This release includes stability and quality fixes. It supports all features of previous releases.
New consolidated Reputation View in Forensics. This view now contains reputation, where available from Threat Cloud for all non-trusted URLs, Domains and Hashes found in the Forensics Analysis.
Improved and faster remediation flow in Forensics. We have improvements in the performance of remediation when done through a Forensics Report. This includes fixes that report the remediation status at the time of report generation more accurately.
Support for multiple logged-in users in Anti-Ransomware. We are now able to generate and monitor our honeypot detections if multiple users are logged in simultaneously.
Further enhancements to PowerShell obfuscation detection in Behavioral Guard. This results in improved detection capabilities.
Boot time improvements in Forensics. Forensic data storage now occurs well after boot. This improves the time for boot, especially on older drives and on drives with a great deal of file activity during boot.
Anti-Ransomware, Behavioral Guard and Forensics
Fixes an issue in Anti-Ransomware honeypot creations during a login for a new user.
Fixes an issue where honeypot files were not created for all users in a multi-user system.
Fixes an issue on Windows Server editions, where some honeypots were not created when multiple users logged in simultaneously.
Improves PowerShell obfuscation detection support in Behavioral Guard.
A new consolidated Reputation view is available in the Forensics Report that combines intelligence for all non-trusted URLs, Domains and Files in the report.
Improves boot performance by introducing a delay in Forensics data storage during the boot cycle.
Hashes for files calculated by Threat Emulation are available for visualization and reputation in the Forensics Report.
Extends the Forensics API with hash information so that Threat Emulation and other products always get Reputation, if available in the Forensics Report.
Forensics Report Tree views have a new section in Network Operations for processes that are listening on a port for a connection.
Processes with invalid signatures now show as suspicious events with invalid signer names available in the Forensics Report. Behavioral Guard also supports rules for invalid signatures.
Fixes an issue where the reputation for files that are not processes are updated correctly in the Forensics Report.
Fixes a very rare infinite loop that may occur, when the data in the Forensics database is corrupted.
Fixes the Virus Total (VT) First Seen date to be the same format as other dates in the Forensics Report.
Suspicious Events of a process in the Tree and Tree Time-line views of the Forensics Report now show in the order of severity.
Fixes a missing icon for unsigned processes in the Overview and General views of the Forensics Report.
Fixes an issue to make triggers on files, with IPs in their path, appear correctly in the Overview view of the Forensics Report.
Fixes a visualization issue, where the reputation file size appeared as zero for files with no reputation in the Forensics Report.
Threat Emulation and Anti-Exploit
Fixes an issue in Anti-Exploit, where the protection name was not consistently displayed in the client UI and Forensics Reports.
Fixes an issue in Anti-Exploit with a specific build version of Internet Explorer not having VBScript God Mode protection enabled correctly.
Fixes a slow performance problem in Threat Emulation, when accessing files on a non-local disk.
Resolves an issue, where Internet Explorer can freeze when navigating to trusted sites.
Full Disk Encryption
Resolves an issue, where connections through Remote Desktop Protocol (RDP) to a machine with Full Disk Encryption can fail intermittently.
Resolves an issue, where Full Disk Encryption, enabled for UEFI BCDBOOT, sometimes experiences a boot loop.
Media Encryption & Port Protection
Fixes an issue where Explorer flickers every second, when inserting an encrypted media.
Resolves an issue where the "copy" file operation is not logged in some conditions.
Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint Security E80.92 Clients
E80.92 Endpoint Security Clients for Windows OS (Recommended)
A zip file that contains all package permutations listed below.
E80.92 Complete Endpoint Security Client for 32 bit systems