Adds a new protection in Static Analysis against CVE-2020-0601. This prevents the use of spoofed ECC (Elliptic Curve Cryptography) certificates on malicious executables.
Behavioral Guard now detects Windows-reported CVEs to generate a log and Forensic Analysis. An example is CVE-2020.0601. This is different from the Static Analysis protection that is not dependent on Windows-reported CVEs.
Behavioral Guard Meterpreter Reverse Shell detections are now active, by default.
Behavioral Guard new injection detections including Process Hollowing are now active, by default.
Forensics can now identify starting points of attacks originating from lateral movement and Windows Management Instrumentation (WMI). Indirect execution on a single machine through WMI is now detected and followed in the Forensics Analysis.
Resolves the issue where an Anti-Malware infection event is not showing in SmartEndpoint Reporting, if special characters are in the path.
Resolves an issue where Anti-Malware reporting does not update in SmartEndpoint, after the infections list changes in the Anti-Malware blade.
Fixes an Anti-Malware system scan memory issue, when scanning files with alternate data streams.
Fixes an issue that can cause the Anti-Exploit service to crash in x86 systems, after an upgrade.
Fixes a rare issue where the machine hangs during an upgrade (related to a driver that Anti-Exploit uses).
Fixes an issue where Anti-Exploit may not work immediately after an upgrade.
Anti-Bot detection status now updates to the server User Interface continuously for additions and removals from the client.
Behavioral Guard and Forensics
Improves performance slightly by removing unnecessary logs from Behavioral Guard.
Fixes an issue in the Forensics Log Card to report a trigger rather than the process of a trigger.
Fixes an issue with a Forensic crash in a Virtual Disk Infrastructure (VDI) environment.
Firewall and Application Control
Resolves a possible issue where the Firewall blade has the Initializing status after an upgrade due to some missing dll files.
Resolves a possible issue where registry parsing, while self protection is active, causes a BSOD.
Fixes the vsdatant.sys driver synchronization issue that causes a BSOD on driver unload.
Resolves the issue where Long Term Evolution (LTE) and Universal Mobile Telecommunication System (UMTS) devices are not recognized as wireless by the "Disconnect wireless connections when connected to the LAN" feature.
Full Disk Encryption
Resolves an incorrect report about the Full Disk Encryption blade not running during a Windows shutdown, when the Deployment Agent (CPDA) does not receive a shutdown notification.
Sets BCDBOOT as the default on fresh installs.
Fixes Unified Extensible Firmware Interface (UEFI) to use the customized image rebrandings of UEFI preboots.
No longer forces a reboot when the pre-boot bypass is off, by policy.
Media Encryption and Port Protection
Fixes and removes the requirement to install Visual Studio 2017 runtimes when running the Media Encryption offline utility "Access to Business Data". Note: The Mac offline utility now supports macOS Catalina (10.15).
Fixes an issue where the location inside the organization is not recognized properly.
Adds the detection of McAfee Security Endpoint v10.6 into Secure Configuration Verification (SCV).
Fixes an issue where the user is not able to use several question marks in the password.
Resolves a possible issue where the client upgrade fails, when the Anti-Malware blade cannot reach a database file, after an ungraceful process termination.
Resolves a sudden reboot, after a client upgrade finishes, before a custom countdown timer ends.
Resolves an issue where Installer terminates on machines with specific locales, if the user has a name with specific localized UTF-8 characters.
Resolves a possible issue where the installation fails, by waiting for a process from a previous installation to stop.
Increases the timeout value for Windows Installer (MSI) to wait for Full Disk Encryption to finish a deployment in offline mode.
Fixes the Full Disk Encryption uninstall, after a Windows 10 upgrade.
Fixes an issue with the Deployment Agent (CPDA). Now, it tries to resend the UpdateRegister message, when the machine has network configuration changes, if the message did not go through, during startup.
Resolves an issue where the "Disconnected Policy" is not defined, and appears in the display, when the client is connected.
Fixes the issue of duplicate user objects for the same user in Other Users / Computers.
Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint Security E82.40 Clients
E82.40 Endpoint Security Clients for Windows OS (Recommended)
A zip file that contains all package permutations listed below.
E82.40 Complete Endpoint Security Client for 32 bit systems