Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E83.20 Windows Clients Technical Level
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E83.20
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • Important: Download SmartConsole with the E80.92 client to avoid "signature verification failed" messages when uploading the client to the SmartConsole.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E83.20 Endpoint Security Client for Windows Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • For E83.20 releases for Mac: Refer to sk166955 - Enterprise Endpoint Security E83.20 macOS Clients.

Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E83.20 Endpoint Security Clients for Windows OS (ZIP)
E83.20 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E83.20 Remote Access Clients for Windows (MSI)
Capsule Docs E83.20 Capsule Docs Standalone Client (EXE)
Documentation E83.20 Endpoint Security Client for Windows Release Notes  
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

What's New in E83.20 

Show / Hide this section

New Features

  • SandBlast Agent Browser Extension now supports the Microsoft Edge (Chromium) browser
    The SandBlast Agent Edge (Chromium) extension supports all the functionality the SandBlast Agent Chrome extension supports:
    • URL Filtering (for Web Management users only)
    • File Download Protection
    • Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection
    • The Edge (Chromium) extension installs automatically when you install the SandBlast Agent, or upgrade to the Endpoint Security Client E83.20 version.
  • Detection of malicious LNK (Windows Shortcut) files
    • Behavioral Guard now analyzes the target of LNK files to determine if the file is malicious.
    • Forensics Analysis now determines if the start of an attack is from an LNK file.
    • Forensics Reports show the targets of all LNK files in an incident.
  • Content view in the Forensics report
    • Available from the Incident Details menu
    • Shows all LNK targets in the incident
    • Shows all AMSI content in the incident
  • "Pass The Hash" detection
    • Behavioral Guard now recognizes the "Pass The Hash" attempts.
  • Full Disk Encryption
    • The Full Disk Encryption pre-boot has a modernized look and feel along with updates to the color-theme and background images.

Enhancements

  • Anti-Malware
    • Fixes an issue where Anti-Malware status reports to the Windows Security Center do not work, if there are errors, or if the reports are disabled in the policy.
    • Resolves a possible issue where the Anti-Malware process crashes during the Endpoint Security Client upgrade.
    • Resolves an Anti-Malware signature update issue from an external server through a proxy.
    • Resolves an issue where no UserCheck message pops up and no log about the detection goes to the Endpoint Security Server when a JAR file is detected as malicious.
  • Anti-Ransomware, Behavioral Guard, and Forensics
    • Behavioral Guard now detects the Pass-The-Hash technique.
    • The Forensics service does not shut down and restart anymore during the Behavioral Guard Signature updates. The update process is faster as a result.
    • Adds new default exclusions to Anti-Ransomware to decrease the number of false positives.
    • Fixes an issue where Forensics can stop its responses if multiple triggers are in the queue, and the current analysis takes a long time to complete.
    • If the Forensics database does not contain a detected file or process, it now generates a minimal report with reputation.
    • If a detected URL is not in the Forensics database, Forensics now generates a minimal report with reputation.
    • Fixes a very rare issue of an infinite loop in Forensics.
    • Improves the Forensics performance as the result of decreased number of unnecessary registry operations.
    • If the reputation service is not available, the Forensic Analysis no longer treats unsigned processes as trusted processes.
    • Fixes a very rare issue in the termination of trusted processes that are part of a Forensics incident.
    • Fixes a rare issue where Forensics can lock up when it receives a new policy.
    • Fixes an issue where the Forensic Analysis fails when the trigger file has a short name.
    • Enhances Forensics analysis to identify attacks that start with Windows shortcut (LNK) files.
    • Adds a new screen to view all AMSI and LNK target content in an incident.
    • Fixes a Forensics report issue where a terminated process can appear in the "Already Terminated Processes" and "Terminated Processes" sections of the Remediation view.
    • The Remediation section of the Forensics report now mentions failures to access or use the remediation service.
  • Compliance
    • Resolves the client non-compliant state when the Windows Server Update Service (WSUS) compliance check configures regardless of the value set in the rule. See sk164060 for policy configuration details.
  • Media Encryption & Port Protection
    • Resolves an issue with the 3rd party backup application Veeam that fails to create a recovery media, if Media Encryption & Port Protection is installed.
  • Full Disk Encryption
    • Resolves the UseRec.exe crash when a recovery file contains users from several domains.
  • Installation
    • Resolves an issue after an upgrade, when the client UI language switches back to the default system language.
    • Resolves a rare issue where the Endpoint Security upgrade process does not complete because of a crash, but a new version registers.
    • Resolves a possible issue where the Endpoint Security Client upgrade fails with the error: "Wait for Install Helper process failed".
    • Resolves a possible issue where Endpoint Security Client upgrade fails with the error: "The paging file is too small for this operation".
    • Resolves a rare issue where Firewall policy is not set after an Endpoint Security Client upgrade.
    • Resolves a possible issue where the Endpoint Security Client upgrade fails with the error: "Changing configuration is not allowed, check the password".
  • Infrastructure
    • Endpoint Security Clients that are disconnected from the domain and use the same local SID can now connect to the management server as unique machines.
    • Resolves client registration issue where SmartEndpoint detects duplicates, when the client computer FQDN does not match the FQDN of its domain.
    • Optimizes the Endpoint Security processes monitor algorithm to decrease CPU consumption, when 3rd party Anti-Malware on-access scanners connect.
    • Introduces enhanced deployment capabilities for small fixes or patches with a new package type that installs changed files only.
    • Resolves CPDA.exe crashes where the Windows Management Instrumentation (WMI) service is disabled during a client upgrade.
    • Resolves the URL Filtering "waiting for policy" error after a client upgrade with the exported package, when the client is in the disconnected state.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
    • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E83.20 Clients

Platform Package Description Link
Windows E83.20 Endpoint Security Clients for Windows OS - Dynamic package Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and above. (EXE)
E83.20 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
E83.20 Complete Endpoint Security Client for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E83.20 Complete Endpoint Security Client for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
  (ZIP)
E83.20 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E83.20 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
  (ZIP)
E83.20 SandBlast Agent Client for 32 bit systems
SandBlast Agent package for 32bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
 (ZIP)
E83.20 SandBlast Agent Client for 64 bit systems
SandBlast Agent package for 64bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  (ZIP)
E83.20 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems  (ZIP)
E83.20 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems   (ZIP)
E83.20 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)
E83.20 Threat Prevention Client for 32 bit systems Threat Prevention package for 32bit devices: 
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
 (ZIP)
E83.20 Threat Prevention Client for 64 bit systems Threat Prevention package for 64bit devices:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
 (ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E83.20 Standalone Clients

Platform Package Description Link
Windows E83.20 Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
E83.20 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E83.20 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E83.20 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E83.20 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads 

Show / Hide this section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages). 

R77.30.03

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE (sk92449) to the latest build.
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)

R80.30


Endpoint Security Server Package Link
R80.30 Endpoint Security Server R80.30  (ISO)

R80.40


Endpoint Security Server Package Link
R80.40 Endpoint Security Server R80.40  (ISO)

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R80.40 SmartConsole for Endpoint Security Server R80.40 / E83.20 and higher sk165473
R80.30 SmartConsole for Endpoint Security Server R80.30 / E83.20 and higher sk153153
R80.30 SmartConsole for Endpoint Security Server R80.30 for BitLocker / E83.20 and higher (EXE)

Previous Versions

Endpoint Security Server Package Link
R80.20 SmartConsole for Endpoint Security Server R80.20 / E83.20 and higher sk137593
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E83.20 and higher (EXE)
R77.30 SmartConsole for Endpoint Security Server R77.30 / E83.20 and higher (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10 / E83.20 and higher (EXE)
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E83.20 and higher  (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E83.20 and higher (EXE)
Internal note - Above packages includes Recovery Image of version - 86.3.20.12

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
 (EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Show / Hide this section      
Document
Endpoint Security Server
R80.40 Release Notes
Endpoint Security R80.40 Administration Guide
R80.30 Release Notes 
Endpoint Security R80.30 Administration Guide
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E83.20 Endpoint Security Client for Windows Release Notes
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
Remote Access VPN Clients
E83.20 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

For more information on Check Point releases see: Maintrain Release map, Maintrain Upgrade map, Maintrain Backward Compatibility map, Maintrain Releases plan.

For more information on the Enterprise Endpoint Security Windows Client, see:

You can also visit our Endpoint forum, Remote Access forum, Capsule Docs forum, or any other CHECKMATES forum to ask questions and get answers from technical peers and Support experts.

Revision History

Show / Hide this section
Date Description
26 Aug 2020 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment