The E84.10 release introduces Threat Hunting, an investigative tool to collect all events from endpoints. This allows an Endpoint Security administrator to get the full scope of an attack, or to uncover stealth attacks. Threat Hunting also provides Security administrators with multiple manual remediation options, such as Quarantine, KillProcess and Forensics Analysis with remediation. Threat Hunting on-boarding instructions are available in sk170052
Anti-Malware can download signatures from an authenticated NTLM proxy with a logged in user's credentials.
The Anti-malware blade can now work in "Detect only" mode. See sk169753.
The E84.10 release adds the ability to display relevant certificates only during user authentication. See sk169453.
Adds the ability to disable client shutdowns through the Windows tray icon menu. See sk75221.
Adds the ability to define the site display name when you create a new VPN site with the trac.exe command line utility.
Endpoint Security can now connect to the Management server from an authenticated NTLM proxy with a logged in user's credentials.
Resolves a possible issue where Anti-Malware and UI processes crash during a machine shutdown.
Resolves a possible issue where the current Anti-Malware process crashes as Endpoint Security Client upgrades.
Anti-Ransomware, Behavioral Guard and Forensics
Fixes a Local Privilege Escalation vulnerability that relates to the Anti-Ransomware file restoration process.
Fixes a vulnerability that can allow arbitrary file deletions when files restore in Anti-Ransomware.
Fixes a very rare issue that can cause an upgrade to fail when it does not delete Anti-Ransomware related files.
Fixes an Anti-Ransomware False Positive from a Java installation.
Fixes an issue where only the first trigger information was correct among multiple LNK file related triggers in Behavioral Guard.
Reduces the likelihood that Forensics quarantines user documents and files from False Positives on Windows Servers.
Fixes a rare issue that can cause permanent high CPU usage while Forensics monitors specific API calls.
Fixes a rare race condition that can cause Forensics to use the default policy instead of the latest installed policy.
Fixes a crash that can occur in injected processes if Forensics receives multiple monitored API events within a short period of time.
Forensics can now parse and process Spanish Symantec triggers.
Full Disk Encryption
Allows BitLocker Management to install on hardware RAID disks.
Adds the ability to use high resolution custom images in the FDE pre-boot.
Adds support for disk sectors larger than 512 bytes in FDE.
CVE-2020-6015: Resolves a denial of service vulnerability in releases before E84.10 to prevent the storage of service log files in non-standard locations. This is relevant to clean installs only. Customers with completed installations of Endpoint Security are not vulnerable.
Resolves a possible issue where a clean install with dynamic package fails due to a missing selected .NET framework.
Resolves a possible issue where the "Upgrade Time Change" popup does not appear after upgrades fail.
Resolves a possible issue where no lock icon displays in the system tray after Endpoint Security Client fails to upgrade.
Resolves a possible issue where some Anti-Malware driver leftovers remain after an Endpoint Security Client uninstall.
Resolves a possible issue where an Endpoint upgrade fails when it tries to remove an existing version of the product.
Resolves a possible issue where the Endpoint uninstall fails as it tries to upgrade itself with a software deployment rule.
Improves the upgrade performance for Forensics blade installations.
Endpoint Security Client now ensures that blade logs and additional information go to the same policy server.
Resolves an issue where the Shutdown command does not execute from SmartEndpoint if a user on a client system does not have permission to perform a shutdown.
Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint Security E84.10 Clients
E84.10 Endpoint Security Clients for Windows OS - Dynamic package
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and above.
E84.10 Endpoint Security Clients for Windows OS (Recommended)
A zip file that contains all package permutations listed below.
E84.10 Complete Endpoint Security Client for 32 bit systems