Support Center > Search Results > SecureKnowledge Details
self-protection feature in Endpoint Security for Mac Technical Level
Solution
Important:
  • While self-protection is enabled, uninstalling or upgrading Endpoint Security will require the Organisational uninstall password.
  • Organisational password is normally set in SmartEndpoint before any computers are connected. It can be updated at any time. See Administration guide.
  • self-protection is available for Endpoint Security for Windows as well.
  • In E84.30 and E84.70 this feature is disabled by default, but in future releases, it will be enabled.
  • macOS 10.15 (Catalina) or later is required.


Manage self-protection after installation using cpSelfProtection utility

  • The utility is installed here:
/Library/Application\ Support/Checkpoint/Endpoint\ Security/cpSelfProtection
  • Using the utility, it is possible to change self-protection either temporarily (enable/disable) or permanently (on/off ).
  • It is possible to provide the password as an argument.  If password is not provided, an authentication dialog will appear.
  • To avoid authentication dialogs during upgrade, an MDM solution can use the utility to disable self-protection before running the upgrade.
  • Note that if cpSelfProtection is run from a terminal with the password provided as an argument, the password may be saved in the history file. It can be removed by using this command: "history -c" (This command will prevent anything in your current session from being written to your long-term history, but does not clear out that long-term history).
  • If cpSelfProtection is run from an MDM, then the script itself will contain the password, so that script should be removed from machine after usage.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment