Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E81.00 Windows Clients
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E81.00
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • Important: Download SmartConsole with the E80.92 client to avoid "signature verification failed" messages when uploading the client to the SmartConsole.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E81.00 Endpoint Security Client Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • For E80.89 releases for Mac: Refer to sk131152 - Enterprise Endpoint Security E80.89 Mac Clients.
Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E81.00 Endpoint Security Clients for Windows OS
(ZIP)
VPN Standalone Client

E81.00 Remote Access Clients for Windows

(MSI)
Capsule Docs E81.00 Capsule Docs Standalone Client
(EXE)
Documentation E81.00 Endpoint Security Client for Windows Release Notes  

What's New in E81.00

Show / Hide this section

New Features

  • Note on BlueKeep (CVE-2019-0708):

    Protection for CVE-2019-0708 (BlueKeep) was recently released for Endpoint Security Client E80.97. This protection will also be available in the next official release E81.10. However, customers who wish to be immediately protected while utilizing the latest features of E81.00 may contact Check Point Support for a special E81.00 CFG release with the protection against BlueKeep enabled.

    Important: Refer to sk154732 - How to protect RDP servers from CVE-2019-0708 (BlueKeep)

  • Two new features are now available in the Endpoint Security Client Early Availability (EA) program:
    • BitLocker Management
    • Virtual desktop infrastructure (VDI) Persistent Support for VMWare Horizon
    For more information, contact E81.00 Early Availability: E81_EA@checkpoint.com

  • The IP reputation and geo-location are now in the Forensics report.
    Changes in the Overview, Reputation and Network Screens highlight IP reputations and geo-locations.

Enhancements 

  • Anti-Ransomware, Behavioral Guard and Forensics
    • Improves performance by moving Anti-Ransomware honeypot creation and deletion from logon/logoff to the product install/uninstall.
    • The manual restoration of files is now possible for any detected attack with Forensics, as well as Anti-Ransomware. Previously, this was limited to Anti-Ransomware attacks only.
    • Fixes an issue introduced in E80.96 which can lead to Forensic exclusions being ignored on reboot.
    • Fixes a rare issue where Forensics fails to accept a new policy from Management.
    • Fixes a rare crash in Forensics, when the service is shut down before the initialization is complete.
    • Improves Forensics Analysis to follow attacks that involve scheduled tasks, or WMI calls, when the associated processes are invoked.
    • Improves the Entry Point in Forensics to determine if an incident originates from a zip file.
    • Improves the Entry Point in Forensics to identify where certain incidents start from an lnk/shortcut file.
    • Fixes a rare issue with Forensic's Entry Point, where if Anti-Exploit triggers on a browser, more than one browser may appear in the report.
    • Fixes an issue with McAfee's Endpoint not triggering Forensics on a detection if the language is Portuguese. 
    • Fixes an issue in the Forensics report where Business Impact icons use the same tooltip in the Overview section.
    • Fixes a missing icon, when Microsoft Edge is part of a Forensics incident.
    • Fixes a client UI issue where the Forensics analysis animation occurs without an analysis.
    • Fixes an issue to make the Additional Intelligence arrow in the Reputation screen in the Forensics Report function correctly for Edge and Internet Explorer. 
    • Fixes incorrect capitalization in the Reputation screen of the Forensics report.
    • Fixes an issue where Edge and Internet Explorer incorrectly identify certain IPs as phone number links in the Forensics Report. 
    • Increases the size of the reputation drop down in the Network Activity screen of the Forensics Report to accommodate the length of the largest value in the list.
    • Adds the ability for the Forensics CLI to accept the rule name, the third-party product name, and the hash value as parameters.     
  • Threat Emulation and Anti-Exploit
    • Improves the performance of the SandBlast Agent Threat Emulation to minimize the effect on the Endpoint resources.
    • Import-Export Table Parsing in Anti-Exploit is now disabled by default. Disabling this greatly reduces the number of products incompatible with Anti-Exploit.

      To enable this protection, follow the instructions in sk121793.
  • Anti-Malware
    • Hardens the security of the client against DLL injection.
      CVE-2019-8458: Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
    • Fixes an issue with Anti-Malware, when it sometimes rejects updates from the OfflineUpdater tool.
    • Fixes an issue where sometimes adding the Anti-Malware blade to a current SandBlast Agent (only) Endpoint results in an Anti-Malware error state. 
  • Full Disk Encryption
    • Full Disk Encryption now tries to wrap known third party credential providers.

      The list of known credential providers that we support is in sk152915
  • Firewall and Application Control
    • Fixes an issue where the Application Control blade may randomly terminate a process due to an uninitialized local variable.
    • Fixes a rare case where the firewall blade may crash.
    • Fixes a crash in the Firewall blade when a LAN cable is connected, while "Disable Wireless on LAN" is enabled. 
  • Media Encryption and Port Protection
    • Fixes issues with CD encryption to show the correct file sizes and correct occupied percentage in the CD. 
    • Fixes the disknet.exe high CPU usage because of continuous file signature checks, when MEPP is configured to block all access to removable media. 
    • Fixes an issue with the MEPP blade, where Windows freezes when the USB key is not removed safely. 
    • Fixes a cosmetic issue in Enhanced Protected Mode (EPM) Explorer to show the status as full access, if a read-only password is used and the file system is NTFS.
  • Infrastructure
    • Fixes an issue where the installer cannot run from a shared folder and fails with error 1720.
    • Fixes an issue where an operating system reboot is sometimes not enforced after a client removal.
    • Fixes a minor issue where an initial client always shows a connected status, even if it is disconnected.
    • Adds the ability to upload cpinfo to password-protected FTP servers after collecting it. 
    • Fixes an issue where sometimes, after restart, the client will be in a disconnected state for 10 minutes. 
    • Fixes a rare race condition where one of the blades crashes while trying to update the UI.
  • SandBlast Browser Extension
    • Improves Internet Explorer browser extension performance for web pages with many frames.
  • Updater
    • Enhances the mechanism that allows sending security updates to SandBlast agent.
  • Remote Access VPN
    • Performance improvements to the VPN throughput.
  • General
    • Adds an option to acknowledge and close multiple UserCheck messages when they appear.      

Endpoint Security Clients Downloads

Show / Hide this section
Important:
  • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E81.00 Clients

Platform Package Description Link
Windows E81.00 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
E81.00 Complete Endpoint Security Client for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E81.00 Complete Endpoint Security Client for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E81.00 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E81.00 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E81.00 SandBlast Agent Client for 32 bit systems
SandBlast Agent package for 32bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)
E81.00 SandBlast Agent Client for 64 bit systems
SandBlast Agent package for 64bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
 (ZIP)
E81.00 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems
 (ZIP)
E81.00 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems 
 (ZIP)
E81.00 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E81.00 Standalone Clients

Platform Package Description Link
Windows E81.00 Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
E81.00 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E81.00 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E81.00 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E81.00 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service.
(EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads

Show / Hide this section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).
 

R77.30.03

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE (sk92449) to the latest build.
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)

R80.20

 

Endpoint Security Server Package Link
R80.20
Endpoint Security Server R80.20  (ISO)

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E81.00 (EXE)
R80.20
SmartConsole for Endpoint Security Server R80.20 sk137593
R80.30 SmartConsole for Endpoint Security Server R80.30
sk144293

Previous Versions

Endpoint Security Server Package Link
R77.30 SmartConsole for Endpoint Security Server R77.30 / E81.00 (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10 (EXE)
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E81.00 (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E81.00 
(EXE)

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows
Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (MSI)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery.
(MSI)

Known Limitations

Show / Hide this section
Issue ID Description
EPS-21121 
Upgrade to Windows 10 LTSC (1809) is not supported
EPS-21062 When an upgrade from E80.84 or E80.85 fails, and does not try again after one hour, reboot the machine, as a possible fix.
AHTP-11612 In Threat Emulation, encryption using the Secure Socket Layer (SSL) 3.0 protocol is no longer supported.
EPS-20003 When running Media encryption offline utility (Access to business data), you must install the Microsoft Visual Studio 2017 Redistributables. https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads
AHTP-10415 The pre-requisites for URL Filtering users are the Visual Studio 2008 Redistributable and Microsoft Visual C++ 6.0 packages. If URL Filtering blade is not running in your environment, refer to sk145062.
Show / Hide this section      
Document
Endpoint Security Server
R77.30.03 Management Endpoint Security Release Notes 
R77.30.03 Endpoint Security Management Administration Guide
R80.20 Release Notes
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E81.00 Endpoint Security Client for Windows Release Notes
Remote Access VPN Clients
E81.00 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
15 July 2019 Link to Maintrain Release map was replaced 
22 May 2019 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment