Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E80.90 Windows Clients
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E80.90
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Resolved Issues
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E80.90 Endpoint Security Client Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • For E80.89 releases for Mac: Refer to sk131152 - Enterprise Endpoint Security E80.89 Mac Clients.
Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E80.90 Endpoint Security Clients for Windows OS
(ZIP)
VPN Standalone Client

E80.90 Remote Access Clients for Windows

(MSI)
Capsule Docs E80.90 Capsule Docs Standalone Client
(EXE)
Documentation E80.90 Endpoint Security Client for Windows Release Notes  

What's New in E80.90

Show / Hide this section
This release includes stability and quality fixes. It supports all features of previous releases.

New Features

  • Windows 10 October 2018 Update Support.
  • Windows Server 2019 Support.
  • Enhanced Fileless and Malicious Powershell Detections engine extending Behavioral Guard capabilities.
    • This new engine provides a multi-phase ability to detect malicious PowerShell usage that is unique.
    • Includes full AMSI (Advanced Malware Scan Interface) integration to get, analyze and report decoded scripts.
  • Forensic report overhaul with a new style and enhanced reputation integration.
    • Completely redesigned Overview and General screens.
    • Many small usability and visual enhancements throughout the report.
    • View decoded script content as part of the report itself.
    • See the Enhancements section below for additional information.
  • Forensics now has major performance improvements.
    • There is a major reduction (roughly 50% fewer events) in the amount of data stored. This results in lower IO usage and better performance. 
    • See the enhancements below for the full list of performance enhancements.
  • Forensics Analysis takes on average 20% less time to complete.
    For larger reports the time taken will be further reduced.
  • Stack Pivoting detection was turned on as a new exploit detection technique for Anti-Exploit.
    Stack Pivoting involves trying to create a fake stack from attacker controlled memory.
  • Anti-Exploit now default protects the Equation Editor process.
    This helps to cover the following CVEs:
    • CVE-2017-11882
    • CVE-2018-0802
    • CVE-2018-0812

Enhancements

  • Anti-Ransomware, Behavioral Guard and Forensics
    • Enhances Behavioral Guard with the ability to perform deep inspections of both behavior and script content of PowerShell and Fileless attacks.
    • Improves Forensic reports with decoded PowerShell scripts from AMSI integration.
      This feature is only available in Windows 10.
    • Adds many new suspicious events for the Forensic report, including new PowerShell related suspicious events.
    • Fixes a crash occurring when Forensics, Anti-Ransomware and Behavior Guard are processing an existing policy while receiving a new policy.
    • Fixes a rare issue with large continuous CPU utilization when the Forensics service is unable to communicate with the driver.
    • Improves Forensic performance by adding static exclusions for well known file operations.
      This addition alone can reduce the number of file operations stored by up to 80% on some machines.
    • Improves Forensics performance by adding dynamic exclusions for file operations based on a new heuristic.
      This can reduce the number of file operations stored by up to 30%.
    • Improves Forensic performance by dynamically excluding registry operations based on a new heuristic.
      On average, 10% of registry operations are now excluded.
    • Fixes an issue which caused duplication of log events in Forensics.
    • Improves Entry Point calculations across multiple scenarios to be more accurate in the Forensic Report.
    • Fixes a majority of issues where the Entry Point of an attack could be empty.
      Now there should almost always be an Entry Point.
    • Improves the Forensics report so that Command Prompts (cmd.exe) opened for typing no longer appear in the Forensic report, but may appear in the Entry Point instead.
    • Improves the Forensic Analysis to consider following files in the argument of processes already included as part of the incident.
    • The Forensics report now shows the termination status for every process present in the report.
    • Fixes an issue that could lead to incomplete termination of processes involved in a Ransomware incident.
    • Processes, showing in a report, that are closed at the time of the generation of the report will now correctly show as terminated, even if the remediation policy for termination is disabled.
    • Fixes an issue where some Forensic report icons may be missing when upgrading to E80.89.
      The icons are now present when upgrading to E80.90.
    • Fixes an issue with the scroll bar not appearing correctly if there are multiple nodes in the Entry Point view of the Forensics Report. 
    • Fixes a Forensics Analysis issue where script processes like PowerShell do not appear in the report when Cmd is involved and the script process is not the trigger.
    • Process arguments and script contents are now encoded in the Forensic reports.
      This prevents the deletion of the reports by Anti-Viruses looking for specific signatures found in the argument or script content. 
    • Adds support to include the Malware Family from URL reputation if present in the Forensic report.
    • Fixes an issue which could result in the User Name appearing empty in the Forensic Report. 
    • Fixes a visual issue in the Forensic report where the distance between processes could be very large if a process has a lot of lines of text.
    • Updates the default exclusions for Anti-Ransomware.
  • Threat Emulation and Anti-Exploit
    • Anti-Exploit now has an additional exploit prevention technology called stack pivoting.
    • Anti-Exploit now protects Equation Editor from known and unknown exploit attempts.
  • Anti-Bot
    • Fixes a crash when the Anti-Bot database is held by another process in the system.
  • SandBlast Agent Updater
    • Adds support for Static Analysis updates running in parallel to other updates using the Updater.
      Fixes an issue where the wrong service is restarted when updating two products together.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
  • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E80.90 Clients

