Protection for CVE-2019-0708 (BlueKeep) was recently released for Endpoint Security Client E80.97. This protection will also be available in the next official release E81.10. However, customers who wish to be immediately protected while utilizing the latest features of E81.00 may contact Check Point Support for a special E81.00 CFG release with the protection against BlueKeep enabled.
The IP reputation and geo-location are now in the Forensics report. Changes in the Overview, Reputation and Network Screens highlight IP reputations and geo-locations.
Anti-Ransomware, Behavioral Guard and Forensics
Improves performance by moving Anti-Ransomware honeypot creation and deletion from logon/logoff to the product install/uninstall.
The manual restoration of files is now possible for any detected attack with Forensics, as well as Anti-Ransomware. Previously, this was limited to Anti-Ransomware attacks only.
Fixes an issue introduced in E80.96 which can lead to Forensic exclusions being ignored on reboot.
Fixes a rare issue where Forensics fails to accept a new policy from Management.
Fixes a rare crash in Forensics, when the service is shut down before the initialization is complete.
Improves Forensics Analysis to follow attacks that involve scheduled tasks, or WMI calls, when the associated processes are invoked.
Improves the Entry Point in Forensics to determine if an incident originates from a zip file.
Improves the Entry Point in Forensics to identify where certain incidents start from an lnk/shortcut file.
Fixes a rare issue with Forensic's Entry Point, where if Anti-Exploit triggers on a browser, more than one browser may appear in the report.
Fixes an issue with McAfee's Endpoint not triggering Forensics on a detection if the language is Portuguese.
Fixes an issue in the Forensics report where Business Impact icons use the same tooltip in the Overview section.
Fixes a missing icon, when Microsoft Edge is part of a Forensics incident.
Fixes a client UI issue where the Forensics analysis animation occurs without an analysis.
Fixes an issue to make the Additional Intelligence arrow in the Reputation screen in the Forensics Report function correctly for Edge and Internet Explorer.
Fixes incorrect capitalization in the Reputation screen of the Forensics report.
Fixes an issue where Edge and Internet Explorer incorrectly identify certain IPs as phone number links in the Forensics Report.
Increases the size of the reputation drop down in the Network Activity screen of the Forensics Report to accommodate the length of the largest value in the list.
Adds the ability for the Forensics CLI to accept the rule name, the third-party product name, and the hash value as parameters.
Threat Emulation and Anti-Exploit
Improves the performance of the SandBlast Agent Threat Emulation to minimize the effect on the Endpoint resources.
Import-Export Table Parsing in Anti-Exploit is now disabled by default. Disabling this greatly reduces the number of products incompatible with Anti-Exploit.
To enable this protection, follow the instructions in sk121793.
Hardens the security of the client against DLL injection. CVE-2019-8458: Check Point Endpoint Security Client for Windows, with Anti-Malware blade installed, before version E81.00, tries to load a non-existent DLL during an update initiated by the UI. An attacker with administrator privileges can leverage this to gain code execution within a Check Point Software Technologies signed binary, where under certain circumstances may cause the client to terminate.
Fixes an issue with Anti-Malware, when it sometimes rejects updates from the OfflineUpdater tool.
Fixes an issue where sometimes adding the Anti-Malware blade to a current SandBlast Agent (only) Endpoint results in an Anti-Malware error state.
Full Disk Encryption
Full Disk Encryption now tries to wrap known third party credential providers.
The list of known credential providers that we support is in sk152915
Firewall and Application Control
Fixes an issue where the Application Control blade may randomly terminate a process due to an uninitialized local variable.
Fixes a rare case where the firewall blade may crash.
Fixes a crash in the Firewall blade when a LAN cable is connected, while "Disable Wireless on LAN" is enabled.
Media Encryption and Port Protection
Fixes issues with CD encryption to show the correct file sizes and correct occupied percentage in the CD.
Fixes the disknet.exe high CPU usage because of continuous file signature checks, when MEPP is configured to block all access to removable media.
Fixes a crash when a device is unexpectedly removed and has an empty friendly name.
Fixes an issue with the MEPP blade, where Windows freezes when the USB key is not removed safely.
Fixes a cosmetic issue in Enhanced Protected Mode (EPM) Explorer to show the status as read-only, if a read-only password is used and the file system is NTFS.
Fixes an issue where the installer cannot run from a shared folder and fails with error 1720.
Fixes an issue where an operating system reboot is sometimes not enforced after a client removal.
Fixes a minor issue where an initial client always shows a connected status, even if it is disconnected.
Adds the ability to upload cpinfo to password-protected FTP servers after collecting it.
Fixes an issue where sometimes, after restart, the client will be in a disconnected state for 10 minutes.
Fixes a rare race condition where one of the blades crashes while trying to update the UI.
SandBlast Browser Extension
Improves Internet Explorer browser extension performance for web pages with many frames.
Enhances the mechanism that allows sending security updates to SandBlast agent.
Remote Access VPN
Performance improvements to the VPN throughput.
Adds an option to acknowledge and close multiple UserCheck messages when they appear.
Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint Security E81.00 Clients
E81.00 Endpoint Security Clients for Windows OS (Recommended)
A zip file that contains all package permutations listed below.
E81.00 Complete Endpoint Security Client for 32 bit systems
The pre-requisites for URL Filtering users are the Visual Studio 2008 Redistributable and Microsoft Visual C++ 6.0 packages. If URL Filtering blade is not running in your environment, refer to sk145062.
Documentation and Related SecureKnowledge Articles