SandBlast Agent now uses ssdeep-computed Fuzzy Hashing to detect and block malicious files. This adds to the standard hash-based reputation check and to similarities through Static Analysis Machine Learning to improve SBA’s ability to catch polymorphic variants of known malware.
Adds a SandBlast Agent Chrome Browser Extension with URL Filtering capabilities. Note: The feature is available for SandBlast Agent Web Management users. It is in Early Availability mode for Chrome users. The Google Chrome-store update for the new browser extension may not be available yet. If the URLF policy page is visible on your web-management, the URLF is available.
File Reputation, Static File Analysis and Threat Emulation
SandBlast Agent now checks the reputation of files based on their similarity to a known ssdeep hash.
Fixes an issue where Anti-Exploit may not work immediately after an upgrade.
Anti-Ransomware, Behavioral Guard and Forensics
Fixes a rare Forensics service crash that can occur when a client disconnects from the Management server.
Improves Forensics performance by not monitoring Windows Update operations
Improves Forensics, Behavioral Guard and Threat Hunting performance slightly by filtering out some sensor data from well known processes.
Fixes the re-creation of certain folders such as the document folder if the admin redirects them.
Policy can now disable Forensic Analysis for Anti-Ransomware and Behavioral Guard.
Fixes a rare issue where the Anti-Ransomware backup driver may not stop on upgrades.
Fixes an issue that can prevent an Anti-Ransomware file backup due to a specific sequence of file modification operations.
Improves the time to detection for Behavioral Guard and Anti-Ransomware rules by prioritizing active rules over rules being field-tested.
Windows Management Instrumentation (WMI) executions are now supported in Behavioral Guard rules.
Full Disk Encryption
Suspended BitLocker drives now display as unencrypted.
Now shows the Caps Lock notification in the pre-boot password change dialog.
Fixes a rare Full Disk Encryption pre-boot loop.
Media Encryption and Port Protection
Resolves an authorization issue, when the scan fails if there are files with long paths on the media.
Fixes an issue with privilege escalation vulnerability, where a regular user might be able to execute arbitrary code with system privileges.
Resolves a possible issue where an Anti-Malware blade addition that uses Dynamic Package results in Anti-Malware in an error state.
Resolves an issue where a command line window pops up briefly during the installation of an exported package.
Resolves a possible issue where a client upgrade fails if it happens during a signature update.
Resolves a possible issue where the client upgrade fails due to the Vsmon shutdown time being longer than expected.
Resolves a possible issue where an upgrade that uses Dynamic Package fails when the zip file extraction fails.
Fixes an issue where the status of the client stays in "Deployment is in progress" although the deployment finishes successfully.
Fixes an issue where the tray icon of the Endpoint Security client is sometimes missing.
Resolves a possible issue where the client's failure to retrieve the SID does not show in the client UI.
Resolves an issue where the "Instprep.log" log file has no limit in size.
Resolves a possible issue where the reconnect tool doesn't restart the Device Agent service because of an incorrect certificate.
Resolves a possible issue where the client log viewer crashes.
The Anti-Bot blade is now "Anti-Bot and URL Filtering".
Resolves an issue where informative popups display although the policy for "Client User Interface Settings" is not set to "Show all notifications".
Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint Security E83.00 Clients
E83.00 Endpoint Security Clients for Windows OS - Dynamic package
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and above.
E83.00 Endpoint Security Clients for Windows OS (Recommended)
A zip file that contains all package permutations listed below.
E83.00 Complete Endpoint Security Client for 32 bit systems