Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E84.60 Windows Clients Technical Level
Solution

Table of Contents:

  • In a Nutshell
  • What's New in E84.60
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:

  • Refer to sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting in E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. To learn more see sk129753.
  • Important: Download SmartConsole with the E80.92 client to avoid "signature verification failed" messages when uploading the client to the SmartConsole.
  • The relevant links to downloads are located in the relevant section, i.e., Endpoint Security Server, Management Console, Endpoint Security Clients, Standalone Clients, Utilities/Services.
  • The relevant links to documentation are located in the "Documentation" section.
  • It is strongly recommended that you read the E84.60 Endpoint Security Client for Windows Release Notes, before installing this release.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.
  • For E84.30 releases for Mac: Refer to sk170513 - Enterprise Endpoint Security E84.30 macOS Clients.

Click Here to Show the Entire Article

In a Nutshell

Item Description Link
Managed Client E84.60 Endpoint Security Clients for Windows OS (ZIP)
E84.60 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E84.60 Remote Access Clients for Windows (MSI)
Capsule Docs E84.60 Capsule Docs Standalone Client (EXE)
Documentation E84.60 Endpoint Security Client for Windows Release Notes  
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

What's New in E84.60

Show / Hide this section

New Features

  • E84.60 introduces process terminations with Endpoint's Push Operation. See sk171910.
  • This version introduces "Super Nodes" where clients share Anti-Malware signatures for less external network use. See sk171703.
  • Anti-Ransomware, Behavioral Guard and Forensics 
    • Enhances Behavioral Guard Anti-Credential Theft technology to identify advanced dumping techniques. 
    •  Enhances Behavioral Guard LNK file detections to cover more advanced techniques and exploits. 
    • Adds a new zip sensor that scans the names of embedded files on zip creation and stores this information in Threat Hunting and Forensics. The Forensics Analysis uses this information to improve the Entry Point analysis. 
    • The remote execution sensor now stores information for executions when the technique is unknown. This shows in Threat Hunting as type "Unknown". 
    •  Significantly improves Forensics Analysis performance and memory usage. Larger analyses can be 90% faster and consume 50% less memory. 
    • Significantly reduces Forensic report size to allow faster downloads and views in SmartLog and Threat Hunting. 

Enhancements

  • Anti-Malware
    • Resolves an issue where the Anti-Malware blade applies new "Client Settings" policy only if there is an update of the Anti-Malware policy.
  • SandBlast Agent Static Analysis
    • Enhances the current machine-learning model with a significantly increased detection rate for executables.
  • Anti-Ransomware, Behavioral Guard and Forensics
    • Improves the credential dumping protection to detect non-standard techniques.
    • Fixes an issue where the most recent two versions of the Endpoint Security Client incorrectly disable Credential Dumping improvements.
    • Adds new capabilities to the LNK sensor that allow Behavioral Guard to improve its malicious LNK detection rate.
    • Adds the ability to exclude PowerShell file execution by a folder or a signer.
    • Adds a new sensor that monitors the creation of zip files and stores the zipped content information for Forensics and Threat Hunting.
    • Significantly improves the Forensics analysis time and memory usage. The more complex the analysis, the greater the improvement.
    • Reduces the average size of the Forensics report by 40%. The larger the report, the greater the improvement.
    • Remote executions now show as generic remote execution records, if they do not map as one of the supported types.
    • Fixes an issue in the remote execution sensor for Forensics that causes an incorrect mapping of the source machine IP in rare scenarios.
    • Fixes an issue where Remote Desktop Protocol (RDP) connections incorrectly show as remote executions.
    • Reduces the Remote execution sensor's memory usage in Forensics.
    • Fixes a very rare crash in the Forensics component.
    • Improves Forensics performance on machines with the reduction of logged exceptions when a sensor does not activate.
    • Improves Forensics performance with the reduction of logged exceptions when reputation is not available.
    • Improves the performance of Behavioral Guard's rule matching when looking at file-related behaviors.
    • Fixes an issue where Forensics can cause high CPU usages when the reputation service is inaccessible.
    • Adds an optimization that improves the performance of the File Sensor in Forensics as it deletes duplicated records.
    • Fixes multiple issues in missing Forensic log information. Now the resource field and related file fields display correctly where relevant.
    • Fixes an issue where the associated Forensics log for an Anti-Ransomware event sends out a few hours later.
    • Fixes an issue where the Anti-Ransomware does not restore deleted honeypot files.
    • Fixes an issue where file operations may be lost immediately after the creation of an LNK file.
    • Fixes a rare issue where the user login information in a Forensics report does not calculate correctly.
    • Fixes an issue in the Forensics Analysis entry point where an incorrect process shows for files that download in the presence of the browser extension.
    • Fixes an issue where a GPO launched detection no longer adds other GPO scripts and processes to the Forensics incident.
    • Fixes an issue where a file operation does not show in the Forensics report if the operation succeeds after a failure.
    • Fixes an issue where the Forensics Report Overview redirects incorrectly if there is no execution tree or network data in the report.
    • Adds a new icon for unsigned and unknown reputation processes in the Forensics report.
  • Firewall and Application Control
    • Resolves a rare issue where the Application Control Process (Vsmon.exe) crashes when the "Termination On Execution" feature is set in policy.
  • Full Disk Encryption
    • Resolves an issue where 2 reboots are needed for the install of FDE in offline mode.
    • Pre-boot bypass with the Trusted Platform Module (TPM) resolves the issue with reboots during a Windows startup.
    • Improves the stability for reboots during the initial encryption of UEFI machines.
    • Improves Windows upgrades with FDE to address mistakes if the user does not follow sk120667.
    • The initial encryption of FDE for only data is now part of the FDE policy. See sk102026 for more details.
  • Media Encryption and Port Protection
    • Fixes the issue where Windows 10 upgrades require an extra restart to repair Media Encryption and Port Protection. Now, an extra restart is only necessary for Windows 10 version 1709 and lower.
    • Enhances the procedures for virtual drives to prevent file operation interruptions.
  • VPN
    • Fixes an issue with Always Connect after a reboot, if the user authenticates with the certificate from the CAPI store.
    • Fixes SCV for the TrendMicro Anti-Virus.
    • Corrects Japanese and Chinese text.
    • Adds stability improvements.
  • SandBlast Agent Browser Extension
    • Adds redesigned block-pages for URL Filtering, Zero Phishing, and Corporate Password Reuse. The new pages show when the browser extension blocks a page and notifies the user.
  • Installation
    • Resolves an issue where a redundant reboot occurs after an Endpoint Security Client upgrade due to an inaccurate calculation of the blades list.
    • Resolves an issue where the "Upgrade Now" option is still available after a manual upgrade.
    • Resolves an issue where the Endpoint Security Client does not connect and the VPN site configuration is missing after a clean install from an exported package, when the username has spaces and 8.3 names are disabled in the target OS.
    • Resolves an issue where it is not possible to access the cached MSI of a previous version during an Endpoint Security Client upgrade.
    • Fixes an issue where the client uninstall through the "Uninstall all blades" operation does not complete.
    • Improves the Endpoint Security Client installation performance when Full Disk Encryption (FDE) is in offline mode.
    • Fixes an issue where the client does not connect to the server after a clean installation of an exported dynamic package.
  • Infrastructure
    • Resolves high CPU usage by the EP Watch Dog (EPWD) process while it tries to restart a monitored process. 
    • Resolves an issue when 'Hosts' and 'Imhosts' files (at 'C:\Windows\System32\drivers\etc') are locked and users can not edit them. 
    • Resolves an issue where most blades falsely show as not active for a few seconds after an Endpoint Security Client upgrade.
    • Resolves a rare issue where the blades falsely show as not active due to internal communication issues. 
    • Increases the internal report buffer size to allow more reports to reach the server when the network throughput is low.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
    • Starting from E80.85, SandBlast Agent improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.

  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E84.60 Clients

Platform Package Description Links
Windows
Endpoint Security Clients for Windows OS - Dynamic package (Recommended, with R80.40 and higher):
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and higher.
(EXE)
Initial client:
Initial client is a very thin client without any blade used for software deployment purposes.
(ZIP)
Package Description 32bit 64bit
A package that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
A package that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
SandBlast Agent package:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)  (ZIP)
Full Disk Encryption and Media Encryption and Port Protection package:
Full Disk Encryption and Media Encryption and Port Protection package.
 (ZIP)  (ZIP)
Threat Prevention package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP) (ZIP)
Package Description Links
Endpoint Security Clients for Windows OS - Full:
A zip file that contains all package permutations listed above (excluding Dynamic package and Initial client)
(ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E84.60 Standalone Clients

Platform Package Description Link
Windows E84.60 Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
E84.60 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E84.60 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E84.60 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E84.60 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads 

Show / Hide this section

R81

Endpoint Security Server Package Link
R81 Endpoint Security Server R81 sk166715

R80.40

Endpoint Security Server Package Link
R80.40 Endpoint Security Server R80.40 sk160736

R80.30

Endpoint Security Server Package Link
R80.30 Endpoint Security Server R80.30 sk144293

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R81 SmartConsole for Endpoint Security Server R81  sk170116
R80.40 SmartConsole for Endpoint Security Server R80.40  sk165473

Previous Versions

Endpoint Security Server Package Link
R80.30 SmartConsole for Endpoint Security Server R80.30  sk153153
R80.20 SmartConsole for Endpoint Security Server R80.20  sk137593
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E84.20 and higher (EXE)
R77.30 SmartConsole for Endpoint Security Server R77.30 / E84.20 and higher (EXE)
R80.10 SmartConsole for Endpoint Security Server R80.10  sk119612
R77.30 EP6.5 SmartConsole for Endpoint Security Server R77.30 EP6.5 / E84.20 and higher  (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E84.20 and higher (EXE)
Internal note - Above packages includes Recovery Image of version - 86.4.20.12

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows SandBlast Agent Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the SandBlast Agent remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Show / Hide this section      
Document
Endpoint Security Server
R81 Release Notes
Endpoint Security R81 Administration Guide
Endpoint Security Web Management R81 Administration Guide
R80.40 Release Notes
Endpoint Security R80.40 Administration Guide
R80.30 Release Notes 
Endpoint Security R80.30 Administration Guide
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E84.60 Endpoint Security Client for Windows Release Notes
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
Remote Access VPN Clients
E84.60 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
15 Mar 2021 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment