Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E81.40 Windows Clients
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E81.40
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • Important: Download SmartConsole with the E80.92 client to avoid "signature verification failed" messages when uploading the client to the SmartConsole.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E81.40 Endpoint Security Client Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • For E80.89 releases for Mac: Refer to sk131152 - Enterprise Endpoint Security E80.89 Mac Clients.
Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E81.40 Endpoint Security Clients for Windows OS
(ZIP)
VPN Standalone Client

E81.40 Remote Access Clients for Windows

(MSI)
Capsule Docs E81.40 Capsule Docs Standalone Client
(EXE)
Documentation E81.40 Endpoint Security Client for Windows Release Notes  

What's New in E81.40

Show / Hide this section

New Features

  • Static File Analysis is a new prevention technology based on Machine Learning.
    • The technology inspects hundreds of static features on executables created on the endpoint and uses a machine learning model to deliver a verdict.
    • The technology has a high detection rate and an extremely low false-positive rate. It is fast and it can reach a verdict in a few tens of milliseconds.
    • The impact on performance is negligible.
  • Mitre ATT&CKTM Matrix is now supported in Forensics. After an incident has been analyzed, Mitre ATT&CK techniques and tactics are identified and shown in the report.
    • Overview screen now shows the ATT&CK matrix.
    • Dedicated ATT&CK matrix screen in Suspicious Events Menu.
    • Dedicated view for all events from a technique including a description of the technique taken from Mitre.
    • Mapping of some Suspicious events that are not categorized by Mitre into Mitre tactics.
  • Anti-Exploit is now detecting on DejaBlue CVEs (CVE-2019-1181) for Windows 10 machines.
    • DejaBlue represents a new set of Remote Code Execution exploits similar to that of BlueKeep.
  • Remote Desktop Protocol identification in Behavioral Guard and Forensics.
    • Forensic reports now highlight if an incident start can be traced to a user who was logged in remotely.
    • When available remote machine name and IP will also be shown in the General screen.
    • If the remote connection was made from inside or outside the network is also available in the Overview screen.
  • Privilege Escalation identification in Behavioral Guard and Forensics.
    • Forensic reports now highlight privilege escalation.
    • Process integrity levels have been added to the Process Security tab in the Incident Details view.
  • Injection identification in Behavioral Guard and Forensics.
    • Forensic reports now showcase and highlight injections that happen during an incident.
    • Multiple injection detection rules have been developed. These will be enabled via automatic update once enough telemetry is available. 

Enhancements 

  • Compliance
    • Improves the running status detection of Windows Defender.
  • Anti-Malware
    • Fixes Anti-Malware system scan error when scanning nested archives.
  • Anti-Bot
    • Reduces Anti-Bot's false positives significantly with better classification of the detections. This reduction does not affect Anti-Bot's detection rate.
  • Anti-Ransomware, Behavioral Guard and Forensics
    • Improves Behavioral Guard performance by optimizing log creation.
    • Anti-Ransomware backup exclusions that are removed from the policy are now being enforced correctly and do not require a reboot.
    • Turning Anti-Ransomware off and on now correctly creates the honeypot folders.
    • Honeypots deleted and in the recycle bin are no longer monitored by Anti-Ransomware.
    • Improves Forensic algorithm to find all executions of the identified execution root if it is not trusted. This ensures that all instances of a malicious process are detected.
    • Forensics Reports now highlight Mitre ATT&CKTM Tactics and Techniques. The Mitre ATT&CKTM matrix has its own screen and shows in the overview.
    • Injections are now monitored in the Forensic Report. These are the changes and enhancements:
      • The attack start is not a process that was injected into if the injecting process is also part of the incident.
      • The Incident Details Tree and Tree-Timeline views now show all injection links.
      • Processes injected into now show up after the process creation time of the process starting the injection.
    • Forensics now calculates Process Integrity levels. This allows us to see privilege escalation in Forensic Reports. The Process Security Tab in Incident Details shows the integrity level.
    • Forensics reports now show if the user who was connected at the start of an incident was connected remotely. In the case of RDP, the machine name and the IP shows as well.
    • Adds new Overview screen slider in to switch between Mitre ATT&CKTM, Network Map and Execution Tree screens.
    • Adds new default exclusions for taskhost.exe and taskhostw.exe to improve Forensics performance.
    • Suspicious events and Mitre ATT&CKTM techniques will no longer treat 'deleted file' events similar to 'create' and 'modification' events. This reduces the occurrence of miss-classified events or techniques.
    • The Incident Details screen now opens correctly in response to a click on the process tree in the Forensics Overview screen.
    • When the Forensic report is viewed in smaller resolutions, the MD5 value in the General screen may cut off. A new tool-tip was added to show the entire MD5.
    • Forensic reports no longer scale infinitely with the display size. The max width and height is now 2560 x 1600 pixels.
    • Process argument strings in Forensics reports are now encoded so that Anti-Malware does not detect on them.
    • Attempting to open a Forensics report prior to the analysis completion will now correctly show an in-progress page.
  • Media Encryption and Port Protection
    • Enables copying of Alternate Data Streams (ADS) over NTFS together with the original filename to a removable drive upon user consent.
    • Resolves Authorization scan error "Internal scanner error" when scanning a USB device with McAfee AV.
    • Fixes the code so that using wildcards for custom settings in device exceptions now accepts the wildcards in any position of the string.
  • Threat Emulation and Anti-Exploit
    • Improves Threat Emulation performance significantly. The number of I/O operations and the CPU consumption are greatly reduced.
  • Firewall and Application Control
    • Fixes a rare race condition that might result in a BSOD during process termination.
  • Updater
    • Fixes an issue when MSI upgrade logs are not collected on the Czech version of Windows.
  • Browser Extension
    • Browser extension logs for TAC requests are now included when the user creates regular CPInfo logs.
  • General
    • SandBlast Agent can now work in front of Private ThreatCloud instead of Checkpoint ThreatCloud. This is useful for customers who have isolated environments that do not connect to Checkpoint ThreatCloud.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
  • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E81.40 Clients

Platform Package Description Link
Windows E81.40 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
E81.40 Complete Endpoint Security Client for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E81.40 Complete Endpoint Security Client for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E81.40 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E81.40 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E81.40 SandBlast Agent Client for 32 bit systems
SandBlast Agent package for 32bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)
E81.40 SandBlast Agent Client for 64 bit systems
SandBlast Agent package for 64bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
 (ZIP)
E81.40 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems
 (ZIP)
E81.40 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems 
 (ZIP)
E81.40 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)
E81.40 Threat Prevention Client for 32 bit systems Threat Prevention package for 32bit devices: 
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP)
E81.40 Threat Prevention Client for 64 bit systems Threat Prevention package for 64bit devices:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E81.40 Standalone Clients

Platform Package Description Link
Windows E81.40 Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
E81.40 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E81.40 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E81.40 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E81.40 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service.
(EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads

Show / Hide this section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).
 

R77.30.03

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE (sk92449) to the latest build.
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)

R80.30

 

Endpoint Security Server Package Link
R80.30
Endpoint Security Server R80.30  (ISO)

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E81.40 and higher (EXE)
R80.20
SmartConsole for Endpoint Security Server R80.20 / E81.40 and higher (EXE)
R80.30 SmartConsole for Endpoint Security Server R80.30 / E81.40 and higher
(EXE)

Previous Versions

Endpoint Security Server Package Link
R77.30 SmartConsole for Endpoint Security Server R77.30 / E81.40 and higher (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10 / E81.40 and higher (EXE)
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E81.40 and higher  (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E81.40 and higher
(EXE)

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows
Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery.
(TGZ)

Known Limitations

Show / Hide this section
Issue ID Description
AHTP-14739
Extension may fail to communicate with Threat Emulation Blade when HSTS header is used on localhost.
Show / Hide this section      
Document
Endpoint Security Server
R77.30.03 Management Endpoint Security Release Notes 
R77.30.03 Endpoint Security Management Administration Guide
R80.20 Release Notes
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E81.40 Endpoint Security Client for Windows Release Notes
Remote Access VPN Clients
E81.40 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
24 Sep 2019 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment