Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E80.71 Client Known Limitations Technical Level

This article lists all of the known limitations of Enterprise Endpoint Security E80.71.

This is a live document that may be updated without special notice. We recommend registering to our weekly updates in order to stay up to date. To register go to UserCenter > ASSETS / INFO > My Subscriptions.

Important notes:


Table of Contents

  • Endpoint Security E80.71 Clients for Windows
    • Media Encryption
    • Full Disk Encryption
    • Capsule Docs
    • SandBlast Agent Threat Prevention
    • SandBlast Agent Anti-Exploit
    • SandBlast Agent for Browsers Extension
    • Remote Access VPN E80.71 Clients
  • Endpoint Security E80.71 Clients for Mac

Endpoint Security E80.71 Clients for Windows

ID Description
Media Encryption

When inserting a disk on key and trying to encrypt it, some Endpoint Security GUI windows have minor display errors. 

EPS-9099  After upgrading the Endpoint Security Client on Windows 7, with the Media Encryption blade installed, the client sometimes shows a message that says that the computer must be restarted. The client works properly even if the user does not restart the computer.
EPS-13400 CD and DVD media that are encrypted with Media Encryption do not show the encrypted volume. Workaround: Open the media with the offline utility (access to business data.exe) or use an older version of the Media Encryption client.
Full Disk Encryption

Temporary pre-boot bypass is not supported on E80.64 and higher version clients managed by server version R80.10, or R77.30.01 and lower. 

On a Microsoft Surface Pro, the on-screen keyboard in the preboot screen flickers and cannot be used.
Capsule Docs

Capsule Docs does not support the Adobe reader protected view mode.

EPS-9746 Adobe DC 2018 is not officially certified for use with Capsule Docs.
SandBlast Agent Threat Prevention
The feature "Delete quarantine files by days" has been deleted. By default, the maximum size of the Remediation service for quarantined files is 2GB (2048 MB). As a new feature, every two weeks, after the quota exceeds 2GB, 20% of the storage is purged, starting with the oldest files.
SandBlast Agent Anti-Exploit
If Check Point Capsule Docs is installed, the Anti-Exploit blade does not detect or protect against ROP exploits aimed at Microsoft Office applications.
The Anti-Exploit blade does not detect or protect against Return-oriented programming (ROP) exploits on the Firefox browser.
The Anti-Exploit blade does not protect applications on Windows 8.1 and Windows Server 2012 R2.
AHTP-4088 Installing Anti-Exploit on a computer with an Anti-Exploit product from another vendor may cause processes to hang, stop unexpectedly, or work incorrectly. As a workaround, uninstall the other Anti-Exploit product or disable the Anti-Exploit features in the other product.
AHTP-4284 The Threat Emulation blade does not run in the Endpoint Security client when Microsoft NAV 2016 (cumulative update 4) is also installed on the client computer. This is because of a Microsoft known issue with the NAV library (NavSip.dll). The issue is resolved in Cumulative update 8.
SandBlast Agent for Browsers Extension
Internet Explorer may take a few extra seconds to load after the SandBlast Agent for Browsers extension is installed, and then every time the browser opens. Chrome may take few seconds to download the extension from the Chrome store and install it.
When working with the SandBlast Agent for Browsers extension, the iexplore.exe process stays in the background and shows in the Task Manager, even when Internet Explorer is closed. 
When using the SandBlast Agent for Browsers extension on Internet Explorer, the Arbitrary code guard (ACG) feature of Windows Defender must be turned off for the iexplore.exe process. ACG is turned off by default. If the user has enabled ACG for iexplorer.exe, they must turn it off manually. Here are instructions:
When the SandBlast Agent for Browsers extension is enabled, it is not possible to reset the Internet Explorer settings to their defaults. To reset Internet Explorer settings, terminate all Internet Explorer processes, and then Reset the settings from the Internet Options. 
AHTP-4220 The SandBlast Agent for Browsers extension supports only one appliance in the Gateway configuration.
AHTP-4215 The Sandblast Agent for Browsers extension is incompatible with Comodo AntiVirus. When working with the extension in Internet Explorer or Chrome, Comodo AntiVirus may crash.

When working with the SandBlast Agent for Browsers extension on Internet Explorer, file downloads from Dropbox behave as follows:

Windows 7 and Windows 8.1:

  • On pages for managing the User's own files: File downloads do not work.
  • On pages for shared links: File downloads show an error on the first try. On the next try, the file is downloaded without extension scans.

Windows 10:

  • On pages for managing the User's own files: File downloads do not work.
  • On pages for shared links: File downloads work properly.


Remote Access VPN E80.71 Clients 

ID Description
Cannot connect from the CLI with a login option that has multiple authentication factors configured. This error message shows: "unsupported notification id".

When using the Desktop Policy, machine authentication with a machine group is not supported. We recommend using Access Roles, if possible.

ESVPN-15  The Remote Access VPN client cannot be installed, upgraded or uninstalled when Device Guard User Mode Code Integrity (also known as UMCI) is enabled.


Endpoint Security E80.71 Clients for Mac

  • For more information on E80.71 for Mac, see:
    ID Description
    When Endpoint Security E80.71 is installed on macOS 10.13, the end user must dismiss three Apple pop-up messages saying that the user has to approve a kernel extension from Check Point. This has been reported to Apple.
    If the Endpoint Security client policy is configured to block outbound HTTP traffic, it is not possible to fetch a new policy for the client.
    Native Encryption Management
    Only system volume is encrypted.
    EPS-10817 Institutional Recovery Key can only be imported once.
    EPS-11161 Audit logs are not generated.
    EPS-11209 Mobile network accounts are not supported.
    Media Encryption
    EPS-9297 APFS-formatted media is not supported.
    EPS-9391 Sometimes the BIZDATA volume is mounted as EPM.xxxxx.
    Read-only offline passwords are not supported.
    Capsule Docs
    02435844 If you delete a Classification on the Capsule Docs server, files that were protected with this classification do not show an icon for the classification.
    02435177 There is no difference between Internal and External users in the Capsule Docs Mac client UI. Permissions are enforced correctly.
    02163704 A file that was opened by a double-click can be deleted while it is open. If it is deleted, you cannot restore protection for the file while it is in the Trash folder. Workaround: Restore the file from the Trash folder and then restore the Capsule Docs Protection Settings.
    02432613 When opening a network share, it takes time until the Finder identifies the protected documents. If you open a protected document before the Finder identifies it, it opens a friendly file that says: "This document is protected by Check Point Capsule Docs" with a link to download the client.
    02450058 If you open a protected file from Outlook and select Save As to save the document to a folder, the document opens an "Unidentified developer" message the next time it is opened.
    Workaround: Right-click the document to open it instead of using a double-click.
    02450079 If you select Save As to save a document to a specific folder on the computer, all protected documents in the folder lose their association to Capsule Docs.
    Workaround: Close the folder and open it again to restore the Capsule Docs settings.
    02430836 When restarting the Mac computer while protected files are open, after the restart, the files are not protected. You can protect the files again manually.
    02163708 If you eject a USB device without properly unmounting it, it causes protected files on the USB device to not be associated with Capsule Docs when it is mounted again.
    02573575 When right-clicking on a protected file (Word, PowerPoint,Excel, or PDF) in the "All My Files" folder, the right-click menu does not show.
    02445402 Changing the protection settings of an open document is not supported and can lead to unexpected behavior.

    After a reboot of the computer, it may take a few seconds for Capsule Docs finder extension to be loaded. Opening the file before it is loaded may result in a "Friendly File" that says: "This document is protected by Check Point Capsule Docs" with a link to download the client.

    Re-opening the file once extension is loaded will solve this issue.

    EPS-11447 When opening the Capsule Docs menu on Mac, your default community might not be the community presented in the Menu.
    EPS-11429 Capsule Docs client fails to open protected Office 2003 formats protected on Mac machines.
    EPS-11452 The user needs to re-login to Capsule Docs Server after upgrading from Capsule Docs Alpha Client.
  • Give us Feedback
    Please rate this document