Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E85.30 macOS Clients Technical Level
Solution
  • New Features and Enhancements
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Utilities/Services Downloads
  • Native Encryption Management Hotfix Downloads
  • Management Console Downloads
  • Known Limitations
  • Documentation and Related SecureKnowledge Articles
  • Revision History

 Endpoint Security Homepage is now available.

Notes:


Click Here to Show the Entire Article

List of New Features and Enhancements in E85.30 for macOS 

Show / Hide this section

New Features

Description
Early Availability support for the Endpoint Security Clients on macOS 12 (Monterey).
Support for Macs with M1 chip.
  • Rosetta 2 translator must be installed.
  • Compliance, AntiMalware, FDE, MediaEncryption and Port Protection blades include universal binaries and can run as native processes on M1 Macs.
  • Apple is gradually introducing new alternatives to kernel extensions, but only in macOS Big Sur and higher. Apple recognizes the kernel extensions as supported kernel extension types. On Apple M1, to allow third-party kernel extensions, the Security Policy needs to be changed to “Reduced Security”. Note that a Managed Mac purchased via Apple business or school manager programs does not require “Reduced Security”. See Change Startup Disk Security Settings and Deployment Reference in macOS.
Software Deployment Early Availability: To ease future Endpoint Security version upgrades, reducing dependency on MDMs and dedicated scripts, Endpoint Management Software Deployment may be used instead. Software Deployment using the Endpoint Management is possible only if the installed Endpoint Security version is E84.70 or higher and the Server version is R81.10 or higher. 
Port Protection (Early Availability): The Port Protection feature for blocking USB, Bluetooth, camera and printer devices, which was included in the Early Availability September 2021 release of E85.30 Endpoint clients for macOS, is now available on the client version only. Starting December 2021, the feature will  become available again for Cloud services running version R81 and above. The feature will also be available for on-premise servers in the future. Additionally, E85.30 GA clients for macOS can enable Port Protection policies by making use of a local configuration file per each Endpoint Client. This is also true for E85.30 GA clients for macOS, which are managed by servers that do not support Port Protection for macOS. Users that configured Port Protection for macOS feature in the Early Availability September 2021 release of E85.30 Endpoint clients for macOS are now required to modify their Port Protection policy in order to continue working with the feature.  This feature is supported in macOS 10.15 and higher. See sk176366 for more details.
Detect mode for Anti-Malware and Anti-Ransomware blades:
  • When in Detect mode, Endpoint Security no longer remediates or quarantines any suspicious application.
  • For Anti-Malware blade Detect mode, see sk169753
Endpoint Security is now notarized. macOS no longer blocks the Endpoint Security Installation Application.
Self-protection is now always enabled, and yet the administrator can turn self-protection on or off. See sk171012.
Media Encryption now supports Time Machine on external media (macOS 11 and higher).
New Remote Access VPN features:
  • Support for the Security Assertion Markup Language (SAML) protocol in user authentications.
  • Support for Smart Cards for user authentication on macOS 10.15 Catalina and higher.
  • Support of fixed MAC addresses for Office Mode IP addresses allocation.
Advanced Threat Prevention blades performance improvements for macOS 11 and higher based on better filtering capabilities introduced as part of Endpoint Security Framework


Enhancements and Resolved Issues

Issue ID Description
EPS-33117 It is now possible to configure Media-Encryption exclusions (for USB).
- “SideCar”, “HandOver” and “Airdrop” are now supported. IPv6 unblock-all is no longer required (sk171972).
EPS-34250  Anti-Malware reports infected, even when files were manually deleted and re-scanned.



Endpoint Security Clients Downloads

Show / Hide this section

Endpoint Security E85.30 Clients for macOS 


 
Platform Package Link
macOS E85.30 Check Point Endpoint Security Client for macOS  (ZIP)
macOS E85.30 Check Point Endpoint Security Client for macOS (without Capsule Docs and Advanced Threat Prevention blades) (ZIP)


Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

E85.30 Standalone Clients for macOS

Platform Package Link
macOS E85.30 Endpoint Security VPN Clients for macOS - Disc Image (DMG) (DMG)
E85.30 Endpoint Security VPN Clients for macOS - Automatic Upgrade package (PKG) (PKG)
E85.30 Endpoint Security VPN Clients for macOS - Signature for automatic upgrade (signature)

Capsule Docs E85.30 Clients

Platform Package Link
macOS E85.30 Capsule Docs Mac Editor (PKG)


Utilities/Services Downloads

Show / Hide this section

Media Encryption Offline Access Tool E85.30 for macOS

Platform Package Link
macOS E85.30 Media Encryption Offline Access Tool (DMG)


Native Encryption Management Hotfix Downloads

Show / Hide this section
If you want to use the new Native Encryption Management, download the relevant hotfix.

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

The packages provided below are Legacy CLI packages (not CPUSE packages).
 

Endpoint Security Server Package Link
R77.30.03 R77.30.03 Server Hotfix for Native Encryption Management  (TGZ)
R77.20 EP6.2 R77.20 EP6.2 Server Hotfix for Native Encryption Management  (TGZ)
Important: The Native Encryption Management Hotfix is integrated into R80.20


Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Endpoint Security Server Package Link
R81.10 SmartConsole for Endpoint Security Server R81.10 sk175188
R81 SmartConsole for Endpoint Security Server R81 sk170116
R80.40 SmartConsole for Endpoint Security Server R80.40 sk165473
R80.30 SmartConsole for Endpoint Security Server R80.30 sk153153
R80.20 SmartConsole for Endpoint Security Server R80.20 sk137593
R77.30.03 SmartConsole for Endpoint Security Server R77.30.03 / E80.89 (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E80.89 (EXE)


Known Limitations

Show / Hide this section
Issue ID Description
- When Endpoint Security Client is installed on a M1 Mac, an upgrade from macOS 11.2 (or earlier) to macOS 11.3 requires an additional reboot to start the Endpoint Security Client.
ESVPN-2727   ESVPN-2699   Some DNS queries fail after waking up from sleep mode on macOS BigSur with Remote Access VPN clients. See sk176383.


Documentation and Related SecureKnowledge Articles

Show / Hide this section
Document
E85.30 Endpoint Security Client for Mac
E85.30 Endpoint Security Client for macOS Release Notes
Remote Access VPN Clients
E85.30 Endpoint Security VPN Clients for macOS Release Notes
E80.71 and higher Endpoint Security VPN for Mac Administration Guide
Other
MDM Deployment Guide

For more information on Check Point releases, see: Maintrain Release map, Maintrain Upgrade map, Maintrain Backward Compatibility map, Maintrain Releases plan.

You can also visit our Endpoint forum, Remote Access forum, Capsule Docs forum, or any other CHECKMATES forum to ask questions and get answers from technical peers and Support experts.


Revision History

Show / Hide this section
Date Description
16 Nov 2021 GA release of this document
26 Sep 2021 EA release of this document

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment