Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E84.40 Windows Clients Technical Level
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E84.40
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E84.40 Endpoint Security Clients for Windows OS (ZIP)
E84.40 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E84.40 Remote Access Clients for Windows (MSI)
Capsule Docs E84.40 Capsule Docs Standalone Client (EXE)
Documentation E84.40 Endpoint Security Client for Windows Release Notes  
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

What's New in E84.40

Show / Hide this section

New Features

  • E84.40 introduces a new technique in Anti-Ransomware that significantly improves the time to detection of many ransomware families. This technique is behavioral. It is not based on signatures. It continues to work with all existing techniques. 
  • These sensors are now active in Threat Hunting and Forensics: 
    • Remote Execution
    • Service Creation
    • Process Discovery
    • Application Window Discovery
    • Scheduled Task
    • Screen Capture
    • Input Capture
    • DDE (Dynamic Data Exchange)

Enhancements

  • Anti-Malware 
    • Adds the ability to change the trusted processes flag mask to resolve high CPU usage by the PowerShell script. See sk171524 for more information.
    • Resolves an issue where Anti-Malware scanning cannot stop in the middle of an archive file scan.
    • Resolves an issue where Anti-Malware's web monitor blocks URLs although the Anti-Malware configuration runs the blade in "Detect Mode".
    • Resolves an issue where the Threat Prevention package contains a malformed Anti-Malware signature on x86 platforms for Endpoint Security Client versions E83.15 and higher.
  • Threat Hunting, Forensics, Behavioral Guard and Anti-Ransomware 
    • Significantly improves the time it takes to detect ransomware based on encryptions. The majority of ransomware attacks are now detectable after very few encryptions.
    • Adds a new Remote Execution sensor for Forensics and Threat Hunting. The sensor provides additional data about remotely executed processes.
    • Adds a new Service Creation sensor that integrates with both Threat Hunting and Forensics. This sensor identifies the target and the creation of a new service.
    • Adds a new Process Discovery sensor that integrates with both Threat Hunting and Forensics. This sensor identifies a process that tries to identify other running processes.
    • Adds a new Application Window Discovery sensor that integrates with both Threat Hunting and Forensics. This sensor identifies a process that queries other running processes with a GUI.
    • Adds a new Scheduled Task sensor that integrates with both Threat Hunting and Forensics. The sensor captures identifies the target and the type of a scheduled task as well as the process that initiates the scheduled task.
    • Adds a new Screen Capture sensor that integrates with both Threat Hunting and Forensics. The sensor identifies processes if they attempt to take screenshots.
    • Adds a new Input Capture sensor to identify processes that monitor keyboard activity. This data shows in the Forensics report and it is visible in Threat Hunting.
    • Adds a new DDE (Dynamic Data Exchange) sensor that integrates with both Threat Hunting and Forensics. The sensor identifies the use of DDE to execute a process.
    • Adds the ability to follow DDE executions in the Forensics analysis.
    • Renames Injections/Objects tab to Other Ops in the Tree and Tree-Timeline views of the Forensics report. Adds a new "Miscellaneous" table in the Other Ops tab to showcase information from all the new sensors such as Input Capture and Screen Capture.
    • Provides the ability to disable new Forensic sensors with policy.
    • Adds more information such as "start URL" and "start file" from the Forensic analysis entry point to the Forensic detection events in Threat Hunting.
    • Adds additional fields that relate to the trigger in the General view of the Forensics report. These include trigger process arguments, the actual trigger to start the analysis, and the trigger type.
    • Adds a description of the trigger or protection in the General View of the Forensics report.
    • Improves Anti-Malware integration with Forensics when it detects malicious behavior. Now a specific process triggers the Forensics analysis rather than all processes of a file. This significantly improves the accuracy of the Forensics report.
    • Fixes an issue where the Forensics memory utilization does not drop immediately for released memory.
    • Fixes an issue that can cause high CPU usage in Forensics.
    • Fixes an issue that can result in a slow termination of the Forensics service in an upgrade.
    • Improves the Forensic performance on Windows upgrades.
    • Improves Forensics performance with the optimization of the data that the remote login sensor sends.
    • Removes WMI-Get messages with no security value to improve Forensics performance.
    • Reduces the DNS-related socket operations when the DNS sensor is enabled to improve Forensics performance.
    • Fixes an issue that can cause an incorrect entry point in the Forensics analysis, when it does not accurately identify the System Process.
    • Fixes an issue in Forensics and Threat Hunting where the System Process incorrectly sets to PID 0 with the name "Unknown". Now the System Process correctly shows its name and PID 4.
    • Fixes an issue for Forensics analysis to handle 7zip correctly.
    • Fixes an issue where processes can add to the Forensic analysis incorrectly.
    • The Forensics analysis now looks for downloaded file information from SandBlast Agent for Browsers in MS Edge and Firefox.
    • Fixes an issue with the Forensics analysis that looks too far back to implicate a zip file.
    • Fixes an issue in the Forensics analysis where the Entry Point misses the opening of a zip file, included as part of an incident.
    • Enhances the Forensics analysis to follow file copies in the entry point.
    • Fixes an issue where the Forensics analysis does not determine the URL of a downloaded file, if the file data is not present from SandBlast Agent for Browsers.
    • Fixes an issue where certain views in Forensics can result in double vertical scrollbars, when they are not necessary.
    • Fixes an issue where the General screen information in the Forensics report does not show completely.
    • Fixes a rare issue where the DNS sensor does not activate.
    • The Anti-Ransomware UI no longer displays when Anti-Ransomware is set to "detect" mode. The UI appears when Anti-Ransomware is in "prevent".
    • Clicks on the unsigned process section in the Overview of the Forensics report now link to the General view instead of the Reputation view.
    • Fixes an issue with sorts of Socket Ops in the Forensics report.
    • The Socket ops table in the Forensic report's Tree and Tree-Timeline Views now show bytes sent, bytes received, and the direction of the connection.
  • Compliance
    • Resolves an issue where the Compliance Blade fails to check for the Cylance Protect status. 
    • Adds the ability to separate the Windows Server Update Services (WSUS) check to drivers and software. See sk164060.
    • Resolves an issue where the Compliance blade does not download a file during the Remediation phase without user permissions.
  • Firewall and Application Control
    • Resolves a rare issue where the "vsmon.exe" process crashes when the "Developer Protection" feature is enabled.
    • Resolves a rare issue where the Application Control blade causes "high CPU" usage due to some redundant validations.
    • Application Control's "Terminate On Execution" feature can now apply without a client reboot. See sk141692.
    • Improves the Firewall driver's unload capability when the Terminate on Execution feature is on.
  • VPN
    • Fixes an issue with the metric of the Virtual Network Adapter. See sk171378.
  • Anti-Bot and URL Filtering  
    • Corrects some fields in the SandBlast Agent Logs. 
  • SandBlast Agent's Browser Extension 
    • Improves the Zero-Phishing scanning algorithm to align with foreign language pages.
    • Edge-Chromium browser extension now installs even when the user does not connect to a domain.
  • Installation 
    • Endpoint Security's "Repair - Push Operation" now performs a client reboot only when necessary.
    • Resolves a possible issue where cpda.exe crashes as the client upgrades.
    • Resolves an issue where an installation does not work, when it resumes from an interrupted previous installation attempt which stops when the machine power is off.
    • A rollback from a failed upgrade of Endpoint Security Client versions prior to E83.10 requires a reboot. The installer now displays an appropriate message.
    • Resolves a rare case where the installation process can crash due to a race condition of an asynchronous task that accesses the installation log.
    • Resolves an issue where a consecutive installation attempt fails if it occurs after a failed clean install.
    • Resolves a rare issue where the upgrade fails with an installer error that shows an issue with access to the cached MSI of a previous version.
    • The Endpoint Security installer now installs .NET 4.8 if the installed .NET version is lower than 4.6.1.
    • Upgrades now succeed while Microsoft Sandbox or Application Guard runs.
  • Infrastructure 
    • Resolves an issue where the "Remote Deployment" fails when an "Initial Client" with the wrong certificate validation can not connect to the Management Server.
    • Resolves a rare issue where cpda.exe causes "high CPU" usage when it tries to check information about previous unexpected shutdowns.
    • Resolves a possible issue of high CPU usage in cpda.exe when it calculates the right proxy to use while the machine is in an offline state.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
    • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E84.40 Clients

Platform Package Description Link
Windows E84.40 Endpoint Security Clients for Windows OS - Dynamic package Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and above. (EXE)
E84.40 Endpoint Security Clients for Windows OS (Recommended) A zip file that contains all package permutations listed below. (ZIP)
E84.40 Complete Endpoint Security Client for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E84.40 Complete Endpoint Security Client for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E84.40 Complete Endpoint Security Client without Anti-Malware for 32 bit systems
A package for 32bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)
E84.40 Complete Endpoint Security Client without Anti-Malware for 64 bit systems
A package for 64bit devices that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
 (ZIP)
E84.40 SandBlast Agent Client for 32 bit systems
SandBlast Agent package for 32bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)
E84.40 SandBlast Agent Client for 64 bit systems
SandBlast Agent package for 64bit devices:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
 (ZIP)
E84.40 Full Disk Encryption and Media Encryption and Port Protection client for 32 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 32 bit systems  (ZIP)
E84.40 Full Disk Encryption and Media Encryption and Port Protection client for 64 bit systems Full Disk Encryption and Media Encryption and Port Protection package for 64 bit systems   (ZIP)
E84.40 Initial client Initial client is a very thin client without any blade used for software deployment purposes. (ZIP)
E84.40 Threat Prevention Client for 32 bit systems Threat Prevention package for 32bit devices: 
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP)
E84.40 Threat Prevention Client for 64 bit systems Threat Prevention package for 64bit devices:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E84.40 Standalone Clients

Platform Package Description Link
Windows E84.40 Remote Access Clients for Windows Remote Access VPN Client for SmartConsole-managed clients (MSI)
E84.40 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartConsole-managed clients only. (CAB)
E84.40 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E84.40 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartConsole-managed clients only. (CAB)
E84.40 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads 

Show / Hide this section

R81

Endpoint Security Server Package Link
R81 Endpoint Security Server R81 sk166715

R80.40

Endpoint Security Server Package Link
R80.40 Endpoint Security Server R80.40 sk160736

R80.30

Endpoint Security Server Package Link
R80.30 Endpoint Security Server R80.30 sk144293

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R81 SmartConsole for Endpoint Security Server R81  sk170116
R80.40 SmartConsole for Endpoint Security Server R80.40  sk165473

Previous Versions

Endpoint Security Server Package Link
R80.30 SmartConsole for Endpoint Security Server R80.30  sk153153
R80.20 SmartConsole for Endpoint Security Server R80.20  sk137593
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E84.20 and higher (EXE)
R77.30 SmartConsole for Endpoint Security Server R77.30 / E84.20 and higher (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10  sk119612
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E84.20 and higher  (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E84.20 and higher (EXE)
Internal note - Above packages includes Recovery Image of version - 86.4.20.12

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

Known Limitations

Show / Hide this section
Issue ID Description
ESVPN-2659 After a reboot, the VPN client might not display authentication certificates if these conditions all exist:
  • The Endpoint Security Suite has VPN and "Always Connect" is enabled.
  • The system has two or more users.
  • The VPN client uses certificates for authentication from the Windows store.
If the user cancels the connection and restarts it manually, the client shows certificates for authentication.

Note - The issue is only relevant for Endpoint Security Clients. Standalone Remote Access VPN clients do not experience this.
Show / Hide this section      
Document
Endpoint Security Server
R81 Release Notes
Endpoint Security R81 Administration Guide
Endpoint Security Web Management R81 Administration Guide
R80.40 Release Notes
Endpoint Security R80.40 Administration Guide
R80.30 Release Notes 
Endpoint Security R80.30 Administration Guide
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E84.40 Endpoint Security Client for Windows Release Notes
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
Remote Access VPN Clients
E84.40 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
31 Jan 2021 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment