To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
The relevant links to documentation are located in the "Documentation" section.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
The relevant links to documentation are located in the "Documentation" section.
Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware
Adds a new sensor to monitor WMI-Get requests. Behavioral Guard rules can use data from the sensor. The data can appear in Forensics reports and in Threat Hunting.
The redesigned logon sensor for Forensics and Threat Hunting now shows all logon events in Threat Hunting, not just remote logons.
VPN
VPN can now display a warning message with custom text prior to a VPN connection. If the user accepts the conditions, VPN connects. If the user discards the conditions, VPN does not connect. Will be fully available in Q2 2021.
Infrastructure
This release adds the option to uninstall the Endpoint Security Client with a Push Operation from the Management Server. See sk170444 for more information.
Enhancements
Anti-Malware
Resolves a rare issue where the Anti-Malware blade downloads signatures from an external mirror instead of from the local Management Server.
Resolves a rare issue where the Anti-Malware Blade runs in "Disconnected Mode" with the "Disconnected" policy while the client still connects to the Management Server.
Resolves a rare issue where the Anti-Malware blade does not function correctly after the Endpoint Security Client's Repair procedure.
Resolves a rare issue where the Anti-Malware blade does not run correctly due to corrupted signatures.
Anti-Virus Resolves installation issue when the Endpoint Security Client does not install due to an Anti-Malware driver error.
Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware
Improves the performance of Forensics and lessens the time necessary for Windows Updates.
When the DNS sensor is active, Forensics does not monitor raw DNS data. This improves Forensics performance.
Forensics does not monitor specific instances of msiexec.exe related to installation and thus improves Forensics performance.
Fixes an issue that can lead to high CPU utilization during a maintenance purge of the Forensics database.
Improves performance by aggregating network events sent to Threat Hunting.
Adds the option in policy to disable and to enable the API sensor that injects and monitors processes.
Fixes an issue that can cause a crash in the Forensics service during an uninstallation.
Fixes a Forensics crash that involves badly formed Registry data.
Full Disk Encryption
BCDBOOT mode is now the default on upgrades.
Adds a new option to fdecontrol to set a custom message to display when UOL fails.
Media Encryption and Port Protection
Resolves a very rare issue where a machine with the Media Encryption blade may not function after a sleep or a long idle time if users configure SearchIndexer to index removable drives.
VPN
Fixes the issue where the VPN disconnects when the Windows desktop locks.
Installation
Resolves a rare issue where Dynamic Package upgrades can fail due to a locked file on the client.
Resolves a rare issue where the Watchdog does not start processes after an upgrade.
Resolves an issue where some leftovers remain in the registry after an Endpoint Security Client uninstall.
Resolves an issue where an Endpoint Security Client upgrade fails when it happens after an installation with a renamed exported file other than eps.msi.
Optimizes Endpoint Security Client Repair and Upgrade procedures with fewer and unnecessary file deletions.
Resolves an issue where the Repair procedure fails when it is unable to create a folder in %temp%.
Resolves an issue where the Endpoint Security Client Repair procedure fails after an upgrade procedure fails.
Infrastructure
Resolves a rare issue where the Endpoint Security Client upgrade downloads the dynamic package of files twice.
Optimizes Endpoint Security Client self-protection from intrusions by unwanted software programs.
Resolves a very rare memory allocation issue in the vsdatant driver.
Resolves an issue where the "Remote Install" feature makes only one registration attempt to the Management Server.
Resolves a rare issue where the Endpoint Security Client remains in an inconsistent state after an Operating System upgrade.
Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint Security E84.30 Clients
Platform
Package
Description
Link
Windows
E84.30 Endpoint Security Clients for Windows OS - Dynamic package
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and above.
(EXE)
E84.30 Endpoint Security Clients for Windows OS (Recommended)
A zip file that contains all package permutations listed below.
(ZIP)
E84.30 Complete Endpoint Security Client for 32 bit systems
Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartConsole-managed clients only.
(CAB)
E84.30 Capsule Docs Standalone Client
Capsule Docs package for environments that are managed by Capsule Docs Cloud Service.
(EXE)
Capsule Docs PC Viewer
Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs.
The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.
Latest Versions
Endpoint Security Server
Package
Link
R80.40
SmartConsole for Endpoint Security Server R80.40 / E83.20 and higher
The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
