Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E84.20 Windows Clients Technical Level
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E84.20
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E84.20 Endpoint Security Client for Windows Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • Known Limitation (ESVPN-2501 - The Endpoint Security VPN disconnects when the Windows desktop locks.) has been resolved in E84.30.
  • For E83.20 releases for Mac: Refer to sk166955 - Enterprise Endpoint Security E83.20 macOS Clients.

Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E84.20 Endpoint Security Clients for Windows OS (ZIP)
E84.20 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E84.20 Remote Access Clients for Windows (MSI)
Capsule Docs E84.20 Capsule Docs Standalone Client (EXE)
Documentation E84.20 Endpoint Security Client for Windows Release Notes  
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

What's New in E84.20

Show / Hide this section

New Features

  • Remote Installation of Initial Client 
    • In Endpoint Security Client E83.30 and higher, you can now install the Initial Client remotely without third party tools. See the SandBlast Agent Administration Guide for more information. 
  • Virtual Desktop Infrastructure
    • Endpoint Security now supports Citrix VDI (Virtual Desktop Infrastructure) for persistent and non-persistent virtual machines. See sk167072.
  • Firewall and Application Control
    • Endpoint Security Client supports a new "Isolated" mode that isolates the computer from the outside world. See sk169758.
    • The Application Control blade can now choose to terminate applications on execution through policy. See sk141692.
  • VPN
    • Adds an option to switch the language of the user interface to the Windows locale. See sk75221 for configuration information
      • The option only affects standalone clients.
      • The installation process sets the language of the Endpoint Security full suite and the user cannot change it after the installation.
    • Adds the ability to withhold the name of the last VPN user. See sk75221 for configuration information.
  • Media Encryption and Port Protection
    • A new file audit log value contains the sha256 file checksum for written files on removable medias.
  • Infrastructure
    • The Endpoint Security Client now includes the Greek language.

Enhancements

  • Anti-Malware 
    • Resolves an issue where the Anti-Malware engine delays its start for a few seconds after the application of a new policy.
  • Threat Hunting
    • Introduces the ability to isolate a machine through the Threat Hunting interface.
    • Fixes a rare issue with the Threat Hunting batch size where large batches block all data reporting until the next reboot.
  • Threat Emulation and Anti-Exploit
    • Anti-Exploit now blocks the actively exploited vulnerability CVE-2020-17087.
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Fixes an issue that can cause a delay for an Anti-Ransomware detection when a specific Windows process is active.
    • Reduces false positives in Anti-Ransomware with improvements to the thresholds for detecting mass encryption.
    • Improves performance for a hard-coded Anti-Ransomware feature with a move to Behavioral Guard. Rule updatability and exclusions for this feature are now possible in Behavioral Guard.
    • Anti-Ransomware exclusions now support environment variables.
    • Improves the Credential Dumping detection technique to reduce False Positives.
    • In Server environments, Forensics no longer delete files created by Windows processes that may do a lot of file processing.
    • Fixes a rare issue where Forensics drivers do not enforce exclusions. Forensics now enforces exclusions in user mode to handle these rare scenarios.
    • Fixes an issue where the Forensics Analysis fails to add a process to the incident model.
    • Fixes an issue which causes high CPU usage while Forensics purges older database data.
    • Windows scripts processes such as PowerShell.exe and wscript.exe are now "Suspicious" in Forensics Analysis. Remediation settings for "Suspicious" processes now apply.
  • Firewall and Application Control
    • Resolves a rare issue where the Firewall and Application Control process consumes high CPU on a blade startup.
    • Resolves a rare issue where the Firewall blade still blocks IPv6 traffic after the user stops network protection.
  • Full Disk Encryption
    • Fixes the issue where there is an unapplied preboot bypass configuration during the Operating System upgrade.
    • Fixes an incompatibility with the Google Drive File Stream where the EPS client can not install, upgrade or delete with the FDE blade.
    • Fixes the stretched screen in preboot on certain machines.
    • Fixes a rare scenario where Self Encrypting Disks are stuck on 0% encryption.
    • Fixes an issue with Smart Card single sign-on.
  • URL Filtering
    • URL Filtering now supports Mozilla Firefox along with the Chrome and Edge-Chromium browsers.
  • Installation  
    • Resolves a rare issue where the Anti-Malware and Firewall blades do not unregister "Windows Security Center" correctly in Endpoint client uninstalls.
    • Resolves a rare issue in the Software deployment process where the package downloads while it already resides on the disk.
    • Resolves a rare issue where an Endpoint Security Client upgrade fails due to an Anti-Malware upgrade failure.
    • Resolves an issue where a command line window pops ups for a few seconds in the Anti-Malware uninstallation process.
    • Resolves a rare issue where an Endpoint Security component (cpda.exe) silently crashes as it tries to gather information from the installation file.
    • CVE-2020-6021: Resolves an issue in Check Point Endpoint Security Client for Windows prior to version E84.20 where users have write access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker prior to E84.20 can initiate the installation repair and place a specially crafted DLL in the repair folder which runs with the Endpoint Security Client’s privileges.
  • Infrastructure 
    • Resolves a rare issue where an Endpoint Security component (cpda.exe) crashes during the Endpoint Security Client upgrade process.
    • Resolves a rare issue where the Windows Security Center does not recognize Anti-Malware and Firewall blades correctly.
    • Non-Persistent VDI is now configurable through policy. See the Endpoint Security VDI Administration Guide.
    • Resolves an issue where clients enter the Restrict state by mistake after the client removes a blade from the command line.
    • Resolves a rare issue where the client User Interface does not appear after a clean Endpoint Security Client installation.
    • Resolves a rare issue where an Endpoint Security Client component (cpda.exe) leaks memory as it attempts upgrades.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
    • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E84.20 Clients

Platform Package Description Link
Windows E84.20 Endpoint Security Clients for Windows OS - Dynamic package Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and above. (EXE)
E84.20 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
E84.20 Complete Endpoint Security Client for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E84.20 Complete Endpoint Security Client for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E84.20 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E84.20 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E84.20 SandBlast Agent Client for 32 bit systems
SandBlast Agent package for 32bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)
E84.20 SandBlast Agent Client for 64 bit systems
SandBlast Agent package for 64bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
 (ZIP)
E84.20 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems  (ZIP)
E84.20 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems   (ZIP)
E84.20 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)
E84.20 Threat Prevention Client for 32 bit systems Threat Prevention package for 32bit devices: 
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP)
E84.20 Threat Prevention Client for 64 bit systems Threat Prevention package for 64bit devices:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E84.20 Standalone Clients

Platform Package Description Link
Windows E84.20 Remote Access Clients for Windows Remote Access VPN Client for SmartConsole-managed clients (MSI)
E84.20 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartConsole-managed clients only. (CAB)
E84.20 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E84.20 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartConsole-managed clients only. (CAB)
E84.20 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads 

Show / Hide this section

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).
 

R77.30.03

Clean installation and In-Place Upgrade

  • Before installing the hotfixes, you need R77.30 to be installed and to update CPUSE (sk92449) to the latest build.
  • You must install the R77.30 Jumbo Hotfix for Endpoint Security Server before you install the Endpoint Security Server Package for Gaia OS.
Order of Installation Package Link
1 R77.30 Jumbo Hotfix for Endpoint Security Server (TGZ)
2 R77.30.03 Endpoint Security Server Package for Gaia OS (TGZ)

R80.30


Endpoint Security Server Package Link
R80.30 Endpoint Security Server R80.30  (ISO)

R80.40


Endpoint Security Server Package Link
R80.40 Endpoint Security Server R80.40  (ISO)

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R80.40 SmartConsole for Endpoint Security Server R80.40 / E83.20 and higher sk165473
R80.30 SmartConsole for Endpoint Security Server R80.30 / E83.20 and higher sk153153

Previous Versions

Endpoint Security Server Package Link
R80.20 SmartConsole for Endpoint Security Server R80.20 / E83.20 and higher sk137593
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E84.20 and higher (EXE)
R77.30 SmartConsole for Endpoint Security Server R77.30 / E84.20 and higher (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10 / E83.20 and higher sk119612
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E84.20 and higher  (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E84.20 and higher (EXE)
Internal note - Above packages includes Recovery Image of version - 86.4.20.12

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

Known Limitations

Show / Hide this section
Issue ID Description
EPS-29062

Remote Install (New Feature for this release) - The package only downloads if the domain admin user has automatic access in the configured proxy.

EPS-29473

Installation - Prevents the initiation of repair and uninstall by underprivileged users. Administrative user elevation is required to initiate the procedures.

EPS-28715

The E84.20 Endpoint Security Client uses a new log schema. On servers with versions R80.10 and lower, the schema should have a manual installation.

ESVPN-2501

The Endpoint Security VPN disconnects when the Windows desktop locks. Refer to sk170854

Show / Hide this section      
Document
Endpoint Security Server
R80.40 Release Notes
Endpoint Security R80.40 Administration Guide
R80.30 Release Notes 
Endpoint Security R80.30 Administration Guide
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E84.20 Endpoint Security Client for Windows Release Notes
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
Remote Access VPN Clients
E84.20 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
24 Nov 2020 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment