Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E85.10 Windows Clients Technical Level
Solution
  • New Features
  • In a Nutshell
  • Enhancements
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

  Endpoint Security Homepage is now available.

Notes:

Click Here to Show the Entire Article

List of New Features in E85.10

Show / Hide this section

New Features


Enter the string to filter the below table:

ID Issue
General
EPS-32131 Sandblast Agent is now called Harmony Endpoint.
EPS-32130 Portuguese language support was added to the client UI. 
Firewall and Application Control
EPS-31772 During an upgrade from E85.10, the firewall stays connected.
VPN
ESVPN-2741 For standalone VPN clients (Endpoint Security VPN, Check Point Mobile, SecuRemote), there is an option to suppress the firewall compliance warning, if the firewall is not part of the installation.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-22616 Threat Hunting includes the ability to view MAC addresses for every computer sending data.
AHTP-22619 Added a new sensor to extract the contents of newly created Batch files. This data can be viewed in the Forensics reports, as well as in Threat Hunting.
AHTP-22624 There is a new CLI utility to restore all files from the backup and restoration folder manually.
AHTP-22307 New Outlook sensor installed as an add-in is now available to report high-level email data to Threat Hunting. In addition, attacks that started with an email attachment now show the email details in Forensics. Note: Contents of the email are not stored.
Harmony Endpoint Browser Extension
AHTP-22169 Browser Extension New Capability: Enforce Safe Search

The Administrator can compel his Endpoint users to use the "Safe Search" feature when they employ the Google, Bing and Yahoo search engines.

"Enforcing Safe Search" is done by configuring the Web-protection policy.

The Endpoint user is unable to change these settings.

For more information about Safe Search, refer to: 
https://support.google.com/websearch/answer/510?co=GENIE.Platform%3DAndroid&hl=en
Infrastructure
EPS-32154  Enables you to assign the "Connected" policies to a configured inner source location, instead of to the Endpoint Management Server. This allows you to distinguish if the Endpoint Security Client is in the organization network or not.


In a Nutshell

Item Description Download Link
Managed Client E85.10 Endpoint Security Clients for Windows OS (ZIP)
E85.10 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E85.10 Remote Access Clients for Windows (MSI)
Capsule Docs E85.10 Capsule Docs Standalone Client (EXE)
Documentation E85.10 Endpoint Security Client for Windows Release Notes  
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

List of Enhancements in E85.10

Show / Hide this section

Enhancements


Enter the string to filter the below table:

ID Description
Anti-Malware
EPS-32127 Resolves an Anti-Malware initial scan scheduling issue when a signature update was started with the default policy.
EPS-32232 Resolves an issue with the Anti-Malware signatures update schedule if there is an update failure.
EPS-32097 Resolves a rare issue where after an Endpoint Security Client upgrade, the Anti-Malware's contextual menu is missing.
EPS-32211 Resolves an issue where the Endpoint Client reports an invalid Anti Malware brand-name to the Management Server.
EPS-32419 Anti-Malware signature update failure is now reported as Medium severity for the first 48 hours.
Anti-Ransomware, Behavioral Guard and Forensics
EPS-32643 Fixes a rare case of high CPU usage due to a race condition.
AHTP-22275 Forensic Analysis Events are now sent with the correct analysis time to Threat Hunting. Previously, the time sent was that of the trigger process.
AHTP-22263 Fixes an issue where the Forensic Analysis did not follow an injection to a Windows startup process.
AHTP-22142 Fixes an issue where the target of an injection was not being correctly assigned by the API sensor.
AHTP-22296 Anti-Malware AMSI detections should now correctly generate a Forensic report.
AHTP-22277 Improved functionality of Threat Hunting by no longer converting AMSI script data to lower case.
AHTP-22217 Fixes a performance issue with Behavioral Guard rule evaluation of large scripts.
AHTP-22312 Improved performance of the Forensics DB purge when it has a huge number of processes.
AHTP-22310 Fixes an issue in a rare scenario where full certificate chain verification was not being done for file signatures.
AHTP-22308 Fixes a small memory leak that would occur if Forensics initialization of the ETW sensor failed.
AHTP-22303 McAfee behavioral detections are now analyzed by Forensics.
AHTP-22309 Forensic Reports and Anti-Ransomware screens are rebranded to Harmony Endpoint.
AHTP-22613 Improved Forensics performance by aggregating network data from the same process.
AHTP-22614 Fixes an issue with the key logging sensor that fails to detect key logging in certain Windows 10 configurations.
AHTP-22534 Fixes an issue where the contents of the Anti-Ransomware backup folder is purged, if restoration is attempted to a mounted disk.
AHTP-22615 Removes the restriction in the WMI-Get sensor to get data from PowerShell and RunDLL32.
AHTP-22364  Removes an optimization that prevented Behavioral Guard from analyzing potential malicious PowerShell files.
AHTP-22219 Fixes an issue in the Remote Execution sensor that could have led to an incorrect correlation with an external machine.
AHTP-22621 Fixes a rare issue in the Process Discovery sensor that causes the event to be missed.
AHTP-22608 Fixes an issue where a certain type of Ransomware attack is occasionally not detected after an upgrade or clean install.
AHTP-22617 Anti-Ransomware detections on the System process trigger an automatic host isolation in order to stop the machine from being encrypted remotely.
AHTP-22618 Added a new Push Operation to allow purging of the Anti-Ransomware Backup database from the Management.
AHTP-22305 Fixes an issue where Anti-Malware did not correctly inform Forensics about AMSI based detections.
AHTP-22304 Behavioral Guard script evaluations now have a timeout to improve performance.
AHTP-22620 Added new dynamic exclusions in Forensics to improve the performance on the servers.
AHTP-22036 Anti-Ransomware Restoration Push Ops now have a higher minimum timeout to prevent the incorrect reporting of a failure.
AHTP-22446 Fixes an issue in the Forensics Analysis where the Entry Point file that is opened in a process is not being correctly determined.
AHTP-22488 Fixes an issue in the Forensic Analysis for the Entry Point, where if a file is renamed many times, and the source file for one of the renamings is missing, then all renamings are lost.
AHTP-22653 Fixes an issue in the Service Creation sensor, in which the sensor did not correctly support services with backslash or forward slash characters.
AHTP-22492 Fixes an issue in the Forensic Analysis, where if a file is being downloaded to a location where the file name already exists, then the correlation in the Entry Point fails.
AHTP-22467 Fixes a very rare Forensics Analysis issue with the parsing of process parameters that could lead to an incomplete analysis.
AHTP-22489 Fixes an issue in the Forensics Analysis Entry Point calculation, where if a file downloaded from the browser does not have a hash, the source URL is not determined.
Firewall and Application Control
EPS-30513 Performance improvement to Application Control's "Termination on execution" feature.
EPS-30957 Resolves a rare issue where Endpoint's vsmon.exe process crashes when a new policy is deployed during machine shutdown.
EPS-31483 Resolves a rare issue where Endpoint's vsmon.exe process crashes when the Developer Protection feature is enabled.
EPS-31757 Host isolation feature now allows EFR to send data to EFR online services.
EPS-32647 Resolves a possible issue where "Windows Defender Security Center" displays "Action needed in Check Point Endpoint Security Firewall" due to a wrong path calculation.
EPS-32649 Threat Hunting script data now maintains case sensitivity. This also ensures that base64 strings will be decodable.
Full Disk Encryption
EPS-3187 The BitLocker Management service reduces the CPU usage of its internal reporting framework.
EPS-32357 Fixes a rare issue where FDE pre-boot crashes when it switches from BitLocker to Check Point FDE.
EPS-31803 The Full Disk Encryption pre-boot can now detect and handle an updated Windows boot manager on systems with UEFI firmware.
EPS-31367 The Full Disk Encryption OneCheck lock screen and the pre-boot background have been updated to use Harmony Endpoint images.
Media Encryption and Port Protection
EPS-32124 Improved Italian translation for MEPP during device scanning and authorization.
VPN
ESVPN-2741 Stability enhancement when switching users, or doing logout/login.
Compliance
EPS-31597 Resolves a rare issue where the Compliance blade fails to start after a successful Endpoint Security client upgrade when used on a very slow machine.
EPS-32121 Resolves an issue where the Compliance Remediation feature creates files with System permissions instead of user's permissions.
EPS-32506 The Compliance blade is able to verify that the Crowdstrike Falcon Endpoint product is up and running.
Harmony Endpoint Browser Extension
AHTP-19468 The Harmony Browser Extension for Firefox is now automatically updated from the Cloud. Every Firefox client will always use the latest version of the browser extension, without any user intervention.
Installation
EPS-32153 Fixes the issue where default policies are not installed immediately by the package exported from the Web Management portal.
EPS-32159 The Repair option is disabled for EPS that is installed via an exported Dynamic Package. You can repair it, by deploying the exported Dynamic Package for an already installed version.
EPS-32358 Fixes the issue where removing blades may fail due to missing WEBUI.cab
Infrastructure
EPS-32137 Resolves an issue where the cpda.exe process may cause high CPU usage when Harmony Endpoint Security is used in a proxy environment but the proxy is not configured.
EPS-32033 Resolves a rare issue where the computer may hang due to an internal data flow synchronization issue.
EPS-32381 Improves time formatting in the Upgrade Postpone window to allow the system to display either a 12 hour/24 hour time format.

Endpoint Security Clients Downloads

Show / Hide this section
Important:
  • Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E85.10 Clients

Platform Package Description Links
Windows
Endpoint Security Clients for Windows OS - Dynamic package (Recommended, with R80.40 and higher):
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and higher.
(EXE)
Initial client:
Initial client is a very thin client without any blade used for software deployment purposes.
(ZIP)
Package Description 32bit 64bit
A package that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
A package that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
Harmony Endpoint package:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)  (ZIP)
Full Disk Encryption and Media Encryption and Port Protection package:
Full Disk Encryption and Media Encryption and Port Protection package.
 (ZIP)  (ZIP)
Threat Prevention package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP) (ZIP)
Package Description Links
Endpoint Security Clients for Windows OS - Full:
A zip file that contains all package permutations listed above (excluding Dynamic package and Initial client)
(ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E85.10 Standalone Clients

Platform Package Description Link
Windows E85.10 Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
E85.10 Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E85.10 Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
E85.10 Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
E85.10 Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads 

Show / Hide this section
Endpoint Security Server Package Link
R81  Endpoint Security Server R81 sk166715
R80.40  Endpoint Security Server R80.40 sk160736
R80.30  Endpoint Security Server R80.30 sk144293

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R81  SmartConsole for Endpoint Security Server R81  sk170116
R80.40  SmartConsole for Endpoint Security Server R80.40  sk165473

Previous Versions

Endpoint Security Server Package Link
R80.30  SmartConsole for Endpoint Security Server R80.30  sk153153
R80.20  SmartConsole for Endpoint Security Server R80.20  sk137593
R77.30.03  SmartConsole for Endpoint Security Server R77.30.03 / E84.20 and higher (EXE)
R77.30  SmartConsole for Endpoint Security Server R77.30 / E84.20 and higher (EXE)
R80.10  SmartConsole for Endpoint Security Server R80.10  sk119612
R77.30 EP6.5  SmartConsole for Endpoint Security Server R77.30 EP6.5 / E84.20 and higher  (EXE)
R77.20 EP6.2 S martConsole for Endpoint Security Server R77.20 EP6.2 / E84.20 and higher (EXE)
Internal note - Above packages includes Recovery Image of version - 86.4.20.12

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows Harmony Endpoint Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the Harmony Endpoint remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

Known Limitations

Show / Hide this section
Issue ID Description
CDOC-1931 In order to use the OneDrive web portal to open protected documents, the user must have a OneDrive synced folder on his machine.
Show / Hide this section      
Document
Endpoint Security Server
R81 Release Notes
Endpoint Security R81 Administration Guide
Endpoint Security Web Management R81 Administration Guide
R80.40 Release Notes
Endpoint Security R80.40 Administration Guide
R80.30 Release Notes 
Endpoint Security R80.30 Administration Guide
Endpoint Security Clients
E80.85 and higher Endpoint Security Client for Windows User Guide
E85.10 Endpoint Security Client for Windows Release Notes (English)
E85.10 Endpoint Security Client for Windows Release Notes (Japanese)
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
Remote Access VPN Clients
E85.10 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal
Capsule Docs Bulk Protection Services
Capsule Docs Bulk Protection Guide

Revision History

Show / Hide this section
Date Description
30 Jun 2021 First release of this document.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment