The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Endpoint Security Homepage
Endpoint Security Client, Endpoint Security Server
E84.x (EOL), E85.x (EOL), E86.x, E87.x
Client Releases Downloads | Endpoint Client Releases Information | Management Releases | Cloud & Web Management for Harmony Endpoint | Harmony Endpoint for Linux | Architecture and Getting Started | Best Practices | Client OS Support | Server Releases Information | Relevant SKs | Revision History
Enterprise Endpoint Security E87.20 Windows Clients. Added ability to examine VPN configuration and display intersections of IP address ranges. Added File Action push operations which allow to copy, move folders on endpoint computers. Applied Server Profiles will now be shown in the Policies view of Endpoint Client UI. Endpoint Security Client will now automatically disable Windows Defender Firewall during installation on Windows Servers. Improved protections against AMSI (Anti-Malware Scan Interface) Bypass. Forensics blade will now update management about the status of sending information to Threat Hunting. In Compliance blade, added support for Windows 11, Windows Server 2019 and Windows Server 2022.
Enterprise Endpoint Security E87.30 macOS Clients. Connection awareness is now supported on macOS. Added ability to examine VPN configuration and display intersections of IP address ranges. Added ability to configure how VPN client for macOS handles DNS settings. The output of the "./trac info" command will now show the authentication method when SAML authentication is used. Added Built-in Help to the client UI.
URL Filtering feature based on Network Monitoring is now supported on macOS. It allows to apply URL Filtering policy to all applications in addition to URL filtering provided by previous versions through browser extensions on Safari, Chrome, and Firefox.
Added ability to specify fingerprint of the Gateway when creating a site from CLI.
Added File Action push operations which allow to copy, move or delete files on endpoint computers.
Vulnerability Management capability is now available for EA customers. It reduces the attack surface through accurate assessment of vulnerabilities, risky applications, and computers within the organization.
Added ability to specify fingerprint of the Gateway when creating a site from CLI.
Added support for Endpoint Security on Windows 11 version 22H2.
Added the Endpoint Security browser extension to the Brave browser. Improved the detection algorithm reducing the amount of false-positive ransomware detections.
Anti-Malware can now update signatures from https://kav8.zonealarm.com/v6. Enhanced the purge mechanism to reduce memory consumption during AMSI logs cleanup. Also, added AR and BG support for asterisks and environment variables support on exclusions.
The Endpoint Client now blocks against more encryption programs that may be used to encrypt a drive as part of a Ransomware attack. Programs that are used for legitimate purposes can be allowed by excluding the encryptor's signature. The feature is controlled by the "Block Bitlocker Encryption" option in the Endpoint management.
Endpoint Client now supports new Push Operations: creating and deleting a VPN site and registry key or value, collecting processed information from the client machine, and moving or deleting a file on the client machine.
Endpoint Client now supports turning ON/OFF admin-enabled capabilities.
Harmony Endpoint now supports multi-users in Windows environments. The solution includes Microsoft Terminal Servers (RDS), Citrix Virtual Apps (XenApp), and VMware Horizon Apps.
A small executable named Mac Tiny Agent which is downloaded from an Endpoint server. Once it runs, it downloads and installs the initial client. Tiny Agent's functionality is very similar to tiny/nano agent in Windows.
A popular Microsoft MDM named Intune MDM. Its support entails the tiny agent, which can generate a special script that should be uploaded to Intune.
A new supplementary guide named Endpoint Security for Mac Mobile Device Management (MDM) Deployment Guide is also released, explaining how to upgrade using PKG file only.
General Availability support for the Endpoint Security Clients on macOS Monterey (12)
Software Deployment General Availability
Port Protection Early Availability feature for blocking USB, Bluetooth, camera and printer devices. See sk176366 for more details.
Initial client: A small sized client (~20MB) which allows easier initial deployment of Endpoint Clients to an organization
Push operations: the following push operations are supported- Collect Logs to Check Point FTP server, Kill process, Uninstall client, Reboot machine, Shutdown machine, Scan for malware (AM), Update signatures (AM), Restore quarantined files (AM), Analyze by indicator, File Remediation
AM on access performance improvements
macOS endpoints now have support for Threat Hunting
VPN client for macOS can be installed without Firewall blade
Location Aware Connectivity Early Availability: Remote Access Clients intelligently detects whether or not it is inside the VPN domain (Enterprise LAN), and automatically connects or disconnects as required
VPN client for macOS can use additional cypher suites from TLS1.2 while creating VPN sites
Introduces a hotfix on top of E84.70 in addition to all the E84.70 contents. In this release, the PPL processes for Windows Security Center: Anti-Malware, Firewall and Threat Emulation were signed with a new cross-signed certificate. The new signature preempts the possibility that a future KB release of Microsoft Windows will block the Check Point PPL processes. This fixes an issue that only exists in E84.70.
Threat Hunting - an investigative tool to collect all events from Endpoints that provides Security administrators with multiple manual remediation options such as Quarantine, KillProcess and Forensics Analysis with remediation.
Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials and can also work in "Detect only" mode.
Check Point Endpoint Security clients protect all of your Windows and Mac workstations, including laptops, Desktops, and Windows Servers.
Check Point takes part in various OS manufactures' development processes and we start the support of new versions when vendors release development builds.
We are committed to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however in practice we are delivering much faster. See sk115192 for OS support timeline.
Check Point R81.20 - What’s New for Endpoint Management:
Endpoint Policy Management
Use Single Sign-On to connect to the Endpoint Web Management Console.
Harmony Endpoint Web UI
IoC Management - Users can now add Indicators of Compromise to their Endpoint Policy Management.
Connection Awareness - Allows administrators to configure their own entity to determine the connectivity of the clients, and change a device's policy type from "Connected" to "Disconnected", and vice-versa accordingly.
Remote Access VPN
Exclude SaaS applications (such as Office 365) from the Remote Access VPN tunnel.
Use SAML 2.0 to authenticate Remote Access VPN users with an Identity Provider.
Check Point R81.10 - What’s New for Endpoint Management:
Media Encryption & Port Protection policy
Application Control policy
Developer protection policy
Push Operation for Host Isolation and Client Uninstall
Check Point R81 - What’s New for Endpoint Management:
SandBlast Agent Web Management - A new Web-based management interface for Endpoint Threat Prevention components. Note: For the best user experience it is recommended to use SandBlast Agent Web Management with Google Chrome.
Communication with management services remains on port 443, instead of port 4434, when the Endpoint Management component is activated.
Anti-Malware support for shared signature locations to support non-persistent VDI environments.
Manage URL Filtering capabilities of SandBlast Agent Browser Extension.
Application Control policy changes - Support multiple versions per product, terminate application and block WSL. (Windows Subsystem for Linux).
New set of Developer Protections for developers computers.
Compliance integration with Windows Server Update Services (WSUS).
TACACS authentication for Web Remote Help (WebRH).
Media Encryption & Port Protection - Import device overrides from a file.
Note: These R8x Servers (running Gaia OS) can manage both Gateway and Endpoints.