Client Releases Downloads | Endpoint Client Releases Information | Management Releases | Cloud & Web Management for Harmony Endpoint | Harmony Endpoint for Linux | Architecture and Getting Started | Best Practices | Client OS Support | Server Releases Information | Relevant SKs | Revision History
Enterprise Endpoint Security E86.26 (E86.25 Hotfix) Windows Clients. This Hotfix complements the E86.25 release with important fixes. Writing a CD/DVD when Media Encryption is installed is now successful. Also, when working with DHS compliant Anti-Malware blade (E2), files located on network drives are now always inspected by the Threat Emulation blade. Remotely deployed endpoints can now successfully connect to the Management Server. Additionally, when working with DHS compliant Anti-Malware blade (E2), Filesystem scanning is fully stable.
Enterprise Endpoint Security E86.50 Windows Clients This release adds a new "Search And Fetch" Push Operation that allows Security Administrators to search for files on clients and upload them to SFTP sites. Moreover, "Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. Additionally, Media Encryption and Port Protection blades are now certified for a Citrix VDI environment. Lastly, the DHS Compliant Anti-Malware (E2) now fully supports VDI environments.
New "Search And Fetch" Push Operation that allows Security Administrators to search for files on clients and upload them to SFTP sites.
"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk.
Media Encryption and Port Protection blades are now certified for a Citrix VDI environment.
The DHS Compliant Anti-Malware (E2) now fully supports VDI environments.
Endpoint Client now supports new Push Operations: creating and deleting a VPN site and registry key or value, collecting processed information from the client machine, and moving or deleting a file on the client machine.
Endpoint Client now supports turning ON/OFF admin-enabled capabilities.
Harmony Endpoint now supports multi-users in Windows environments. The solution includes Microsoft Terminal Servers (RDS), Citrix Virtual Apps (XenApp), and VMware Horizon Apps.
Through the network-level URL Filtering, the Endpoint's full network traffic can now be monitored by the URL Filtering logic.
The Endpoint Security Client new User Interface is available in Early Availability mode.
The "Block BitLocker Encryption" feature for non-encrypted volumes is now enabled, preventing Ransomware attackers from encrypting drives with BitLocker.
A small executable named Mac Tiny Agent which is downloaded from an Endpoint server. Once it runs, it downloads and installs the initial client. Tiny Agent's functionality is very similar to tiny/nano agent in Windows.
A popular Microsoft MDM named Intune MDM. Its support entails the tiny agent, which can generate a special script that should be uploaded to Intune.
A new supplementary guide named Endpoint Security for Mac Mobile Device Management (MDM) Deployment Guide is also released, explaining how to upgrade using PKG file only.
Supported OS
Big Sur (11) , macOS Catalina (10.15) , macOS Mojave (10.14) , macOS 12 (Monterey) - GA
Supported Upgrade Paths
E86.20, E85.30, E84.70, E84.30, E83.20
OS In-place upgrade
From Catalina (10.15) , macOS Mojave (10.14)
Supported Management Servers
R81, R80.40, R80.30 and R80.20 Endpoint Security Management Servers, both on-premises and EPMaas solutions.
Supported Blades
Firewall for Desktop security , Anti-Malware , Forensics and Anti-Ransomware , Media Encryption , Compliance , Remote Access VPN , Native Encryption Management , Capsule Docs , SandBlast Agent Browser Extension for Chrome (Threat Emulation , TEX , Zero Phishing , Password reuse , URL Filtering)
Accessing a USB device while upgrading from client version E85.00 or earlier, where the Anti-Ransomware blade is active, is now always possible.
A Sharing violation while using network drive for Microsoft Office / PDF files, which yields the message “Someone else is working in <filename>. Please try again later”, no longer occurs.
Firewall blade now always functions correctly when adding it during the Harmony Endpoint Client upgrade procedure.
System crash (BSOD) when upgrading Harmony Endpoint Client while Check Point's Root Certificate is not installed no longer occurs.
General Availability support for the Endpoint Security Clients on macOS Monterey (12)
Software Deployment General Availability
Port Protection Early Availability feature for blocking USB, Bluetooth, camera and printer devices. See sk176366 for more details.
Initial client: A small sized client (~20MB) which allows easier initial deployment of Endpoint Clients to an organization
Push operations: the following push operations are supported- Collect Logs to Check Point FTP server, Kill process, Uninstall client, Reboot machine, Shutdown machine, Scan for malware (AM), Update signatures (AM), Restore quarantined files (AM), Analyze by indicator, File Remediation
AM on access performance improvements
macOS endpoints now have support for Threat Hunting
VPN features:
VPN client for macOS can be installed without Firewall blade
Location Aware Connectivity Early Availability: Remote Access Clients intelligently detects whether or not it is inside the VPN domain (Enterprise LAN), and automatically connects or disconnects as required
VPN client for macOS can use additional cypher suites from TLS1.2 while creating VPN sites
Supported OS
Big Sur (11) , macOS Catalina (10.15) , macOS Mojave (10.14) , macOS 12 (Monterey) - GA
Supported Upgrade Paths
E85.30, E84.70, E84.30, E83.20
OS In-place upgrade
From Catalina (10.15) , macOS Mojave (10.14)
Supported Management Servers
R81, R80.40, R80.30 and R80.20 Endpoint Security Management Servers, both on-premises and EPMaas solutions.
Supported Blades
Firewall for Desktop security , Anti-Malware , Forensics and Anti-Ransomware , Media Encryption , Compliance , Remote Access VPN , Native Encryption Management , Capsule Docs , SandBlast Agent Browser Extension for Chrome (Threat Emulation , TEX , Zero Phishing , Password reuse , URL Filtering)
Introduces a hotfix on top of E84.70 in addition to all the E84.70 contents. In this release, the PPL processes for Windows Security Center: Anti-Malware, Firewall and Threat Emulation were signed with a new cross-signed certificate. The new signature preempts the possibility that a future KB release of Microsoft Windows will block the Check Point PPL processes. This fixes an issue that only exists in E84.70.
Threat Hunting - an investigative tool to collect all events from Endpoints that provides Security administrators with multiple manual remediation options such as Quarantine, KillProcess and Forensics Analysis with remediation.
Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials and can also work in "Detect only" mode.
Endpoint Protection for many Linux distributions, including Ubuntu, Debian, RHEL, CentOS, Oracle Linux, Amazon Linux, and more.
Contains both static and dynamic engines such as Anti-Malware and Behavioral Guard for providing a high level of security for your Linux clients and servers.
Integrated with Endpoint Detection and Response (EDR) and Threat Hunting for easy searching of threats and various investigations capabilities.
Automatically updated for up-to-date protection against the latest attacks in the wild.
Low footprint and good performance, optimized for both Linux clients and Linux servers.
Clients communicate with the Management Server over HTTP/HTTPs.
The Endpoint Management architecture works in a "star" scheme to support large-scale environments.
The central "brain" of the system is the "Management Server" and the delegate servers are named "Policy Servers".
Each Management Server can support a maximum of ~10,000 endpoints. Multiple Policy Servers can be chained to support a management of up to 400,000 devices from a single environment.
The environment supports unified log reporting through SmartLog.
Check Point Endpoint Security clients protect all of your Windows and Mac workstations, including laptops, Desktops, and Windows Servers.
Check Point takes part in various OS manufactures' development processes and we start the support of new versions when vendors release development builds.
We are committed to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however in practice we are delivering much faster. See sk115192 for OS support timeline.
Check Point R81.10 - What’s New for Endpoint Management:
Media Encryption & Port Protection policy
Firewall policy
Application Control policy
Developer protection policy
Push Operation for Host Isolation and Client Uninstall
Check Point R81 - What’s New for Endpoint Management:
SandBlast Agent Web Management - A new Web-based management interface for Endpoint Threat Prevention components. Note: For the best user experience it is recommended to use SandBlast Agent Web Management with Google Chrome.
Communication with management services remains on port 443, instead of port 4434, when the Endpoint Management component is activated.
Anti-Malware support for shared signature locations to support non-persistent VDI environments.
Manage URL Filtering capabilities of SandBlast Agent Browser Extension.
Application Control policy changes - Support multiple versions per product, terminate application and block WSL. (Windows Subsystem for Linux).
New set of Developer Protections for developers computers.
Compliance integration with Windows Server Update Services (WSUS).
TACACS authentication for Web Remote Help (WebRH).
Media Encryption & Port Protection - Import device overrides from a file.
Note: These R8x Servers (running Gaia OS) can manage both Gateway and Endpoints.
Architecture and Getting Started
Best Practices
Client OS Support
Server Releases Information
Relevant SK articles