Platform Package Description Link
Windows E80.90 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
E80.90 Complete Endpoint Security Client for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E80.90 Complete Endpoint Security Client for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E80.90 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E80.90 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E80.90 SandBlast Agent Client for 32 bit systems
SandBlast Agent package for 32bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)
E80.90 SandBlast Agent Client for 64 bit systems
SandBlast Agent package for 64bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
 (ZIP)
E80.90 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems
 (ZIP)
E80.90 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems 
 (ZIP)
E80.90 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E80.90 Standalone Clients

Platform Package Description Link
Windows E80.90 Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
E80.90 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E80.90 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E80.90 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E80.90 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service.
(EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads

Show / Hide this section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).
 

R77.30.03

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE (sk92449) to the latest build.
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)

R80.20

 

Endpoint Security Server Package Link
R80.20
Endpoint Security Server R80.20  (ISO)

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E80.89 / E80.90 (EXE)
R80.20
SmartConsole for Endpoint Security Server R80.20 sk137593

Previous Versions

Endpoint Security Server Package Link
R77.30 SmartConsole for Endpoint Security Server R77.30 / E80.90 (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10 / E80.90 (EXE)
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E80.90 (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E80.90
(EXE)

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Advanced Upgrade Tools

Platform Package Link
Gaia R77.30.03 Management Server Migration Tools for Gaia (TGZ)
Windows R77.30.03 Management Server Migration Tools for Windows (TGZ)

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows
Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery.
(TGZ)

Resolved Issues

Show / Hide this section
Issue ID Description
EPS-19640

In Endpoint Security Management policy, policy fields and usernames do not support Unicode characters.

Known Limitations

Show / Hide this section
Issue ID Description
EPS-18449

No reboot upgrade: After upgrade from E80.89 Standalone VPN client to full E80.90 Endpoint Security Client, all blades appear as "Not Running".

CDOC-652

Microsoft Word is not supported by Capsule Docs in specific Windows 10 1809 and Office 2016 builds as follows:

  • Office 2016 Standard x64 build no. 16.0.4738.1000, installed on Windows build 1809.17763.134
  • Office 2016 Professional Plus, build no. 11029.20108, installed on Windows build 1809.17763.134 
  • Office 2010 Professional Plus 32 bit , build no. 14.0.6023.1000, installed on Windows build 1809.17763.134
Show / Hide this section      
Document
Endpoint Security Server
R77.30.03 Management Endpoint Security Release Notes 
R77.30.03 Endpoint Security Management Administration Guide
R80.20 Release Notes
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E80.90 Endpoint Security Client for Windows Release Notes
Remote Access VPN Clients
E80.90 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
31 Dec 2018 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment