocks the actively exploited vulnerability CVE-2020-17087.
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Fixes an issue that can cause a delay for an Anti-Ransomware detection when a specific Windows process is active.
    • Reduces false positives in Anti-Ransomware with improvements to the thresholds for detecting mass encryption.
    • Improves performance for a hard-coded Anti-Ransomware feature with a move to Behavioral Guard. Rule updatability and exclusions for this feature are now possible in Behavioral Guard.
    • Anti-Ransomware exclusions now support environment variables.
    • Improves the Credential Dumping detection technique to reduce False Positives.
    • In Server environments, Forensics no longer delete files created by Windows processes that may do a lot of file processing.
    • Fixes a rare issue where Forensics drivers do not enforce exclusions. Forensics now enforces exclusions in user mode to handle these rare scenarios.
    • Fixes an issue where the Forensics Analysis fails to add a process to the incident model.
    • Fixes an issue which causes high CPU usage while Forensics purges older database data.
    • Windows scripts processes such as PowerShell.exe and wscript.exe are now "Suspicious" in Forensics Analysis. Remediation settings for "Suspicious" processes now apply.
  • Firewall and Application Control
    • Resolves a rare issue where the Firewall and Application Control process consumes high CPU on a blade startup.
    • Resolves a rare issue where the Firewall blade still blocks IPv6 traffic after the user stops network protection.
  • Full Disk Encryption
    • Fixes the issue where there is an unapplied preboot bypass configuration during the Operating System upgrade.
    • Fixes an incompatibility with the Google Drive File Stream where the EPS client can not install, upgrade or delete with the FDE blade.
    • Fixes the stretched screen in preboot on certain machines.
    • Fixes a rare scenario where Self Encrypting Disks are stuck on 0% encryption.
    • Fixes an issue with Smart Card single sign-on.
  • URL Filtering
    • URL Filtering now supports Mozilla Firefox along with the Chrome and Edge-Chromium browsers.
  • Installation  
    • Resolves a rare issue where the Anti-Malware and Firewall blades do not unregister "Windows Security Center" correctly in Endpoint client uninstalls.
    • Resolves a rare issue in the Software deployment process where the package downloads while it already resides on the disk.
    • Resolves a rare issue where an Endpoint Security Client upgrade fails due to an Anti-Malware upgrade failure.
    • Resolves an issue where a command line window pops ups for a few seconds in the Anti-Malware uninstallation process.
    • Resolves a rare issue where an Endpoint Security component (cpda.exe) silently crashes as it tries to gather information from the installation file.
    • CVE-2020-6021: Resolves an issue in Check Point Endpoint Security Client for Windows prior to version E84.20 where users have write access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker prior to E84.20 can initiate the installation repair and place a specially crafted DLL in the repair folder which runs with the Endpoint Security Client’s privileges.
  • Infrastructure 
    • Resolves a rare issue where an Endpoint Security component (cpda.exe) crashes during the Endpoint Security Client upgrade process.
    • Resolves a rare issue where the Windows Security Center does not recognize Anti-Malware and Firewall blades correctly.
    • Non-Persistent VDI is now configurable through policy. See the Endpoint Security VDI Administration Guide.
    • Resolves an issue where clients enter the Restrict state by mistake after the client removes a blade from the command line.
    • Resolves a rare issue where the client User Interface does not appear after a clean Endpoint Security Client installation.
    • Resolves a rare issue where an Endpoint Security Client component (cpda.exe) leaks memory as it attempts upgrades.
E84.30 macOS Clients 14-Jan- 2021 18-Nov-2020 Support Life Cycle Policy
Show Supported OS
Big Sur (11)
macOS Catalina (10.15)
macOS Mojave (10.14)
Show Upgrade Paths
E83.20
E82.50
E82.00
From Catalina (10.15)
From macOS Mojave (10.14)
Show supported blades
  • Anti-Malware
  • Remote Access VPN
  • Firewall for desktop security
  • Compliance
  • Media Encryption
  • Native Encryption Management
  • Threat Emulation
  • Forensics
  • Anti-Ransomware
  • Capsule Docs
  • SandBlast Agent Browser Extension for Chrome
    • TE
    • TEX
    • Zero Phishing
    • Password reuse
    • URL-Filtering
Show Supported Management Servers
R81, R80.40, R80.30 and R80.20 Endpoint Security Management Servers, both on-premises and EPMaas solutions.
Show Downloads

Endpoint Security E84.30 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.30 for Mac

New Features

  • Support for the Endpoint Security Clients on macOS Big Sur (11).
  • Machine Authentication for the VPN client. It allows to perform VPN authentication with a machine certificate from the system keychain of the macOS. Machine Authentication works in user and machine authentication mode, which is a combination of a machine certificate and the selected user authentication method.

Enhancements

  • This release includes stability, quality and performance fixes.
E84.10 31-Oct-2020 31-Oct-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E81.00
and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.10 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.10

New Features

  • ThreatHunting
    • The E84.10 release introduces Threat Hunting, an investigative tool to collect all events from endpoints. This allows an Endpoint Security administrator to get the full scope of an attack, or to uncover stealth attacks. Threat Hunting also provides Security administrators with multiple manual remediation options, such as Quarantine, KillProcess and Forensics Analysis with remediation.
      Threat Hunting on-boarding instructions are available in sk170052
  •  Anti-Malware 
    • Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials.
    • The Anti-malware blade can now work in "Detect only" mode. See sk169753.
  •  VPN
    • The E84.10 release adds the ability to display relevant certificates only during user authentication. See sk169453.
    • Adds the ability to disable client shutdowns through the Windows tray icon menu. See sk75221.
    • Adds the ability to define the site display name when you create a new VPN site with the trac.exe command line utility. 
  • Infrastructure
    • Endpoint Security can now connect to the Management server from an authenticated NTLM proxy with a logged in user's credentials.

Enhancements

  • Anti-Malware 
    • Resolves a possible issue where Anti-Malware and UI processes crash during a machine shutdown. 
    • Resolves a possible issue where the current Anti-Malware process crashes as Endpoint Security Client upgrades. 
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Fixes a Local Privilege Escalation vulnerability that relates to the Anti-Ransomware file restoration process.
    • Fixes a vulnerability that can allow arbitrary file deletions when files restore in Anti-Ransomware.
    • Fixes a very rare issue that can cause an upgrade to fail when it does not delete Anti-Ransomware related files.
    • Fixes an Anti-Ransomware False Positive from a Java installation.
    • Fixes an issue where only the first trigger information was correct among multiple LNK file related triggers in Behavioral Guard.
    • Reduces the likelihood that Forensics quarantines user documents and files from False Positives on Windows Servers.
    • Fixes a rare issue that can cause permanent high CPU usage while Forensics monitors specific API calls.
    • Fixes a rare race condition that can cause Forensics to use the default policy instead of the latest installed policy.
    • Fixes a crash that can occur in injected processes if Forensics receives multiple monitored API events within a short period of time.
    • Forensics can now parse and process Spanish Symantec triggers. 
  • Full Disk Encryption
    • Allows BitLocker Management to install on hardware RAID disks.
    • Adds the ability to use high resolution custom images in the FDE pre-boot. 
    • Adds support for disk sectors larger than 512 bytes in FDE. 
  • Installation  
    • CVE-2020-6015: Resolves a denial of service vulnerability in releases before E84.10 to prevent the storage of service log files in non-standard locations. This is relevant to clean installs only.  Customers with completed installations of Endpoint Security are not vulnerable. 
    • Resolves a possible issue where a clean install with dynamic package fails due to a missing selected .NET framework.
    • Resolves a possible issue where the "Upgrade Time Change" popup does not appear after upgrades fail. 
    • Resolves a possible issue where no lock icon displays in the system tray after Endpoint Security Client fails to upgrade.
    • Resolves a possible issue where some Anti-Malware driver leftovers remain after an Endpoint Security Client uninstall. 
    • Resolves a possible issue where an Endpoint upgrade fails when it tries to remove an existing version of the product. 
    • Resolves a possible issue where the Endpoint uninstall fails as it tries to upgrade itself with a software deployment rule. 
    • Improves the upgrade performance for Forensics blade installations.
  • Infrastructure 
    • Endpoint Security Client now ensures that blade logs and additional information go to the same policy server.
    • Resolves an issue where the Shutdown command does not execute from SmartEndpoint if a user on a client system does not have permission to perform a shutdown.
E84.00 25-Oct-2020 25-Oct-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004

Win 10 2009
Show Upgrade Paths
E80.64

and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909/Win 10 2004 to Win 10 2009
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E84.00 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E84.00

New Feature

  • The E84.00 release adds support for Endpoint Security on Windows 10 20H2 (version 2009).
E83.30 22-Sep-2020 22-Sep-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004
Show Upgrade Paths
E80.64

and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909 to Win 10 2004
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E83.30 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E83.30

Enhancements

  • Anti-Malware
    • Optimizes the Anti-Malware scan performance with the exclusion of the internal Endpoint Security Client files from the scan.
    • Fixes a false positive Anti-Malware predetection issue for a clean file.
  • Anti-Ransomware
    • Fixes an issue with an Anti-Ransomware False Positive on a Zoom beta feature.
    • Fixes a vulnerability that can allow arbitrary file deletions when files restore in Anti-Ransomware.
  • Firewall and Application Control
    • Resolves a BSOD when the firewall driver processes the SIP protocol incorrectly.
  • Infrastructure
    • Resolves a rare issue where the Endpoint Security Client shows the upgrade as scheduled after the client upgrade is complete.
    • Fixes a client-based directory scanner issue for the non-ASCII data in Active Directory that results in garbled or unscanned objects.
E83.20 26-Aug-2020 26-Aug-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903

Win 10 1909

Win 10 2004
Show Upgrade Paths
E80.64

and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903/Win 10 1909 to Win 10 2004
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E83.20 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E83.20

New Features

  • SandBlast Agent Browser Extension now supports the Microsoft Edge (Chromium) browser
    The SandBlast Agent Edge (Chromium) extension supports all the functionality the SandBlast Agent Chrome extension supports:
    • URL Filtering (for Web Management users only)
    • File Download Protection
    • Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection
    • The Edge (Chromium) extension installs automatically when you install the SandBlast Agent, or upgrade to the Endpoint Security Client E83.20 version.
  • Detection of malicious LNK (Windows Shortcut) files
    • Behavioral Guard now analyzes the target of LNK files to determine if the file is malicious.
    • Forensics Analysis now determines if the start of an attack is from an LNK file.
    • Forensics Reports show the targets of all LNK files in an incident.
  • Content view in the Forensics report
    • Available from the Incident Details menu
    • Shows all LNK targets in the incident
    • Shows all AMSI content in the incident
  • "Pass The Hash" detection
    • Behavioral Guard now recognizes the "Pass The Hash" attempts.
  • Full Disk Encryption
    • The Full Disk Encryption pre-boot has a modernized look and feel along with updates to the color-theme and background images.

Enhancements

  • Anti-Malware
    • Fixes an issue where Anti-Malware status reports to the Windows Security Center do not work, if there are errors, or if the reports are disabled in the policy.
    • Resolves a possible issue where the Anti-Malware process crashes during the Endpoint Security Client upgrade.
    • Resolves an Anti-Malware signature update issue from an external server through a proxy.
    • Resolves an issue where no UserCheck message pops up and no log about the detection goes to the Endpoint Security Server when a JAR file is detected as malicious.
  • Anti-Ransomware, Behavioral Guard, and Forensics
    • Behavioral Guard now detects the Pass-The-Hash technique.
    • The Forensics service does not shut down and restart anymore during the Behavioral Guard Signature updates. The update process is faster as a result.
    • Adds new default exclusions to Anti-Ransomware to decrease the number of false positives.
    • Fixes an issue where Forensics can stop its responses if multiple triggers are in the queue, and the current analysis takes a long time to complete.
    • If the Forensics database does not contain a detected file or process, it now generates a minimal report with reputation.
    • If a detected URL is not in the Forensics database, Forensics now generates a minimal report with reputation.
    • Fixes a very rare issue of an infinite loop in Forensics.
    • Improves the Forensics performance as the result of decreased number of unnecessary registry operations.
    • If the reputation service is not available, the Forensic Analysis no longer treats unsigned processes as trusted processes.
    • Fixes a very rare issue in the termination of trusted processes that are part of a Forensics incident.
    • Fixes a rare issue where Forensics can lock up when it receives a new policy.
    • Fixes an issue where the Forensic Analysis fails when the trigger file has a short name.
    • Enhances Forensics analysis to identify attacks that start with Windows shortcut (LNK) files.
    • Adds a new screen to view all AMSI and LNK target content in an incident.
    • Fixes a Forensics report issue where a terminated process can appear in the "Already Terminated Processes" and "Terminated Processes" sections of the Remediation view.
    • The Remediation section of the Forensics report now mentions failures to access or use the remediation service.
  • Compliance
    • Resolves the client non-compliant state when the Windows Server Update Service (WSUS) compliance check configures regardless of the value set in the rule. See sk164060 for policy configuration details.
  • Media Encryption & Port Protection
    • Resolves an issue with the 3rd party backup application Veeam that fails to create a recovery media, if Media Encryption & Port Protection is installed.
  • Full Disk Encryption
    • Resolves the UseRec.exe crash when a recovery file contains users from several domains.
  • Installation
    • Resolves an issue after an upgrade, when the client UI language switches back to the default system language.
    • Resolves a rare issue where the Endpoint Security upgrade process does not complete because of a crash, but a new version registers.
    • Resolves a possible issue where the Endpoint Security Client upgrade fails with the error: "Wait for Install Helper process failed".
    • Resolves a possible issue where Endpoint Security Client upgrade fails with the error: "The paging file is too small for this operation".
    • Resolves a rare issue where Firewall policy is not set after an Endpoint Security Client upgrade.
    • Resolves a possible issue where the Endpoint Security Client upgrade fails with the error: "Changing configuration is not allowed, check the password".
  • Infrastructure
    • Endpoint Security Clients that are disconnected from the domain and use the same local SID can now connect to the management server as unique machines.
    • Resolves client registration issue where SmartEndpoint detects duplicates, when the client computer FQDN does not match the FQDN of its domain.
    • Optimizes the Endpoint Security processes monitor algorithm to decrease CPU consumption, when 3rd party Anti-Malware on-access scanners connect.
    • Introduces enhanced deployment capabilities for small fixes or patches with a new package type that installs changed files only.
    • Resolves CPDA.exe crashes where the Windows Management Instrumentation (WMI) service is disabled during a client upgrade.
    • Resolves the URL Filtering "waiting for policy" error after a client upgrade with the exported package, when the client is in the disconnected state.
E83.20 macOS Clients 12-Aug-2020 12-Aug-2020 Support Life Cycle Policy
Show Supported OS
macOS Catalina (10.15)
macOS Mojave (10.14)
Show Upgrade Paths
E82.50
E82.00
E80.89
From macOS Mojave (10.14)
From macOS High Sierra (10.13)
Show supported blades
VPN

Firewall for desktop security

Compliance

Media Encryption

Native Encryption Management

Threat Emulation

Anti-Ransomware

Capsule Docs

Forensics
Show Supported Management Servers

R80.40

R80.30

R80.20

Show Downloads

Endpoint Security E83.20 Clients for macOS 


Platform Package Link
macOS E83.20 Check Point Endpoint Security Client for macOS  (ZIP)
macOS E83.20 Check Point Endpoint Security Client for macOS (without Capsule Docs and SandBlast Agent) (ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E83.20 Standalone Clients for macOS

Platform Package Link
macOS E83.20 Endpoint Security VPN for macOS - Disc Image (DMG) (DMG)
E83.20 Endpoint Security VPN for macOS - Automatic Upgrade package (PKG) (PKG)
E83.20 Endpoint Security VPN for macOS - Signature for automatic upgrade (signature)


What's New in E83.20 for Mac

New Features

  • Anti-Malware blade for macOS
  • Anti-Malware Contextual scan
  • Support for SandBlast Agent Chrome Browser Extension with URL Filtering capabilities.
    Note: The feature is available for SandBlast Agent Web Management users.
  • Support for additional VPN features:
    • Multiple Authentication Factors
    • Multiple Entry Point, Implicit mode
    • Secondary Connect

Enhancements

  • This release includes stability, quality and performance fixes.
E83.11 14-Jul-2020 14-Jul-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903
Win 10 1909
Show Upgrade Paths
E80.64

and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E83.11 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E83.11

New Features

  • This release prevents exploitation of CVE-2020-1350 on all Windows Server editions supported. Users who install or upgrade to this version are protected from potential attacks related to CVE-2020-1350.
E83.10 22-Jun-2020 22-Jun-2020 Support Life Cycle Policy
Show Supported OS
Win7

Win8.1.1

Win10 1709

Win10 1803

Win10 1809

Win 10 1903
Win 10 1909
Show Upgrade Paths
E80.64

and higher
From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
Show supported blades
Desktop Firewall and Application Control

Anti-Malware

Forensics and Anti-Ransomware

URL Filtering

Anti-Bot

Threat Emulation & Anti-Exploit

Media Encryption and Port Protection

Full Disk Encryption

Compliance

Remote Access VPN (SA/Managed)

Capsule Docs (SA/Managed)
Show Supported Management Servers

R80.40

R80.30

R80.20

R80.20.M2

R80.10

Show Downloads

Endpoint Security E83.10 Clients

Endpoint Security Clients Downloads

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone Clients Downloads
What's New in E83.10

New Features

  • Endpoint Security now supports VMware Horizon VDI (Virtual Desktop Infrastructure), persistent and non-persistent. See the Endpoint Security VDI E83.10 Administration Guide
  • Adds a SandBlast Agent Chrome Browser Extension with URL Filtering capabilities.
    Note: The feature is available for SandBlast Agent Web Management users. It is in Early Availability mode for Chrome users.
  • E83.10 shows a customized icon for encrypted drives.

Enhancements

  • Anti-Malware
    • Resolves an issue where an Anti-Malware scheduled scan occurs, even if it is not in the policy.
    • Resolves an Anti-Malware icon scaling issue.
    • Resolves a possible issue where the Anti-Malware process crashes as it shuts down.
  • Anti-Ransomware, Behavioral Guard and Forensics
    • Behavioral Guard now protects against the "Pass The Hash" technique for credential theft. Credential Dumping is new, as of the previous release.
    • Fixes an issue where Anti-Ransomware does not detect a potential attack when the user is not logged in.
    • Fixes Anti-Ransomware false positives due to user profile deletions.
    • Fixes multiple rare cases of false positives in Anti-Ransomware.
    • Fixes an issue where "out of memory" errors occur when the log lists a very large number of backups.
    • When you disable Anti-Ransomware, the backup driver no longer operates.
    • Improves performance as Forensics now stores fewer named objects, such as mutexes and events.
    • Improves the performance of Forensics, Behavioral Guard and Threat Hunting with enhancements to our Registry Operation exclusion algorithms that reduce the number of recorded registry operations.
  • Firewall and Application Control
    • Resolves client network issues after a Firewall driver uninstallation failure.
    • Resolves a rare issue where an added Firewall blade gets stuck in the "Initializing" state.
    • Resolves a possible upgrade issue where the Firewall blade does not start due to a WatchDog failure.
    • Resolves a rare issue where the Firewall policy is "Not Set" in the client after the policy download from the server.
  • Full Disk Encryption
    • Resolves a possible issue where the Disk Encryption process crashes during shutdown.
  • Media Encryption and Port Protection
      • Resolves a removable media icon blink issue for an encrypted partition when Media Scan is enabled.
    • VPN
      • Improves the work with non-UTF-8 applications. Users can toggle UTF-8 support.
      • Fixes active File Transfer Protocol (FTP) traffic blocks on a standalone VPN client with Firewall.
      • Includes stability and quality fixes. Supports all the features of previous releases.
    • Installation
      • Resolves a possible issue where uninstalling the Endpoint removes components that are necessary for other applications.
      • Resolves a possible issue where the uninstall fails after the user turns off "Network Protection".
      • Resolves a possible issue where the Endpoint Security Client does not run correctly after an operating system upgrade.
      • Resolves a rare issue where the client uninstall fails with Error 1921: "Service Check Point Endpoint Agent (CPDA) could not be stopped".
      • Resolves a rare issue where an upgrade that uses "Dynamic Package" continuously loops after a download fails to resume.
      • The pre-boot language selection choice is now correct after a language update in Windows.
      • Fixes an incompatibility issue with Sophos Antivirus, which could not install on a machine with Endpoint Security Client on it.
    • Infrastructure
      • Resolves a rare User Interface (UI) issue where a malware resolution is not shown to a user.
      • Resolves a client LogViewer issue, where it only shows log records that match the latest log schema.
      • On the Endpoint Security Client screen, the Overview list now shows "Anti-Bot and URL Filtering" instead of "Anti-Bot".
      • The client User Interface (UI) is no longer shown during manual upgrades.
      • Resolves URL infections report issues in the User Interface (UI) so that the infections records are not permanent in the client and server UIs.
      • Anti-Bot and URL Filtering policy now translates to all supported languages.
    • General
      • Improves the performance of the Endpoint Security core driver to reduce CPU consumption.
    E83.00 06-May-2020 06-May-2020 Support Life Cycle Policy
    Show Supported OS
    Win7

    Win8.1.1

    Win10 1709

    Win10 1803

    Win10 1809

    Win 10 1903
    Win 10 1909
    Show Upgrade Paths
    E80.64

    and higher
    From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
    Show supported blades
    Desktop Firewall and Application Control

    Anti-Malware

    Forensics and Anti-Ransomware

    URL Filtering

    Anti-Bot

    Threat Emulation & Anti-Exploit

    Media Encryption and Port Protection

    Full Disk Encryption

    Compliance

    Remote Access VPN (SA/Managed)

    Capsule Docs (SA/Managed)
    Show Supported Management Servers

    R80.40

    R80.30

    R80.20

    R80.20.M2

    R80.10

    Show Downloads

    Endpoint Security E83.00 Clients

    Endpoint Security Clients Downloads

    Standalone Clients Downloads

    Show / Hide this section
    Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

    Standalone Clients Downloads
    What's New in E83.00

    New Features

    • SandBlast Agent now uses ssdeep-computed Fuzzy Hashing to detect and block malicious files. This adds to the standard hash-based reputation check and to similarities through Static Analysis Machine Learning to improve SBA’s ability to catch polymorphic variants of known malware.

    Enhancements 

    • File Reputation, Static File Analysis and Threat Emulation
      • SandBlast Agent now checks the reputation of files based on their similarity to a known ssdeep hash.
    • Anti-Exploit
      • Fixes an issue where Anti-Exploit may not work immediately after an upgrade.
    • Anti-Ransomware, Behavioral Guard and Forensics
      • Fixes a rare Forensics service crash that can occur when a client disconnects from the Management server.
      • Improves Forensics performance by not monitoring Windows Update operations
      • Improves Forensics, Behavioral Guard and Threat Hunting performance slightly by filtering out some sensor data from well known processes.
      • Fixes the re-creation of certain folders such as the document folder if the admin redirects them.
      • Policy can now disable Forensic Analysis for Anti-Ransomware and Behavioral Guard.
      • Fixes a rare issue where the Anti-Ransomware backup driver may not stop on upgrades.
      • Fixes an issue that can prevent an Anti-Ransomware file backup due to a specific sequence of file modification operations.
      • Improves the time to detection for Behavioral Guard and Anti-Ransomware rules by prioritizing active rules over rules being field-tested.
      • Windows Management Instrumentation (WMI) executions are now supported in Behavioral Guard rules.
    • Full Disk Encryption
      • Suspended BitLocker drives now display as unencrypted.
      • Now shows the Caps Lock notification in the pre-boot password change dialog.
      • Fixes a rare Full Disk Encryption pre-boot loop.
    • Media Encryption and Port Protection
        • Resolves an authorization issue, when the scan fails if there are files with long paths on the media.
      • VPN
        • Fixes an issue with privilege escalation vulnerability, where a regular user might be able to execute arbitrary code with system privileges.
      • Installation
        • Resolves a possible issue where an Anti-Malware blade addition that uses Dynamic Package results in Anti-Malware in an error state.
        • Resolves an issue where a command line window pops up briefly during the installation of an exported package.
        • Resolves a possible issue where a client upgrade fails if it happens during a signature update.
        • Resolves a possible issue where the client upgrade fails due to the Vsmon shutdown time being longer than expected.
        • Resolves a possible issue where an upgrade that uses Dynamic Package fails when the zip file extraction fails.
      • Infrastructure
        • Fixes an issue where the status of the client stays in "Deployment is in progress" although the deployment finishes successfully.
        • Fixes an issue where the tray icon of the Endpoint Security client is sometimes missing.
        • Resolves a possible issue where the client's failure to retrieve the SID does not show in the client UI.
        • Resolves an issue where the "Instprep.log" log file has no limit in size.
        • Resolves a possible issue where the reconnect tool doesn't restart the Device Agent service because of an incorrect certificate.
        • Resolves a possible issue where the client log viewer crashes.
        • The Anti-Bot blade is now "Anti-Bot and URL Filtering".
        • Resolves an issue where informative popups display although the policy for "Client User Interface Settings" is not set to "Show all notifications".
      E82.55 23-Apr-2020 23-Apr-2020 Support Life Cycle Policy
      Show Supported OS
      Win7

      Win8.1.1

      Win10 1709

      Win10 1803

      Win10 1809

      Win 10 1903
      Win 10 1909
      Show Upgrade Paths
      E80.64

      and higher
      From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
      Show supported blades
      Desktop Firewall and Application Control

      Anti-Malware

      Forensics and Anti-Ransomware

      URL Filtering

      Anti-Bot

      Threat Emulation & Anti-Exploit

      Media Encryption and Port Protection

      Full Disk Encryption

      Compliance

      Remote Access VPN (SA/Managed)

      Capsule Docs (SA/Managed)
      Show Supported Management Servers

      R80.40

      R80.30

      R80.20

      R80.20.M2

      R77.30 EP 6.5

      R77.30.03

      R77.30

      R80.10

      R77.20 EP6.2

      Show Downloads

      Endpoint Security E82.55 Clients

      Endpoint Security Clients Downloads

      Standalone Clients Downloads

      Show / Hide this section
      Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

      Standalone Clients Downloads
      What's New in E82.55

      New Features

      • Dynamic Package is a new package type ready for download. Dynamic Package with R80.40 can reduce network traffic significantly during existing client upgrades. See "Deploying Endpoint Security Clients" in the R80.40 Endpoint Security Management Server Administration Guide.
      • VMware Horizon Non-Persistent VDI is now in Early Availability. Contact E81_EA@checkpoint.com for more information.
      • Application Control includes a new feature for developer protection that prevents leakage of sensitive information and the use of vulnerable packages. See sk165615 for details.
      • Behavioral Guard now protects against Credential Dumping.
      • Forensics can now report the URL for the file source, when the SandBlast Agent Browser Extension is active.
      • Machine type, roles and features now show in the Forensics report.

      Enhancements 

      • Infrastructure
        • Resolves an issue that prevents machines from connecting to the Endpoint Security Server when the Domain Controller is not reachable.
        • Resolves an issue, where the client may report logs incorrectly, if the username contains non-ANSI symbols.
        • Resolves a rare issue with policy corruption that may put some blades in non-running states.
        • Resolves an issue where the VPN client automatically reappears in Automatic Start, although it is disabled by the Task Manager.
        • Fixes the vulnerability to "RobinHood" (CVE-2018-19320).
      • Anti-Malware
        • Resolves a possible issue, where the server does not display the latest Anti-Malware signature version of the Endpoint Security clients.
        • Resolves an issue, where the policy state displays as "Unknown" in the client User Interface.
      • Anti-Exploit
        • Fixes a rare BSOD, related to Anti-Exploit infrastructure.
      • Anti-Ransomware, Behavioral Guard and Forensics
        • Reduces repeated logs for specific errors to improve Behavioral Guard performance.
        • Adds a default exclusion to prevent a known case of an Anti-Ransomware false positive.
        • Forensics and Anti-Exploit now correctly identify the latest versions of Microsoft Edge (based on Chromium) as a browser.
        • SandBlast Agent browser extensions now report the URLs used to download files to Forensics. This information now displays in the Entry Point view in the Forensics report, when it is present.
        • Fixes an issue where the Behavioral Guard log and the equivalent Forensics log show different levels of confidence.
        • Fixes a rare race condition that can override the current Forensics policy with the default policy.
        • Fixes an issue where Forensics generates "Analysis Failed" reports, when policy disables Forensics Analysis.
        • Fixes an issue that can cause DNS sensor information to be withheld from Forensics.
        • Fixes an issue in the Forensics report, where trigger processes incorrectly show as remotely executed by Windows Management Instrumentation (WMI).
        • The Overview screen Entry Point tool-tip now displays correctly for Windows Management Instrumentation (WMI) executions.
        • Adds the type of the machine to the General View of the Forensics Report. The type can be a desktop, a laptop, a Virtual Machine, or a server.
        • Machines Roles and Features, as defined by Windows, are now available in the General view of the Forensics Report.
        • The Reputation view in the Forensics report now has an option to select and copy Hashes, URLs and IPs.
      • Firewall and Application Control
          • Improves compatibility with 3rd-party VPN software.
        • Full Disk Encryption
          • The firmware logo wallpaper now shows, when Windows loads after the Full Disk Encryption pre-boot.
          • Fixes dual recovery file delivery on fresh installations, on UEFI machines.
        • Media Encryption and Port Protection
          • Resolves an issue, where allowed non-storage devices can show as blocked in SmartEndpoint Media Encryption and Port Protection reports.
          • Resolves an issue, where the user does not see an option to override company encryption policy to copy data from network shared folders.
          • Resolves an issue where the wrong authorization status shows in the Media Encryption UI.
          • Resolves a possible system freeze from corrupted settings of the Media Encryption blade.
        • Installation
          • Resolves an issue, where the Endpoint Security installation may fail after a miscalculation of the required disk space.
          • No longer displays a redundant user check pop-up on an installation retry.
        E82.50 macOS Clients 07-Apr-2020 07-Apr-2020 Support Life Cycle Policy
        Show Supported OS
        macOS Catalina (10.15)
        macOS Mojave (10.14)
        Show Upgrade Paths
        E82.00
        E80.89
        From macOS Mojave (10.14)
        Show supported blades
        VPN

        Firewall for desktop security

        Compliance

        Media Encryption

        Native Encryption Management

        Threat Emulation

        Anti-Ransomware

        Capsule Docs

        Forensics
        Show Supported Management Servers

        R80.30

        R80.20

        R77.30.03

        Show Downloads

        Endpoint Security E82.50 Clients for macOS 


        Platform Package Link
        macOS E82.50 Check Point Endpoint Security Client for macOS  (ZIP)
        macOS E82.50 Check Point Endpoint Security Client for macOS (without Capsule Docs and SandBlast Agent) (ZIP)

        Standalone Clients Downloads

        Show / Hide this section
        Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

        E82.50 Standalone Clients for macOS

        Platform Package Link
        macOS E82.50 Endpoint Security VPN for macOS - Disc Image (DMG) (DMG)
        E82.50 Endpoint Security VPN for macOS - Automatic Upgrade package (PKG) (PKG)
        E82.50 Endpoint Security VPN for macOS - Signature for automatic upgrade (signature)


        What's New in E82.50 for Mac
        Introduces the Anti-Malware blade for macOS. Currently, it is EA quality, with the blade’s main capabilities, such as:
        • Displays current status in the client UI.
        • Enables full system scan, manual and scheduled by policy.
        • Quarantines malicious files and enables the user to restore by policy.
        • Updates malware signatures from the Check Point Signature server in the cloud.
        • Reports back about malicious files to the Endpoint Management server.
        For more information, see the “Endpoint Security Client for Mac Online Help” pages in the "Anti-Malware" section.

        Enhancements

        • This release includes stability, quality and performance fixes.
        E82.50 31-Mar-2020 31-Mar-2020 Support Life Cycle Policy
        Show Supported OS
        Win7

        Win8.1.1

        Win10 1709

        Win10 1803

        Win10 1809

        Win 10 1903
        Win 10 1909
        Show Upgrade Paths
        E80.64

        and higher
        From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
        Show supported blades
        Desktop Firewall and Application Control

        Anti-Malware

        Forensics and Anti-Ransomware

        URL Filtering

        Anti-Bot

        Threat Emulation & Anti-Exploit

        Media Encryption and Port Protection

        Full Disk Encryption

        Compliance

        Remote Access VPN (SA/Managed)

        Capsule Docs (SA/Managed)
        Show Supported Management Servers

        R80.40

        R80.30

        R80.20

        R80.20.M2

        R77.30 EP 6.5

        R77.30.03

        R77.30

        R80.10

        R77.20 EP6.2

        Show Downloads

        Endpoint Security E82.50 Clients

        Endpoint Security Clients Downloads

        Standalone Clients Downloads

        Show / Hide this section
        Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

        Standalone Clients Downloads
        What's New in E82.50

        New Features

        • Dynamic Package is a new package type ready for download. Dynamic Package with R80.40 can reduce network traffic significantly during existing client upgrades. See "Deploying Endpoint Security Clients" in the R80.40 Endpoint Security Management Server Administration Guide.
        • VMware Horizon Non-Persistent VDI is now in Early Availability. Contact E81_EA@checkpoint.com for more information.
        • Application Control includes a new feature for developer protection that prevents leakage of sensitive information and the use of vulnerable packages. See sk165615 for details.
        • Behavioral Guard now protects against Credential Dumping.
        • Forensics can now report the URL for the file source, when the SandBlast Agent Browser Extension is active.
        • Machine type, roles and features now show in the Forensics report.

        Enhancements 

        • Anti-Malware
          • Resolves a possible issue, where the server does not display the latest Anti-Malware signature version of the Endpoint Security clients.
          • Resolves an issue, where the policy state displays as "Unknown" in the client User Interface.
        • Anti-Exploit
          • Fixes a rare BSOD, related to Anti-Exploit infrastructure.
        • Anti-Ransomware, Behavioral Guard and Forensics
          • Reduces repeated logs for specific errors to improve Behavioral Guard performance.
          • Adds a default exclusion to prevent a known case of an Anti-Ransomware false positive.
          • Forensics and Anti-Exploit now correctly identify the latest versions of Microsoft Edge (based on Chromium) as a browser.
          • SandBlast Agent browser extensions now report the URLs used to download files to Forensics. This information now displays in the Entry Point view in the Forensics report, when it is present.
          • Fixes an issue where the Behavioral Guard log and the equivalent Forensics log show different levels of confidence.
          • Fixes a rare race condition that can override the current Forensics policy with the default policy.
          • Fixes an issue where Forensics generates "Analysis Failed" reports, when policy disables Forensics Analysis.
          • Fixes an issue that can cause DNS sensor information to be withheld from Forensics.
          • Fixes an issue in the Forensics report, where trigger processes incorrectly show as remotely executed by Windows Management Instrumentation (WMI).
          • The Overview screen Entry Point tool-tip now displays correctly for Windows Management Instrumentation (WMI) executions.
          • Adds the type of the machine to the General View of the Forensics Report. The type can be a desktop, a laptop, a Virtual Machine, or a server.
          • Machines Roles and Features, as defined by Windows, are now available in the General view of the Forensics Report.
          • The Reputation view in the Forensics report now has an option to select and copy Hashes, URLs and IPs.
        • Firewall and Application Control
            • Improves compatibility with 3rd-party VPN software.
          • Full Disk Encryption
            • The firmware logo wallpaper now shows, when Windows loads after the Full Disk Encryption pre-boot.
            • Fixes dual recovery file delivery on fresh installations, on UEFI machines.
          • Media Encryption and Port Protection
            • Resolves an issue, where allowed non-storage devices can show as blocked in SmartEndpoint Media Encryption and Port Protection reports.
            • Resolves an issue, where the user does not see an option to override company encryption policy to copy data from network shared folders.
            • Resolves an issue where the wrong authorization status shows in the Media Encryption UI.
            • Resolves a possible system freeze from corrupted settings of the Media Encryption blade.
          • Installation
            • Resolves an issue, where the Endpoint Security installation may fail after a miscalculation of the required disk space.
            • No longer displays a redundant user check pop-up on an installation retry.
          • Infrastructure
            • Resolves an issue, where the client may report logs incorrectly, if the username contains non-ANSI symbols.
            • Resolves a rare issue with policy corruption that may put some blades in non-running states.
            • Resolves an issue where the VPN client automatically reappears in Automatic Start, although it is disabled by the Task Manager.
            • Fixes the vulnerability to "RobinHood" (CVE-2018-19320).
          E82.40 16-Feb-2020 16-Feb-2020 Support Life Cycle Policy
          Show Supported OS
          Win7

          Win8.1.1

          Win10 1709

          Win10 1803

          Win10 1809

          Win 10 1903
          Win 10 1909
          Show Upgrade Paths
          E80.64

          and higher
          From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
          Show supported blades
          Desktop Firewall and Application Control

          Anti-Malware

          Forensics and Anti-Ransomware

          URL Filtering

          Anti-Bot

          Threat Emulation & Anti-Exploit

          Media Encryption and Port Protection

          Full Disk Encryption

          Compliance

          Remote Access VPN (SA/Managed)

          Capsule Docs (SA/Managed)
          Show Supported Management Servers

          R80.40

          R80.30

          R80.20

          R80.20.M2

          R77.30 EP 6.5

          R77.30.03

          R77.30

          R80.10

          R77.20 EP6.2

          Show Downloads

          Endpoint Security E82.40 Clients

          Endpoint Security Clients Downloads

          Standalone Clients Downloads

          Show / Hide this section
          Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

          Standalone Clients Downloads
          What's New in E82.40

          New Features

          • Adds a new protection in Static Analysis against CVE-2020-0601. This prevents the use of spoofed ECC (Elliptic Curve Cryptography) certificates on malicious executables.
          • Behavioral Guard now detects Windows-reported CVEs to generate a log and Forensic Analysis. An example is CVE-2020.0601. This is different from the Static Analysis protection that is not dependent on Windows-reported CVEs.
          • Behavioral Guard Meterpreter Reverse Shell detections are now active, by default.
          • Behavioral Guard new injection detections including Process Hollowing are now active, by default.
          • Forensics can now identify starting points of attacks originating from lateral movement and Windows Management Instrumentation (WMI). Indirect execution on a single machine through WMI is now detected and followed in the Forensics Analysis.

          Enhancements 

          • Anti-Malware
            • Resolves the issue where an Anti-Malware infection event is not showing in SmartEndpoint Reporting, if special characters are in the path.
            • Resolves an issue where Anti-Malware reporting does not update in SmartEndpoint, after the infections list changes in the Anti-Malware blade.
            • Fixes an Anti-Malware system scan memory issue, when scanning files with alternate data streams.
          • Anti-Exploit
            • Fixes an issue that can cause the Anti-Exploit service to crash in x86 systems, after an upgrade.
            • Fixes a rare issue where the machine hangs during an upgrade (related to a driver that Anti-Exploit uses).
            • Fixes an issue where Anti-Exploit may not work immediately after an upgrade.
          • Anti-Bot
            • Anti-Bot detection status now updates to the server User Interface continuously for additions and removals from the client.
          • Behavioral Guard and Forensics
              • Improves performance slightly by removing unnecessary logs from Behavioral Guard.
              • Fixes an issue in the Forensics Log Card to report a trigger rather than the process of a trigger.
              • Fixes an issue with a Forensic crash in a Virtual Disk Infrastructure (VDI) environment.
            • Firewall and Application Control
              • Resolves a possible issue where the Firewall blade has the Initializing status after an upgrade due to some missing dll files.
              • Resolves a possible issue where registry parsing, while self protection is active, causes a BSOD.
              • Fixes the vsdatant.sys driver synchronization issue that causes a BSOD on driver unload.
              • Resolves the issue where Long Term Evolution (LTE) and Universal Mobile Telecommunication System (UMTS) devices are not recognized as wireless by the "Disconnect wireless connections when connected to the LAN" feature.
            • Full Disk Encryption
              • Resolves an incorrect report about the Full Disk Encryption blade not running during a Windows shutdown, when the Deployment Agent (CPDA) does not receive a shutdown notification.
              • Sets BCDBOOT as the default on fresh installs.
              • Fixes Unified Extensible Firmware Interface (UEFI) to use the customized image rebrandings of UEFI preboots.
              • No longer forces a reboot when the pre-boot bypass is off, by policy.
            • Media Encryption and Port Protection
              • Fixes and removes the requirement to install Visual Studio 2017 runtimes when running the Media Encryption offline utility "Access to Business Data". Note: The Mac offline utility now supports macOS Catalina (10.15).
            • VPN
              • Fixes an issue where the location inside the organization is not recognized properly.
              • Adds the detection of McAfee Security Endpoint v10.6 into Secure Configuration Verification (SCV).
              • Fixes an issue where the user is not able to use several question marks in the password.
            • Installer
              • Resolves a possible issue where the client upgrade fails, when the Anti-Malware blade cannot reach a database file, after an ungraceful process termination.
              • Resolves a sudden reboot, after a client upgrade finishes, before a custom countdown timer ends.
              • Resolves an issue where Installer terminates on machines with specific locales, if the user has a name with specific localized UTF-8 characters.
              • Resolves a possible issue where the installation fails, by waiting for a process from a previous installation to stop.
              • Increases the timeout value for Windows Installer (MSI) to wait for Full Disk Encryption to finish a deployment in offline mode.
              • Fixes the Full Disk Encryption uninstall, after a Windows 10 upgrade.
            • General
              • Fixes an issue with the Deployment Agent (CPDA). Now, it tries to resend the UpdateRegister message, when the machine has network configuration changes, if the message did not go through, during startup.
              • Resolves an issue where the "Disconnected Policy" is not defined, and appears in the display, when the client is connected.
              • Fixes the issue of duplicate user objects for the same user in Other Users / Computers.
            E82.30 19-Jan-2020 19-Jan-2020 Support Life Cycle Policy
            Show Supported OS
            Win7

            Win8.1.1

            Win10 1709

            Win10 1803

            Win10 1809

            Win 10 1903
            Win 10 1909
            Show Upgrade Paths
            E80.64

            and higher
            From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
            Show supported blades
            Desktop Firewall and Application Control

            Anti-Malware

            Forensics and Anti-Ransomware

            URL Filtering

            Anti-Bot

            Threat Emulation & Anti-Exploit

            Media Encryption and Port Protection

            Full Disk Encryption

            Compliance

            Remote Access VPN (SA/Managed)

            Capsule Docs (SA/Managed)
            Show Supported Management Servers

            R80.30

            R80.20

            R80.20.M2

            R77.30 EP 6.5

            R77.30.03

            R77.30

            R80.10

            R77.20 EP6.2

            Show Downloads

            Endpoint Security E82.30 Clients

            Endpoint Security Clients Downloads

            Standalone Clients Downloads

            Show / Hide this section
            Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

            Standalone Clients Downloads
            What's New in E82.30

            Enhancements 

            • Compliance
              • Resolves an issue, where the Compliance blade no longer reflects the correct status of Microsoft Windows updates, after the Windows Server Update Services (WSUS) server is updated.
            • Firewall and Application Control
              • Resolves an issue, where Endpoint Security Firewall policy is not applied on the Endpoint Security Client, and shows as "Not Set" in UI, when Hotspot settings allow connections on any port.
            • Anti-Ransomware, Behavioral Guard and Forensics
              • Fixes an issue where backups and Anti-Ransomware detections are not occurring on files encrypted using EFS. Thanks to Amit Klein from SafeBreach for discovering the vulnerability.
              • Fixes a rare potential performance issue in Forensics related to file events.
              • Reduces the time to shut down Forensics during upgrades and updates.
            • Installation
                • Resolves a possible issue, where the client reports "Failed to download package", while the package is already downloaded, during an upgrade.
                • Resolves a possible issue, where the client's old version displays in Smart Endpoint, after a client upgrade.
                    E82.20 19-Dec-2019 19-Dec-2019 Support Life Cycle Policy
                    Show Supported OS
                    Win7

                    Win8.1.1

                    Win10 1709

                    Win10 1803

                    Win10 1809

                    Win 10 1903
                    Win 10 1909
                    Show Upgrade Paths
                    E80.64

                    and higher
                    From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
                    Show supported blades
                    Desktop Firewall and Application Control

                    Anti-Malware

                    Forensics and Anti-Ransomware

                    URL Filtering

                    Anti-Bot

                    Threat Emulation & Anti-Exploit

                    Media Encryption and Port Protection

                    Full Disk Encryption

                    Compliance

                    Remote Access VPN (SA/Managed)

                    Capsule Docs (SA/Managed)
                    Show Supported Management Servers

                    R80.30

                    R80.20

                    R80.20.M2

                    R77.30 EP 6.5

                    R77.30.03

                    R77.30

                    R80.10

                    R77.20 EP6.2

                    Show Downloads

                    Endpoint Security E82.20 Clients

                    Endpoint Security Clients Downloads

                    Standalone Clients Downloads

                    Show / Hide this section
                    Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                    Standalone Clients Downloads
                    What's New in E82.20

                    New Features

                    • The new detection engine "File Reputation" is now active as part of the Threat Emulation blade.
                      • Scans files eligible for Threat Emulation upon creation.
                      • Checks the file hash against the Check Point cloud reputation service and treats malicious files accordingly.
                      • Considers Malware, Riskware and Adware with medium or high confidence as malicious.
                      • Is an online service.
                      • For more information, see Known Limitations.
                    • Adds the ability to check for the latest updates on the client using an integration with Microsoft's Windows Server Update Services (WSUS). See sk164060.
                      • Adds DNS connection information to the Tree and Tree-Timeline Views of the Forensics Report.
                      • Mutexes and other named objects now appear in the Tree and Tree-Timeline Views of the Forensics Report.
                      • Adds Full Disk Encryption Caps Lock notification to pre-boot.

                      Enhancements 

                      • Anti-Malware
                        • Fixes an issue where the Anti-Malware process does not stop during an upgrade in Windows 19H1.
                        • Resolves a rare crash of Anti-Malware that happens if Anti-Malware exits, while a system scan is active.
                      • Media Encryption and Port Protection
                        • Fixes internal scanner error during the authorization scan with McAfee VirusScan Enterprise.
                        • Fixes an unexpected UserCheck message when no data is being written to a removable media.
                        • Fixes the incorrect deployed package name in deployment reports.
                        • Fixes Windows Autoplay feature interference on unmanaged machines, when the Access To Business Data window is opened behind the Windows Explorer.
                      • Firewall and Application Control
                        • Fixes an issue where Windows Subsystems for Linux (WSL) processes sometimes hang on network access.
                      • Anti-Ransomware, Behavioral Guard and Forensics
                        • Improves performance by eliminating unnecessary logging from the API sensor.
                        • Improves performance by not logging repeating errors in third party AV logs, when used with Forensics.
                        • Improves performance of the Forensics Report collection subsystem by not attempting to resend corrupted reports.
                        • Fixes an issue that could prevent Anti-Ransomware backup operations.
                        • Fixes an issue that prevents Anti-Ransomware restoration, in the case of a delete failure followed by a delete success.
                        • Removing a Folder exclusion from Anti-Ransomware now correctly enforces backup and restorations for the folder.
                        • Fixes a Behavioral Guard rule issue that can result in failures in non-English language detections.
                        • Adds a new section for Incident Remediation applied policy in the Remediation section of the Forensics report. This now shows the effective Incident Remediation settings when the report is created.
                        • Removes the duplicate line in the Forensics Log Card Description for when the report is not created.
                        • Fixes an issue where the user does not show correctly in the Forensics Report.
                        • Kaspersky Anti-Virus detections now correctly trigger Forensics.
                        • Forensics now treats PowerShell_ISE.exe similarly to PowerShell.exe for the relevant Mitre ATT&CK™ techniques. 
                        • Remote Logon techniques now show as either External or Internal Remote Logon techniques in the Forensics Report.
                        • Fixed an issue in which processes were terminated although they were excluded in policy.
                      • Installation
                        • Fixes an issue where a redundant reboot is required when installing Endpoint on a machine with the Media Encryption and Port Protection (MEPP) offline utility.
                        • Fixes an issue where the installation process crashes, causing the upgrade to fail.
                        • Fixes an issue where services are down after a client upgrade due to a WatchDog failure.
                        • Resolves a rare issue, where the Compliance blade crashes during an upgrade when WatchDog restarts the new blade before the installer completed files cleanup.
                      •  General
                        • Fixes an issue where the Daf-Server process crashes due to error in logging infrastructure.
                        • Resolves a possible issue, where the client sometimes does not connect to the Endpoint Security Server, when a synchronous connection takes too long.
                        • Fixes uninstall password mismatch issue for a never connected client.
                        • Fixes an issue where 5 minutes after login, the user policy is changed into the default policy for a few seconds.
                        • Fixes an issue where Check Point processes are assigned with insufficient privileges and suspended after client installation.
                        • Fixes an issue where blades might appear as not running due to a failure in the Check Point Device Auxiliary Framework Service (IDAFServerHostService.exe) process.
                        • Enables forcing TLS 1.2 only, in client-server communication.
                      • VPN
                        • Stability improvements.
                        • Minor localization issues are fixed.
                        • Fixes not displaying the login prompt, when a user roams from the internal to an external network.
                      • SandBlast Agent for Browsers
                        • When a form site is scanned by SandBlast Agent for Browsers Zero Phishing, the user now has the following options:
                          • In case of detection as phishing site, the user can report the detection as a false positive.
                          • In case of no detection (the page was verified as Bengin by Zero Phishing), the user can report the page as a Phishing site by clicking on the "report Phishing site" link in the extension pop up. 
                      • Full Disk Encryption
                            E82.10 24-Nov-2019 24-Nov-2019 Support Life Cycle Policy
                            Show Supported OS
                            Win7

                            Win8.1.1

                            Win10 1709

                            Win10 1803

                            Win10 1809

                            Win 10 1903
                            Win 10 1909
                            Show Upgrade Paths
                            E80.64

                            and higher
                            From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809/Win10 1903 to Win 10 1909
                            Show supported blades
                            Desktop Firewall and Application Control

                            Anti-Malware

                            Forensics and Anti-Ransomware

                            URL Filtering

                            Anti-Bot

                            Threat Emulation & Anti-Exploit

                            Media Encryption and Port Protection

                            Full Disk Encryption

                            Compliance

                            Remote Access VPN (SA/Managed)

                            Capsule Docs (SA/Managed)
                            Show Supported Management Servers

                            R80.30

                            R80.20

                            R80.20.M2

                            R77.30 EP 6.5

                            R77.30.03

                            R77.30

                            R80.10

                            R77.20 EP6.2

                            Show Downloads

                            Endpoint Security E82.10 Clients

                            Endpoint Security Clients Downloads

                            Standalone Clients Downloads

                            Show / Hide this section
                            Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                            Standalone Clients Downloads
                            What's New in E82.10

                            New Features

                            • E82.10 adds support for Endpoint on Windows 10 19H2 (version 1909).

                            Enhancements 

                            • Compliance
                              • Fixes an issue when the Compliance blade fails to detect the McAfee Endpoint Security running status, if no user is logged in.
                            • Anti-Malware
                              • Fixes an issue where the Endpoint Security client upgrade fails because the Anti-Malware process fails to unload.
                              • Fixes an issue for sites blocked by Anti-Malware web protection.
                              • Fixes an issue where Endpoint Security significantly slows the Kaspersky Endpoint Protection upgrade process.
                            • Anti-Ransomware, Behavioral Guard and Forensics
                              • Fixes an issue where symbolic links with Anti-Ransomware honeypot restoration may allow Denial of Service attacks.
                              • Older Anti-Ransomware honeypots are now deleted on upgrades.
                              • Fixes an issue where Anti-Ransomware honeypots are not created on newer locations like program data and app data, when upgrading from an earlier version of the product.
                              • Fixes an Anti-Ransomware False Positive that can occur due to the VMware Horizon Persona Management application.
                              • Improves performance of the injection sensor when many processes are launched in a short period of time.
                              • Fixes an issue that may cause the Forensics Analysis to include benign processes when NVIDIA processes are launched prior to the Logon screen appearing.
                              • Fixes an issue where the entire Forensic incident is not analyzed if it involves the use of NTFS Alternate Data Streams.
                              • Fixes an issue where some IPv6 addresses are not correctly identified as internal IPs for the RDP Brute Force detection in Behavioral Guard.
                            • Media Encryption and Port Protection
                              • Fixes an issue where Media Encryption and Port Protection does not update the Offline Data Access utility on an encrypted removable media.
                            • Full Disk Encryption
                              • Fixes a rare issue where an FDE process crashes when switching from BitLocker Management to FDE.
                            •  VPN
                              • Includes stability and quality fixes. Supports all the features of previous releases.
                              • Improves the log mechanism. Logs will stay on the machine for a longer time.
                              • Includes performance improvements with large scale topology.
                            • General 
                              • The initial connection to the server does not require the Endpoint Security Client to be connected to the domain controller.
                              • Fixes an issue for the Endpoint Security Client to report its name to display accurately in Deployment reports of SmartEndpoint.
                              • Fixes a rare case of BSOD that may happen during an arbitrary process creation.
                                  E82.00 for Mac macOS (Limited Availability) 20-Nov-2019 20-Nov-2019 Support Life Cycle Policy
                                  Show Supported OS
                                  macOS Catalina (10.15)
                                  macOS Mojave (10.14)
                                  From macOS Mojave (10.14)
                                  Show supported blades
                                  VPN

                                  Firewall for desktop security

                                  Compliance

                                  Media Encryption

                                  Native Encryption Management

                                  Threat Emulation

                                  Anti-Ransomware

                                  Capsule Docs

                                  Forensics
                                  Show Supported Management Servers

                                  R80.30

                                  R80.20

                                  R77.30.03

                                  Show Downloads

                                  Endpoint Security E82.00 Clients


                                  Platform Package Link
                                  macOS E82.00 Check Point Endpoint Security Client for macOS (without Capsule Docs and SandBlast Agent) (ZIP)

                                  Standalone Clients Downloads

                                  Show / Hide this section
                                  Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                                  E82.00 Standalone Clients

                                  Platform Package Link
                                  macOS E82.00 Endpoint Security VPN for macOS - Disc Image (DMG) (DMG)
                                  E82.00 Endpoint Security VPN for macOS - Automatic Upgrade package (PKG) (PKG)
                                  E82.00 Endpoint Security VPN for macOS - Signature for automatic upgrade (signature)


                                  What's New in E82.00 for Mac
                                  This release adds these new features:

                                  New Features

                                  • Support for the Endpoint Security Clients on macOS Catalina (10.15).

                                    Enhancements

                                    • New User Interface aligned with the look and feel of the Windows product.
                                    • This release includes stability, quality and performance fixes.
                                    The E82.00 Limited Availability release is focused on the support of macOS Catalina. Some of the blades have limited functionality, or are not supported. These blades will be available with full functionality for the E82.00 General Availability release planned for the end of the year.

                                    Below are the unsupported blades in this release:
                                    • Media Encryption has limited functionality in this release. Refer to the Known Limitations section.
                                    • Threat Emulation is not supported.
                                    • Anti-Ransomware is not supported.
                                    • Capsule Docs is not supported.
                                    The above blades and the new Forensic blade will be supported in the General Availability release of this software.

                                    The supported blades in this release are:
                                    • Remote Access VPN
                                    • Firewall for desktop security
                                    • Compliance
                                    • Native Encryption Management
                                    E82.00 03-Nov-2019 03-Nov-2019 Support Life Cycle Policy
                                    Show Supported OS
                                    Win7

                                    Win8.1.1

                                    Win10 1709

                                    Win10 1803

                                    Win10 1809

                                    Win 10 1903
                                    Show Upgrade Paths
                                    E80.64

                                    and higher
                                    From Win7/Win 8.1.1/Win10 1709/Win10 1803/Win10 1809 to Win10 1903
                                    Show supported blades
                                    Desktop Firewall and Application Control

                                    Anti-Malware

                                    Forensics and Anti-Ransomware

                                    URL Filtering

                                    Anti-Bot

                                    Threat Emulation & Anti-Exploit

                                    Media Encryption and Port Protection

                                    Full Disk Encryption

                                    Compliance

                                    Remote Access VPN (SA/Managed)

                                    Capsule Docs (SA/Managed)
                                    Show Supported Management Servers

                                    R80.30

                                    R80.20

                                    R80.20.M2

                                    R77.30 EP 6.5

                                    R77.30.03

                                    R77.30

                                    R80.10

                                    R77.20 EP6.2

                                    Show Downloads

                                    Endpoint Security E82.00 Clients

                                    Endpoint Security Clients Downloads

                                    E82.00 Standalone Clients

                                    Show / Hide this section
                                    Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                                    Standalone Clients Downloads
                                    What's New in E82.00

                                    New Features

                                    • BitLocker Management
                                      Check Point Endpoint Security E82.00 Client introduces BitLocker Management as an option in the Full Disk Encryption Blade.
                                      BitLocker is an integrated part of Windows. The Check Point BitLocker Management feature uses the Endpoint Security Server, Client Agent and Management UI to manage BitLocker. BitLocker Management is Windows 10 only. See the BitLocker Management Administration Guide.
                                    • New Detection Techniques
                                      • Meterpreter / Reverse Shell Detection
                                        Behavioral Guard now supports enhanced behavioral detections of reverse shells. This detection is currently in silent and will be turned on via a remote update at a later stage.
                                      • RDP Brute Force Detections
                                        Behavioral Guard now supports RDP Brute Force detections. This detection is currently in silent and will be turned on via a remote update at a later stage.
                                    • VPN's Post Disconnect Feature
                                      The post disconnect script feature allows users to run scripts on client computers after disconnections from gateways. See the Revision History of the Remote Access for Windows Administration Guide.

                                    Enhancements 

                                    • Anti-Ransomware, Behavioral Guard and Forensics
                                      • Fixes a rare issue which causes Forensics to crash if there is corruption in the backup and restoration database.
                                      • Fixes an issue that results in the entire Forensics database being purged when the database size limit is reached.
                                      • Fixes an issue where Privilege Escalation is not determined for the start process in the Forensics Report.
                                      • Fixes an issue where the Bypass User Account Control Mitre ATT&CK technique is not determined accurately.
                                    • Firewall and Application Control
                                      • Fixes a rare issue where Firewall blade is not running after an upgrade.
                                      • Fixes a rare issue where arbitrary processes are suspended.
                                    • Capsule Docs
                                      • Enforcements to prevent screen captures are not implemented now because there are no practical needs for them.
                                    • Media Encryption and Port Protection
                                      • Resolves the "Unrecognized scan log format" message when scanning a removable media with McAfee 8.8 on the Japanese OS version.
                                      • Fixes a localization issue of Japanese text in the Offline Access tool.
                                    • Installation
                                      • Fixes the rejected client msi import in MS AD GPO deployment.
                                      • Informs the user to reboot the machine after Windows 10 OS upgrade from builds below 18000 instead of forcing the reboot. 
                                    • General
                                      • Reconnects the server, if the Virtual Machine is cloned after connecting the server and assigned a new SID.
                                      • Fixes a rare issue where the cpda process crashes. 
                                      • Fixes a rare issue where the client's connection status is incorrectly displayed as "connected". 
                                          E81.40 24-Sept-2019 24-Sept-2019 Support Life Cycle Policy
                                          Show Supported OS
                                          Win7

                                          Win8.1.1

                                          Win10 1703 Enterprise

                                          Win10 1709

                                          Win10 1803

                                          Win10 1809

                                          Win 10 1903
                                          Show Upgrade Paths
                                          E80.64

                                          and higher
                                          From Win7/Win 8.1.1/Win10 1703/Win10 1709/Win10 1803/Win10 1809 to Win10 1903
                                          Show supported blades
                                          Desktop Firewall and Application Control

                                          Anti-Malware

                                          Forensics and Anti-Ransomware

                                          URL Filtering

                                          Anti-Bot

                                          Threat Emulation & Anti-Exploit

                                          Media Encryption and Port Protection

                                          Full Disk Encryption

                                          Compliance

                                          Remote Access VPN (SA/Managed)

                                          Capsule Docs (SA/Managed)
                                          Show Supported Management Servers

                                          R80.30

                                          R80.20

                                          R80.20.M2

                                          R77.30 EP 6.5

                                          R77.30.03

                                          R77.30

                                          R80.10

                                          R77.20 EP6.2

                                          Show Downloads

                                          Endpoint Security E81.40 Clients

                                          Endpoint Security Clients Downloads

                                          Standalone Clients Downloads

                                          Show / Hide this section
                                          Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                                          Standalone Clients Downloads
                                          What's New in E81.40

                                          New Features

                                          • Static File Analysis is a new prevention technology based on Machine Learning.
                                            • The technology inspects hundreds of static features on executables created on the endpoint and uses a machine learning model to deliver a verdict.
                                            • The technology has a high detection rate and an extremely low false-positive rate. It is fast and it can reach a verdict in a few tens of milliseconds.
                                            • The impact on performance is negligible.
                                          • Mitre ATT&CKTM Matrix is now supported in Forensics. After an incident has been analyzed, Mitre ATT&CK techniques and tactics are identified and shown in the report.
                                            • Overview screen now shows the ATT&CK matrix.
                                            • Dedicated ATT&CK matrix screen in Suspicious Events Menu.
                                            • Dedicated view for all events from a technique including a description of the technique taken from Mitre.
                                            • Mapping of some Suspicious events that are not categorized by Mitre into Mitre tactics.
                                          • Anti-Exploit is now detecting on DejaBlue CVEs (CVE-2019-1181) for Windows 10 machines.
                                            • DejaBlue represents a new set of Remote Code Execution exploits similar to that of BlueKeep.
                                          • Remote Desktop Protocol identification in Behavioral Guard and Forensics.
                                            • Forensic reports now highlight if an incident start can be traced to a user who was logged in remotely.
                                            • When available remote machine name and IP will also be shown in the General screen.
                                            • If the remote connection was made from inside or outside the network is also available in the Overview screen.
                                          • Privilege Escalation identification in Behavioral Guard and Forensics.
                                            • Forensic reports now highlight privilege escalation.
                                            • Process integrity levels have been added to the Process Security tab in the Incident Details view.
                                          • Injection identification in Behavioral Guard and Forensics.
                                            • Forensic reports now showcase and highlight injections that happen during an incident.
                                            • Multiple injection detection rules have been developed. These will be enabled via automatic update once enough telemetry is available. 

                                          Enhancements 

                                          • Compliance
                                            • Improves the running status detection of Windows Defender.
                                          • Anti-Malware
                                            • Fixes Anti-Malware system scan error when scanning nested archives.
                                          • Anti-Bot
                                            • Reduces Anti-Bot's false positives significantly with better classification of the detections. This reduction does not affect Anti-Bot's detection rate.
                                          • Anti-Ransomware, Behavioral Guard and Forensics
                                            • Improves Behavioral Guard performance by optimizing log creation.
                                            • Anti-Ransomware backup exclusions that are removed from the policy are now being enforced correctly and do not require a reboot.
                                            • Turning Anti-Ransomware off and on now correctly creates the honeypot folders.
                                            • Honeypots deleted and in the recycle bin are no longer monitored by Anti-Ransomware.
                                            • Improves Forensic algorithm to find all executions of the identified execution root if it is not trusted. This ensures that all instances of a malicious process are detected.
                                            • Forensics Reports now highlight Mitre ATT&CKTM Tactics and Techniques. The Mitre ATT&CKTM matrix has its own screen and shows in the overview.
                                            • Injections are now monitored in the Forensic Report. These are the changes and enhancements:
                                              • The attack start is not a process that was injected into if the injecting process is also part of the incident.
                                              • The Incident Details Tree and Tree-Timeline views now show all injection links.
                                              • Processes injected into now show up after the process creation time of the process starting the injection.
                                            • Forensics now calculates Process Integrity levels. This allows us to see privilege escalation in Forensic Reports. The Process Security Tab in Incident Details shows the integrity level.
                                            • Forensics reports now show if the user who was connected at the start of an incident was connected remotely. In the case of RDP, the machine name and the IP shows as well.
                                              • Adds new Overview screen slider in to switch between Mitre ATT&CKTM, Network Map and Execution Tree screens.
                                              • Adds new default exclusions for taskhost.exe and taskhostw.exe to improve Forensics performance.
                                              • Suspicious events and Mitre ATT&CKTM techniques will no longer treat 'deleted file' events similar to 'create' and 'modification' events. This reduces the occurrence of miss-classified events or techniques.
                                              • The Incident Details screen now opens correctly in response to a click on the process tree in the Forensics Overview screen.
                                              • When the Forensic report is viewed in smaller resolutions, the MD5 value in the General screen may cut off. A new tool-tip was added to show the entire MD5.
                                              • Forensic reports no longer scale infinitely with the display size. The max width and height is now 2560 x 1600 pixels.
                                              • Process argument strings in Forensics reports are now encoded so that Anti-Malware does not detect on them.
                                              • Attempting to open a Forensics report prior to the analysis completion will now correctly show an in-progress page.
                                            • Media Encryption and Port Protection
                                                • Enables copying of Alternate Data Streams (ADS) over NTFS together with the original filename to a removable drive upon user consent.
                                                • Resolves Authorization scan error "Internal scanner error" when scanning a USB device with McAfee AV.
                                                • Fixes the code so that using wildcards for custom settings in device exceptions now accepts the wildcards in any position of the string.
                                              • Threat Emulation and Anti-Exploit
                                                  • Improves Threat Emulation performance significantly. The number of I/O operations and the CPU consumption are greatly reduced.
                                                • Firewall and Application Control
                                                  • Fixes a rare race condition that might result in a BSOD during process termination.
                                                • Updater
                                                  • Fixes an issue when MSI upgrade logs are not collected on the Czech version of Windows.
                                                • Browser Extension
                                                  • Browser extension logs for TAC requests are now included when the user creates regular CPInfo logs.
                                                • General
                                                  • SandBlast Agent can now work in front of Private ThreatCloud instead of Checkpoint ThreatCloud. This is useful for customers who have isolated environments that do not connect to Checkpoint ThreatCloud.
                                                      E81.30_HF 06-Oct-2019 06-Oct-2019 Support Life Cycle Policy
                                                      Show Supported OS
                                                      Win7

                                                      Win8.1.1

                                                      Win10 1703 Enterprise

                                                      Win10 1709

                                                      Win10 1803

                                                      Win10 1809

                                                      Win 10 1903
                                                      Show Upgrade Paths
                                                      E80.64

                                                      and higher
                                                      From Win7/Win 8.1.1/Win10 1703/Win10 1709/Win10 1803/Win10 1809 to Win10 1903
                                                      Show supported blades
                                                      Desktop Firewall and Application Control

                                                      Anti-Malware

                                                      Forensics and Anti-Ransomware

                                                      URL Filtering

                                                      Anti-Bot

                                                      Threat Emulation & Anti-Exploit

                                                      Media Encryption and Port Protection

                                                      Full Disk Encryption

                                                      Compliance

                                                      Remote Access VPN (SA/Managed)

                                                      Capsule Docs (SA/Managed)
                                                      Show Supported Management Servers

                                                      R80.30

                                                      R80.20

                                                      R80.20.M2

                                                      R77.30 EP 6.5

                                                      R77.30.03

                                                      R77.30

                                                      R80.10

                                                      R77.20 EP6.2

                                                      Show Downloads

                                                      Endpoint Security E81.30_HF Clients

                                                      Endpoint Security Clients Downloads

                                                      Standalone Clients Downloads

                                                      Show / Hide this section
                                                      Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                                                      Standalone Clients Downloads
                                                      What's New in E81.30_HF

                                                      Enhancements 

                                                      • SandBlast Agent Browser Extension
                                                        • Fixes a minor security issue with the SBA browser extension.
                                                      • Anti-Malware
                                                        • Fixes an issue with restore files from a quarantine operation via push operation on paths with non-English characters.
                                                      • Anti-Ransomware, Behavioral Guard and Forensics
                                                        • Fixes an issue in Forensics, where if a silent detection occurs prior to an active detection on the same process, the report is not generated for the active detection. This also affects the Anti-Ransomware UI screens.
                                                        • Fixes an issue where exclusions based on a process with a rule name are not enforced in Behavioral Guard when the rule involves more than one process.
                                                        • Fixes a very rare issue in Behavioral Guard that is related to an infinite loop.
                                                        • Fixes an Anti-Ransomware false positive related to filehistory.exe.
                                                        • Aligns the default local backup policy to the default Management backup policy for Anti-Ransomware.
                                                      • Firewall and Application Control
                                                        • Fixes an issue when the "Disconnect Wireless connection when connected by LAN" feature does not work on Windows 10 version 1903.
                                                        • Fixes an uncommon issue where the installation fails to upgrade the firewall driver.
                                                        • Fixes an issue when the installer fails to install VPN or Firewall due to reaching the maximum number of network filters on Window 8 and higher.
                                                      • Install / Uninstall
                                                        • CVE-2019-8461: Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
                                                        E81.30 26-Aug-2019 26-Aug-2019 Support Life Cycle Policy
                                                        Show Supported OS
                                                        Win7

                                                        Win8.1.1

                                                        Win10 1703 Enterprise

                                                        Win10 1709

                                                        Win10 1803

                                                        Win10 1809

                                                        Win 10 1903
                                                        Show Upgrade Paths
                                                        E80.64

                                                        and higher
                                                        From Win7/Win 8.1.1/Win10 1703/Win10 1709/Win10 1803/Win10 1809 to Win10 1903
                                                        Show supported blades
                                                        Desktop Firewall and Application Control

                                                        Anti-Malware

                                                        Forensics and Anti-Ransomware

                                                        URL Filtering

                                                        Anti-Bot

                                                        Threat Emulation & Anti-Exploit

                                                        Media Encryption and Port Protection

                                                        Full Disk Encryption

                                                        Compliance

                                                        Remote Access VPN (SA/Managed)

                                                        Capsule Docs (SA/Managed)
                                                        Show Supported Management Servers

                                                        R80.30

                                                        R80.20

                                                        R80.20.M2

                                                        R77.30 EP 6.5

                                                        R77.30.03

                                                        R77.30

                                                        R80.10

                                                        R77.20 EP6.2

                                                        Show Downloads

                                                        Endpoint Security E81.30 Clients

                                                        Endpoint Security Clients Downloads

                                                        Standalone Clients Downloads

                                                        Show / Hide this section
                                                        Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                                                        Standalone Clients Downloads
                                                        What's New in E81.30

                                                        Enhancements 

                                                        • Anti-Malware
                                                          • Fixes an issue with restore files from a quarantine operation via push operation on paths with non-English characters.
                                                        • Anti-Ransomware, Behavioral Guard and Forensics
                                                          • Fixes an issue in Forensics, where if a silent detection occurs prior to an active detection on the same process, the report is not generated for the active detection. This also affects the Anti-Ransomware UI screens.
                                                          • Fixes an issue where exclusions based on a process with a rule name are not enforced in Behavioral Guard when the rule involves more than one process.
                                                          • Fixes a very rare issue in Behavioral Guard that is related to an infinite loop.
                                                          • Fixes an Anti-Ransomware false positive related to filehistory.exe.
                                                          • Aligns the default local backup policy to the default Management backup policy for Anti-Ransomware.
                                                        • Firewall and Application Control
                                                          • Fixes an issue when the "Disconnect Wireless connection when connected by LAN" feature does not work on Windows 10 version 1903.
                                                          • Fixes an uncommon issue where the installation fails to upgrade the firewall driver.
                                                          • Fixes an issue when the installer fails to install VPN or Firewall due to reaching the maximum number of network filters on Window 8 and higher.
                                                        • Install / Uninstall
                                                          • CVE-2019-8461: Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH location on a clean image without Endpoint Client installed. An attacker can leverage this to gain LPE using a specially crafted DLL placed in any PATH location accessible with write permissions to the user.
                                                          E81.20 07-Aug-2019 07-Aug-2019 Support Life Cycle Policy
                                                          Show Supported OS
                                                          Win7

                                                          Win8.1.1

                                                          Win10 1703 Enterprise

                                                          Win10 1709

                                                          Win10 1803

                                                          Win10 1809

                                                          Win 10 1903
                                                          Show Upgrade Paths
                                                          E80.64

                                                          and higher
                                                          From Win7/Win 8.1.1/Win10 1703/Win10 1709/Win10 1803/Win10 1809 to Win10 1903
                                                          Show supported blades
                                                          Desktop Firewall and Application Control

                                                          Anti-Malware

                                                          Forensics and Anti-Ransomware

                                                          URL Filtering

                                                          Anti-Bot

                                                          Threat Emulation & Anti-Exploit

                                                          Media Encryption and Port Protection

                                                          Full Disk Encryption

                                                          Compliance

                                                          Remote Access VPN (SA/Managed)

                                                          Capsule Docs (SA/Managed)
                                                          Show Supported Management Servers

                                                          R80.30

                                                          R80.20

                                                          R80.20.M2

                                                          R77.30 EP 6.5

                                                          R77.30.03

                                                          R77.30

                                                          R80.10

                                                          R77.20 EP6.2

                                                          Show Downloads

                                                          Endpoint Security E81.20 Clients

                                                          Endpoint Security Clients Downloads

                                                          Standalone Clients Downloads

                                                          Show / Hide this section
                                                          Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

                                                          Standalone Clients Downloads
                                                          What's New in E81.20

                                                          New Features

                                                          • Performance improvements in Forensics, Behavioral Guard and Threat Emulation.
                                                          • The Zero Phishing agent now uses a brand new Machine Learning model and the Check Point reputation service for up-to-date information on malicious phishing sites to improve detection rates.
                                                          • Behavioral Guard now has the ability to prevent the execution of malicious scripts (PowerShell, for example). In earlier releases, Behavioral Guard detected and terminated the scripts after their execution.
                                                          • VPN adds the ability to match the VPN user to the logged-in Windows user and display it in the username field of the connect dialog.
                                                          • VPN adds the ability to disable implicit SDL when SDL is enabled.
                                                          • VPN adds the ability to choose a customized Display Name when creating a site from a link.
                                                          • VPN adds the ability to enable the Connect button before any response is written.

                                                          Enhancements 

                                                          • VPN
                                                            • Fixes a rare crash that can occur when you send ICMP packets.
                                                            • Includes stability and quality fixes. Supports all the features of previous releases.
                                                          • Anti-Malware
                                                            • Fixes an issue where no Anti-Malware logs show in the GUI under the Anti-Malware blade if a malicious file is quarantined after a manual Anti-Malware scan.
                                                          • Threat Emulation and Anti-Exploit
                                                            • 30% reduction in I/O while monitoring files created on the system.
                                                            • Fixes an Anti-Exploit issue that causes an instance of Chrome to crash occasionally with an "Aw, snap" message.
                                                          • Anti-Ransomware, Behavioral Guard and Forensics
                                                            • Files backed up by Anti-Ransomware can no longer be viewed by users who did not originally have access to the file.
                                                            • Ransomware events first detected by Behavioral Guard are now treated like Anti-Ransomware detections, with the ability to restore modified files automatically.
                                                            • Anti-Ransomware better recognizes older honeypots now and deletes them if they are not in use.
                                                            • Fixes a false positive in Anti-Ransomware that involves runtimebroker.exe.
                                                            • Fixes Anti-Ransomware false positives associated with user account deletions.
                                                            • Anti-Ransomware is now much less likely to be triggered on file changes made over a very long period of time (days).
                                                            • Improves Forensics performance with a drastic reduction in the number of Anti-Ransomware patterns that are no longer relevant. 
                                                            • Fixes an extremely rare infinite loop in Behavioral Guard.
                                                            • Improves performance in Behavioral Guard by reducing the amount of local logs written.
                                                            • Behavioral Guard now creates logs and sends them to Management.
                                                            • Behavioral Guard now has the ability to block PowerShell attacks if the rule is set to prevent them. The scripts in such cases never execute. 
                                                            • Adds more behavioral detections that involve the use of Microsoft HTML Application (MSHTA).
                                                            • Adds more default and dynamic exclusions to Forensics monitoring to improve performance.
                                                            • Adds many new suspicious events in Forensics.
                                                            • Improves the performance of user mode process certificate checks with the introduction of a caching system.
                                                            • Fixes an issue where a certificate is mistakenly declared invalid in Forensics when the root certificate is not present. Processes using such certificates will no longer appear as unsigned. 
                                                            • Fixes a rare crash in Forensics where configuration settings for a Forensics sensor may be called before the sensor starts.
                                                            • Fixes a potential, but rare, infinite loop in the Forensics Analysis. 
                                                            • Fixes an issue that causes a crash during Forensics Report creation that can occur if explorer is terminated.
                                                            • Fixes an issue in the Forensics analysis that causes a Windows Management Instrumentation Command-Line Utility (WMIC) process that invokes another WMIC process to not appear in the execution tree.
                                                            • Processes considered to be the "trigger" in Forensics can no longer be hidden when a large number of processes are involved in a Forensics incident.
                                                            • Adds support for certain applications to be treated as Entry Point applications instead of appearing in the execution tree. This prevents automatic remediation of the application. The Lookeen application is an example. 
                                                            • Forensics now correctly shows that a file is already deleted when Anti-Malware quarantines the file.
                                                            • Fixes an issue that occurs when a user name is not shown in a Forensics Report.
                                                            • The Windows System process no longer appears in the list of remediation items, if it is involved in an incident, and it is not sent for remediation that would fail.
                                                            • The Windows System process now always appears as trusted in the Forensics report.
                                                            • Business Impact shown in the Forensics Report no longer contains files from Windows folders, as well as from the SandBlastBackup folder. 
                                                          • Media Encryption and Port Protection
                                                            • Fixes issues with container size calculation, when encryption fails with "not enough space for encryption" error. 
                                                            • Media Encryption and Port Protection have performance improvements with Box Drive software.
                                                          • Firewall and Application Control
                                                            • Allows opening ranges of ports for hotspot registrations. See sk41586.
                                                            • Fixes a rare issue where Endpoint crashes during an upgrade.
                                                          • Application Control 
                                                            • Resolves a BSOD in vsdatant.sys during client upgrade.
                                                            • Fixes an issue where the "Application Control" blade uses 100% of the CPU for a few seconds during boot time. 
                                                          • Infrastructure
                                                            • SandBlast can now update quickly with new trusted signers to reduce the number of false positives across all the technologies.
                                                            • Fixes an issue that causes expired root certificates to not be validated. 

                                                            Note: For Endpoint Security Client Legacy Releases, refer to sk171496 - Endpoint Security Client Legacy Releases (Detailed Information per Release).



                                                               Relevant Documents and SecureKnowledge   More

                                                             


                                                            Revision History

                                                            Show / Hide this section
                                                            Date Description
                                                            18-Jan-2021 Added information about R81
                                                            Added link to sk171583 (Endpoint Security Server Legacy Releases (Detailed Information per Release))
                                                            12-Jan-2021 Added link to sk171496 (Endpoint Security Client Legacy Releases (Detailed Information per Release))
                                                            22-Sep-2020 Added information about E83.30
                                                            26-Aug-2020 Added information about E83.20
                                                            12-Aug-2020 Added information about E83.20 macOS Clients
                                                            14-Jul-2020 Added information about E83.11
                                                            22-Jun-2020 Added information about E83.10
                                                            02-Jun-2020 Set R80.40 as "Recommended & Latest", and stated that "It is also required to download the General Availability Take of the Jumbo Hotfix Accumulator for R80.40."
                                                            06-May-2020 Added information about E83.00
                                                            23-Apr-2020 Added information about E82.55
                                                            07-Apr-2020 Added information about E82.50 macOS Clients
                                                            31-Mar-2020 Added information about E82.50
                                                            16-Feb-2020 Added information about E82.40
                                                            28-Jan-2020 Added information about R80.40
                                                            19-Jan-2020 Added information about E82.30
                                                            19-Dec-2019 Added information about E82.20
                                                            24-Nov-2019 Added information about E82.10
                                                            20-Nov-2019 Added information about E82.00 for Mac macOS
                                                            03-Nov-2019 Added information about E82.00
                                                            06-Oct-2019 Added information about E81.30_HF
                                                            24-Sept-2019 Added information about E81.40
                                                            26-Aug-2019 Added information about E81.30
                                                            07-Aug-2019 Added information about E81.20
                                                            30-Jun-2019 Added information about E81.10
                                                            27-May-2019 Added information about E80.97
                                                            22-May-2019 Added information about E81.00
                                                            16-Apr-2019 Added information about E80.96
                                                            31-Mar-2019 Added information about E80.95
                                                            12 Mar 2019  Added information about E80.94
                                                            14 Feb 2019 Added information about E80.92
                                                            31 Dec 2018 Added information about E80.90
                                                            30 Dec 2018 Added information about E80.89 for Mac
                                                            09 Dec 2018 Added information about E80.89
                                                            08 Nov 2018 Added information about E80.88
                                                            27 Sep 2018 Added information about E80.87
                                                            22 August 2018 Added information about E80.86
                                                            11 July 2018 Added information about E80.85
                                                            20 June 2018 Added information about E80.84
                                                            08 Mar 2018 Added information about E80.81
                                                            06 Feb 2018 Added information about E80.80
                                                            21 Dec 2017 Added information about E80.71 for Mac
                                                            30 Nov 2017 Added information about E80.71
                                                            27 Aug 2017 First release of this document.

                                                            Give us Feedback
                                                            Please rate this document
                                                            [1=Worst,5=Best]
                                                            Comment