Support for the Endpoint Security Clients on macOS Big Sur (11).
Machine Authentication for the VPN client. It allows to perform VPN authentication with a machine certificate from the system keychain of the macOS. Machine Authentication works in user and machine authentication mode, which is a combination of a machine certificate and the selected user authentication method.
Post-connect message for the VPN client. It allows to display a message to the end user upon every VPN connection. Now available for Windows clients as well. See sk75221 for configuration details.
The E84.30 release introduces a self-protection feature which prevents the deletion of Check Point files and the termination of Check Point processes by end-users. In this release, the self-protection feature is intended for specific customers only. If you wish to use the feature, contact Check Point Support.
Enhancements
This release includes stability, quality and performance fixes.
The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.
Endpoint Security Server
Package
Link
R77.30.03
SmartConsole for Endpoint Security Server R77.30.03 / E80.89
(EXE)
R77.20 EP6.2
SmartConsole for Endpoint Security Server R77.20 EP6.2 / E80.89
The Big Sur macOS may ask users to grant access to security modules after some special activities. In such cases, follow OS directives. To avoid this, we recommend MDM management tools to predefine the desired configurations.
EPS-29195
The Big Sur macOS version does not display correctly in SmartEndpoint reports.
AHTP-19465
The Forensics report does not show Network events.
AHTP-20017
Backup configurations for the file types in the Anti-Ransomware policy are not enforced.
AHTP-19924
Backup configurations for the file size in Anti-Ransomware policy are not enforced.
AHTP-15310
If nodeJS is installed on the Mac, build directories should be excluded in SBA policy (AR/EFR and TE) to improve performance.
EPS-23361
If the default name of the compliance rule for checking if assigned blades are running is changed, i.e. cloned or edited, this rule will not be applied to the macOS compliance blade. Then, on the server side there will be no compliance reporting (inform, warn, restrict). Client will also not go into the assumed compliance state.
ESVPN-1920
In some rare cases during the upgrade of VPN client from previous version, user may experience temporary inability to connect to VPN site. Delay may be from seconds to several minutes. To address this issue user should perform reboot of operating system.
ESVPN-2215
A certificate for user authentication should be stored in the keychain when you use Secondary Connect.
ESVPN-2521
Remote Access VPN clients do not support the use of a personal certificate as an authentication method if the saved certificate is on SmartCard. This is relevant for macOS 11 Big Sur.
Documentation and Related SecureKnowledge Articles