- While self-protection is enabled, uninstalling or upgrading Endpoint Security will require the Organizational uninstall password.
- Organizational password is normally set in SmartEndpoint before any computers are connected. It can be updated at any time. See Administration guide.
- self-protection is available for Endpoint Security for Windows as well.
- In E84.30 for Mac this feature is disabled by default, but in future releases, it will be enabled.
- macOS 10.15 (Catalina) or later is required.
There are two options to enable Self Protection:
Enable self-protection by enabling feature flag inside installation package
After exporting the installation package zip from server, unzip and open the following file in a text editor:
Endpoint Security Installer.app/Contents/Resources/Configurations/.InstallationManifest.plist
Change the following setting from “false” to “true”
Manage self-protection after installation using cpSelfProtection utility
- The utility is located here:
/Library/Application\ Support/Checkpoint/Endpoint\ Security/cpSelfProtection
- It is possible to turn self-protection on/off.
- When self-protection is on, it is possible to temporarily disable it until next restart (reboot/upgrade) using enable/disable options.
- Note, it is possible to provide the password as an argument. If password is not provided, an authentication dialog will appear.
- To avoid authentication dialogs during upgrade, an MDM solution can use the utility to disable self-protection before running the upgrade.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.