Support Center > Search Results > SecureKnowledge Details
self-protection feature in Endpoint Security for Mac Technical Level
  • While self-protection is enabled, uninstalling or upgrading Endpoint Security will require the Organizational uninstall password.
  • Organizational password is normally set in SmartEndpoint before any computers are connected. It can be updated at any time. See Administration guide.
  • self-protection is available for Endpoint Security for Windows as well.
  • In E84.30 for Mac this feature is disabled by default, but in future releases, it will be enabled.
  • macOS 10.15 (Catalina) or later is required.
There are two options to enable Self Protection:

Enable self-protection by enabling feature flag inside installation package

After exporting the installation package zip from server, unzip and open the following file in a text editor: 
Endpoint Security
Change the following setting from “false” to “true”

Manage self-protection after installation using cpSelfProtection utility

  • The utility is located here:
/Library/Application\ Support/Checkpoint/Endpoint\ Security/cpSelfProtection 
  • It is possible to turn self-protection on/off.  
  • When self-protection is on, it is possible to temporarily disable it until next restart (reboot/upgrade) using enable/disable options.
  • Note, it is possible to provide the password as an argument.  If password is not provided, an authentication dialog will appear.
  • To avoid authentication dialogs during upgrade, an MDM solution can use the utility to disable self-protection before running the upgrade.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document