The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Endpoint Security Homepage
Technical Level
Solution ID
sk117536
Technical Level
Product
Endpoint Security Client, Endpoint Security Server
Version
E84.x (EOL), E85.x (EOL), E86.x, E87.x
OS
Windows, macOS
Date Created
22-May-2017
Last Modified
28-Mar-2023
Solution
Client Releases Downloads | Endpoint Client Releases Information | Management Releases | Cloud & Web Management for Harmony Endpoint | Harmony Endpoint for Linux | Architecture and Getting Started | Best Practices | Client OS Support | Server Releases Information | Relevant SKs | Revision History
Enterprise Endpoint Security E87.20 Windows Clients. Added ability to examine VPN configuration and display intersections of IP address ranges. Added File Action push operations which allow to copy, move folders on endpoint computers. Applied Server Profiles will now be shown in the Policies view of Endpoint Client UI. Endpoint Security Client will now automatically disable Windows Defender Firewall during installation on Windows Servers. Improved protections against AMSI (Anti-Malware Scan Interface) Bypass. Forensics blade will now update management about the status of sending information to Threat Hunting. In Compliance blade, added support for Windows 11, Windows Server 2019 and Windows Server 2022.
Enterprise Endpoint Security E87.30 macOS Clients. Connection awareness is now supported on macOS. Added ability to examine VPN configuration and display intersections of IP address ranges. Added ability to configure how VPN client for macOS handles DNS settings. The output of the "./trac info" command will now show the authentication method when SAML authentication is used. Added Built-in Help to the client UI.
Added the "Enable the user to postpone the client installation and upgrade" option.
Added File Action push operations which allow to copy, move folders on endpoint computers.
When proxy settings are configured on macOS, proxy connection is used by default. When proxy connection is not available, it will be now bypassed by agent to connect directly.
URL Filtering feature based on Network Monitoring is now supported on macOS. It allows to apply URL Filtering policy to all applications in addition to URL filtering provided by previous versions through browser extensions on Safari, Chrome, and Firefox.
Added ability to specify fingerprint of the Gateway when creating a site from CLI.
Added File Action push operations which allow to copy, move or delete files on endpoint computers.
Vulnerability Management capability is now available for EA customers. It reduces the attack surface through accurate assessment of vulnerabilities, risky applications, and computers within the organization.
Added ability to specify fingerprint of the Gateway when creating a site from CLI.
Added support for Endpoint Security on Windows 10 version 22H2 as an EA (Early Availability) version.
Application Control blade now includes a flexible and easy-to-use interface.
Installation of the client on Windows Servers is now blocked when Windows Security Center is not installed, and Windows Defender is running.
Improved location placement and naming of Honeypot folders to improve ransomware detection.
Added the "Detect" (silent) option in Files Threat Emulation Mode.
Behavioral Guard: Commands related to development tools are now executed faster.
Policy changes will be enforced faster with the Browser Extension. In Firefox, Browser policy changes will be enforced even without a Browser restart.
Improved stability of VPN core service.
VPN: Added ability to define the Build number of Windows 10 and Windows 11 in OsMonitor rules. VPN: Service pack number is no longer applicable for Windows 10 and Windows in OsMonitor rules.
Added support for Endpoint Security on Windows 11 version 22H2.
Added the Endpoint Security browser extension to the Brave browser. Improved the detection algorithm reducing the amount of false-positive ransomware detections.
Anti-Malware can now update signatures from https://kav8.zonealarm.com/v6. Enhanced the purge mechanism to reduce memory consumption during AMSI logs cleanup. Also, added AR and BG support for asterisks and environment variables support on exclusions.
Anti-Malware blade now supports File Exclusions by MD5.
Anti-Malware blade now supports Folder Exclusions.
The macOS Client now supports three notification levels: "All", "When user experience is affected" and "Critical Only". It is now possible to choose which notifications will be displayed.
The Endpoint Client now blocks against more encryption programs that may be used to encrypt a drive as part of a Ransomware attack. Programs that are used for legitimate purposes can be allowed by excluding the encryptor's signature. The feature is controlled by the "Block Bitlocker Encryption" option in the Endpoint management.
New "Search And Fetch" Push Operation that allows Security Administrators to search for files on clients and upload them to SFTP sites.
"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk.
Media Encryption and Port Protection blades are now certified for a Citrix VDI environment.
The DHS Compliant Anti-Malware (E2) now fully supports VDI environments.
Endpoint Client now supports new Push Operations: creating and deleting a VPN site and registry key or value, collecting processed information from the client machine, and moving or deleting a file on the client machine.
Endpoint Client now supports turning ON/OFF admin-enabled capabilities.
Harmony Endpoint now supports multi-users in Windows environments. The solution includes Microsoft Terminal Servers (RDS), Citrix Virtual Apps (XenApp), and VMware Horizon Apps.
Through the network-level URL Filtering, the Endpoint's full network traffic can now be monitored by the URL Filtering logic.
The Endpoint Security Client new User Interface is available in Early Availability mode.
The "Block BitLocker Encryption" feature for non-encrypted volumes is now enabled, preventing Ransomware attackers from encrypting drives with BitLocker.
A small executable named Mac Tiny Agent which is downloaded from an Endpoint server. Once it runs, it downloads and installs the initial client. Tiny Agent's functionality is very similar to tiny/nano agent in Windows.
A popular Microsoft MDM named Intune MDM. Its support entails the tiny agent, which can generate a special script that should be uploaded to Intune.
A new supplementary guide named Endpoint Security for Mac Mobile Device Management (MDM) Deployment Guide is also released, explaining how to upgrade using PKG file only.
Accessing a USB device while upgrading from client version E85.00 or earlier, where the Anti-Ransomware blade is active, is now always possible.
A Sharing violation while using network drive for Microsoft Office / PDF files, which yields the message “Someone else is working in <filename>. Please try again later”, no longer occurs.
Firewall blade now always functions correctly when adding it during the Harmony Endpoint Client upgrade procedure.
System crash (BSOD) when upgrading Harmony Endpoint Client while Check Point's Root Certificate is not installed no longer occurs.
General Availability support for the Endpoint Security Clients on macOS Monterey (12)
Software Deployment General Availability
Port Protection Early Availability feature for blocking USB, Bluetooth, camera and printer devices. See sk176366 for more details.
Initial client: A small sized client (~20MB) which allows easier initial deployment of Endpoint Clients to an organization
Push operations: the following push operations are supported- Collect Logs to Check Point FTP server, Kill process, Uninstall client, Reboot machine, Shutdown machine, Scan for malware (AM), Update signatures (AM), Restore quarantined files (AM), Analyze by indicator, File Remediation
AM on access performance improvements
macOS endpoints now have support for Threat Hunting
VPN features:
VPN client for macOS can be installed without Firewall blade
Location Aware Connectivity Early Availability: Remote Access Clients intelligently detects whether or not it is inside the VPN domain (Enterprise LAN), and automatically connects or disconnects as required
VPN client for macOS can use additional cypher suites from TLS1.2 while creating VPN sites
Introduces a hotfix on top of E84.70 in addition to all the E84.70 contents. In this release, the PPL processes for Windows Security Center: Anti-Malware, Firewall and Threat Emulation were signed with a new cross-signed certificate. The new signature preempts the possibility that a future KB release of Microsoft Windows will block the Check Point PPL processes. This fixes an issue that only exists in E84.70.
Threat Hunting - an investigative tool to collect all events from Endpoints that provides Security administrators with multiple manual remediation options such as Quarantine, KillProcess and Forensics Analysis with remediation.
Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials and can also work in "Detect only" mode.
Endpoint Protection for many Linux distributions, including Ubuntu, Debian, RHEL, CentOS, Oracle Linux, Amazon Linux, and more.
Contains both static and dynamic engines such as Anti-Malware and Behavioral Guard for providing a high level of security for your Linux clients and servers.
Integrated with Endpoint Detection and Response (EDR) and Threat Hunting for easy searching of threats and various investigations capabilities.
Automatically updated for up-to-date protection against the latest attacks in the wild.
Low footprint and good performance, optimized for both Linux clients and Linux servers.
Clients communicate with the Management Server over HTTP/HTTPs.
The Endpoint Management architecture works in a "star" scheme to support large-scale environments.
The central "brain" of the system is the "Management Server" and the delegate servers are named "Policy Servers".
Each Management Server can support a maximum of ~10,000 endpoints. Multiple Policy Servers can be chained to support a management of up to 400,000 devices from a single environment.
The environment supports unified log reporting through SmartLog.
Check Point Endpoint Security clients protect all of your Windows and Mac workstations, including laptops, Desktops, and Windows Servers.
Check Point takes part in various OS manufactures' development processes and we start the support of new versions when vendors release development builds.
We are committed to offer early availability clients within 3 weeks of OS GA and to announce GA within 2 months of OS GA, however in practice we are delivering much faster. See sk115192 for OS support timeline.
Check Point R81.20 - What’s New for Endpoint Management:
Endpoint Policy Management
Use Single Sign-On to connect to the Endpoint Web Management Console.
Harmony Endpoint Web UI
IoC Management - Users can now add Indicators of Compromise to their Endpoint Policy Management.
Connection Awareness - Allows administrators to configure their own entity to determine the connectivity of the clients, and change a device's policy type from "Connected" to "Disconnected", and vice-versa accordingly.
Remote Access VPN
Exclude SaaS applications (such as Office 365) from the Remote Access VPN tunnel.
Use SAML 2.0 to authenticate Remote Access VPN users with an Identity Provider.
Check Point R81.10 - What’s New for Endpoint Management:
Media Encryption & Port Protection policy
Firewall policy
Application Control policy
Developer protection policy
Push Operation for Host Isolation and Client Uninstall
Check Point R81 - What’s New for Endpoint Management:
SandBlast Agent Web Management - A new Web-based management interface for Endpoint Threat Prevention components. Note: For the best user experience it is recommended to use SandBlast Agent Web Management with Google Chrome.
Communication with management services remains on port 443, instead of port 4434, when the Endpoint Management component is activated.
Anti-Malware support for shared signature locations to support non-persistent VDI environments.
Manage URL Filtering capabilities of SandBlast Agent Browser Extension.
Application Control policy changes - Support multiple versions per product, terminate application and block WSL. (Windows Subsystem for Linux).
New set of Developer Protections for developers computers.
Compliance integration with Windows Server Update Services (WSUS).
TACACS authentication for Web Remote Help (WebRH).
Media Encryption & Port Protection - Import device overrides from a file.
Note: These R8x Servers (running Gaia OS) can manage both Gateway and Endpoints.
Architecture and Getting Started
Best Practices
Client OS Support
Server Releases Information
Relevant SK articles