Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E81.20 Windows Clients Technical Level
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E81.20
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 or higher), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • Important: Download SmartConsole with the E80.92 client to avoid "signature verification failed" messages when uploading the client to the SmartConsole.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E81.20 Endpoint Security Client Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • For E80.89 releases for Mac: Refer to sk131152 - Enterprise Endpoint Security E80.89 Mac Clients.
Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E81.20 Endpoint Security Clients for Windows OS (ZIP)
VPN Standalone Client

E81.20 Remote Access Clients for Windows

 (MSI)
Capsule Docs E81.20 Capsule Docs Standalone Client (EXE)
Documentation E81.20 Endpoint Security Client for Windows Release Notes  

What's New in E81.20

Show / Hide this section

New Features

  • Performance improvements in Forensics, Behavioral Guard and Threat Emulation.
  • The Zero Phishing agent now uses a brand new Machine Learning model and the Check Point reputation service for up-to-date information on malicious phishing sites to improve detection rates.
  • Behavioral Guard now has the ability to prevent the execution of malicious scripts (PowerShell, for example). In earlier releases, Behavioral Guard detected and terminated the scripts after their execution.
  • VPN adds the ability to match the VPN user to the logged-in Windows user and display it in the username field of the connect dialog.
  • VPN adds the ability to disable implicit SDL when SDL is enabled.
  • VPN adds the ability to choose a customized Display Name when creating a site from a link.
  • VPN adds the ability to enable the Connect button before any response is written.

Enhancements 

  • VPN
    • Fixes a rare crash that can occur when you send ICMP packets.
    • Includes stability and quality fixes. Supports all the features of previous releases.
  • Anti-Malware
    • Fixes an issue where no Anti-Malware logs show in the GUI under the Anti-Malware blade if a malicious file is quarantined after a manual Anti-Malware scan.
  • Threat Emulation and Anti-Exploit
    • 30% reduction in I/O while monitoring files created on the system.
    • Fixes an Anti-Exploit issue that causes an instance of Chrome to crash occasionally with an "Aw, snap" message.
  • Anti-Ransomware, Behavioral Guard and Forensics
    • Files backed up by Anti-Ransomware can no longer be viewed by users who did not originally have access to the file.
    • Ransomware events first detected by Behavioral Guard are now treated like Anti-Ransomware detections, with the ability to restore modified files automatically.
    • Anti-Ransomware better recognizes older honeypots now and deletes them if they are not in use.
    • Fixes a false positive in Anti-Ransomware that involves runtimebroker.exe.
    • Fixes Anti-Ransomware false positives associated with user account deletions.
    • Anti-Ransomware is now much less likely to be triggered on file changes made over a very long period of time (days).
    • Improves Forensics performance with a drastic reduction in the number of Anti-Ransomware patterns that are no longer relevant. 
    • Fixes an extremely rare infinite loop in Behavioral Guard.
    • Improves performance in Behavioral Guard by reducing the amount of local logs written.
    • Behavioral Guard now creates logs and sends them to Management.
    • Behavioral Guard now has the ability to block PowerShell attacks if the rule is set to prevent them. The scripts in such cases never execute. 
    • Adds more behavioral detections that involve the use of Microsoft HTML Application (MSHTA).
    • Adds more default and dynamic exclusions to Forensics monitoring to improve performance.
    • Adds many new suspicious events in Forensics.
    • Improves the performance of user mode process certificate checks with the introduction of a caching system.
    • Fixes an issue where a certificate is mistakenly declared invalid in Forensics when the root certificate is not present. Processes using such certificates will no longer appear as unsigned. 
    • Fixes a rare crash in Forensics where configuration settings for a Forensics sensor may be called before the sensor starts.
    • Fixes a potential, but rare, infinite loop in the Forensics Analysis. 
    • Fixes an issue that causes a crash during Forensics Report creation that can occur if explorer is terminated.
    • Fixes an issue in the Forensics analysis that causes a Windows Management Instrumentation Command-Line Utility (WMIC) process that invokes another WMIC process to not appear in the execution tree.
    • Processes considered to be the "trigger" in Forensics can no longer be hidden when a large number of processes are involved in a Forensics incident.
    • Adds support for certain applications to be treated as Entry Point applications instead of appearing in the execution tree. This prevents automatic remediation of the application. The Lookeen application is an example. 
    • Forensics now correctly shows that a file is already deleted when Anti-Malware quarantines the file.
    • Fixes an issue that occurs when a user name is not shown in a Forensics Report.
    • The Windows System process no longer appears in the list of remediation items, if it is involved in an incident, and it is not sent for remediation that would fail.
    • The Windows System process now always appears as trusted in the Forensics report.
    • Business Impact shown in the Forensics Report no longer contains files from Windows folders, as well as from the SandBlastBackup folder. 
  • Media Encryption and Port Protection
    • Fixes issues with container size calculation, when encryption fails with "not enough space for encryption" error. 
    • Media Encryption and Port Protection have performance improvements with Box Drive software.
  • Firewall and Application Control
    • Allows opening ranges of ports for hotspot registrations. See sk41586.
    • Fixes a rare issue where Endpoint crashes during an upgrade.
  • Application Control 
    • Resolves a BSOD in vsdatant.sys during client upgrade.
    • Fixes an issue where the "Application Control" blade uses 100% of the CPU for a few seconds during boot time. 
  • Infrastructure
    • SandBlast can now update quickly with new trusted signers to reduce the number of false positives across all the technologies.
    • Fixes an issue that causes expired root certificates to not be validated. 

    Endpoint Security Clients Downloads

    Show / Hide this section
    Important:
      • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

    • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

    Endpoint Security E81.20 Clients

    Platform Package Description Link
    Windows E81.20 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
    E81.20 Complete Endpoint Security Client for 32 bit systems
    A package for 32bit devices that includes Endpoint Complete package:
    • Desktop FW and Application Control
    • Anti-Malware
    • Forensics and Anti-Ransomware
    • URL Filtering
    • Anti-Bot
    • Threat Emulation
    • Media Encryption and Port Protection
    • Full Disk Encryption
    • Compliance
    • Remote Access VPN
    • Capsule Docs 
    		 (ZIP)
    E81.20 Complete Endpoint Security Client for 64 bit systems
    A package for 64bit devices that includes Endpoint Complete package:
    • Desktop FW and Application Control
    • Anti-Malware
    • Forensics and Anti-Ransomware
    • URL Filtering
    • Anti-Bot
    • Threat Emulation
    • Media Encryption and Port Protection
    • Full Disk Encryption
    • Compliance
    • Remote Access VPN
    • Capsule Docs 
    		  (ZIP)
    E81.20 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
    A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
    • Desktop FW and Application Control
    • Forensics and Anti-Ransomware
    • URL Filtering
    • Anti-Bot
    • Threat Emulation
    • Media Encryption and Port Protection
    • Full Disk Encryption
    • Compliance
    • Remote Access VPN
    • Capsule Docs 
    		 (ZIP)
    E81.20 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
    A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
    • Desktop FW and Application Control
    • Forensics and Anti-Ransomware
    • URL Filtering
    • Anti-Bot
    • Threat Emulation
    • Media Encryption and Port Protection
    • Full Disk Encryption
    • Compliance
    • Remote Access VPN
    • Capsule Docs 
    		  (ZIP)
    E81.20 SandBlast Agent Client for 32 bit systems
    SandBlast Agent package for 32bit devices:
    • Forensics and Anti-Ransomware
    • Anti-Bot
    • Threat Emulation
    		 (ZIP)
    E81.20 SandBlast Agent Client for 64 bit systems
    SandBlast Agent package for 64bit devices:
    • Forensics and Anti-Ransomware
    • Anti-Bot
    • Threat Emulation
    		  (ZIP)
    E81.20 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems  (ZIP)
    E81.20 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems   (ZIP)
    E81.20 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)
    E81.20 Threat Prevention Client for 32 bit systems Threat Prevention package for 32bit devices: 
    • Desktop FW and Application Control
    • Anti-Malware
    • Forensics and Anti-Ransomware
    • Anti-Bot
    • Threat Emulation
    • Compliance
    		 (ZIP)
    E81.20 Threat Prevention Client for 64 bit systems Threat Prevention package for 64bit devices:
    • Desktop FW and Application Control
    • Anti-Malware
    • Forensics and Anti-Ransomware
    • Anti-Bot
    • Threat Emulation
    • Compliance
    		 (ZIP)

    Standalone Clients Downloads

    Show / Hide this section
    Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

    E81.20 Standalone Clients

    Platform Package Description Link
    Windows E81.20 Remote Access Clients for Windows Remote Access VPN Client for SmartConsole-managed clients (MSI)
    E81.20 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartConsole-managed clients only. (CAB)
    E81.20 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
    E81.20 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartConsole-managed clients only. (CAB)
    E81.20 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
    Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

    Endpoint Security Server Downloads

    Show / Hide this section

    Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

    The packages provided below are Legacy CLI packages (not CPUSE packages).     

    R77.30.03

    Clean installation and In-Place Upgrade

    • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE (sk92449) to the latest build.
    • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
    Order of Installation Package Link
    1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
    2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)

    R80.20

     

    Endpoint Security Server Package Link
    R80.20 Endpoint Security Server R80.20  (ISO)

    Management Console Downloads

    Show / Hide this section

    Management Console for Endpoint Security Server

    The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

    Latest Versions

    Endpoint Security Server Package Link
    R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E81.20 (EXE)
    R80.20 SmartConsole for Endpoint Security Server R80.20 sk137593
    R80.30 SmartConsole for Endpoint Security Server R80.30 sk144293

    Previous Versions

    Endpoint Security Server Package Link
    R77.30 SmartConsole for Endpoint Security Server R77.30 / E81.00 and higher (EXE)
    R80.10 SmartConsole for Endpoint Security Server R80.10 (EXE)
    R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E81.00 and higher (EXE)
    R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E81.00 and higher (EXE)

    Utilities/Services Downloads

    Show / Hide this section
    Utilities

    Platform Package Description Link
    Windows SandBlast Agent Remediation Manager for Administrators

    The administrator utility contains the capabilities of the end-user utility plus these additional features:

    • Quarantine - Send files to quarantine. 
    • Delete - Use the SandBlast Agent remediation service to delete a file. 
    • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
    		 (EXE)
    Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
    R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

    For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

    Full Disk Encryption Offline Management Tool

    Platform Package Description Link
    Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
    Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

    Known Limitations

    Show / Hide this section
    Issue ID Description
    AHTP-14304 Password reuse limitation: When the user copies and pastes the password, the browser extension does not save its hash value. As a result, the password reuse trigger is not activated.
      In some cases Endpoint Security Client fails to upgrade with "Error 28151 - Verification of installation package failed" displayed in SmartEndpoint on Windows 7 when not connected to the internet. Refer to sk161873.
    Show / Hide this section      
    Document
    Endpoint Security Server
    R77.30.03 Management Endpoint Security Release Notes 
    R77.30.03 Endpoint Security Management Administration Guide
    R80.20 Release Notes
    Endpoint Security Clients
    E80.85 and higher Endpoint Security Client for Windows User Guide
    E81.20 Endpoint Security Client for Windows Release Notes
    Remote Access VPN Clients
    E81.20 Remote Access Clients for Windows Release Notes
    E80.72 and higher Remote Access Clients for Windows Administration Guide
    Capsule Docs Client
    E80.72 and higher Capsule Docs Plugin User Guide
    Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
    Capsule Docs Bulk Protection Services
    Capsule Docs Bulk Protection Guide

    For more information on Check Point releases see: Maintrain Release map, Maintrain Upgrade map, Maintrain Backward Compatibility map, Maintrain Releases plan.

    For more information on the Enterprise Endpoint Security Windows Client, see:

    You can also visit our Endpoint forum, Remote Access forum, Capsule Docs forum, or any other CHECKMATES forum to ask questions and get answers from technical peers and Support experts.

    Revision History

    Show / Hide this section
    Date Description
    07 Aug 2019 First release of this document.

    Give us Feedback
    Please rate this document
    [1=Worst,5=Best]
    Comment 

    SECURE YOUR EVERYTHING

    ©

    Copyright | Privacy Policy
    Follow Us