To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
Starting from E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. See sk129753.
Harmony Endpoint Static Detection Engines have moved to monitor the access to the file, and not only the creation of the file. By that, Harmony Endpoint scans the file when any process attempts to open the file for any purpose. Harmony Endpoint will block the file from being accessed before its inspection, assuring the endpoint is much more secured.
EPS-31756
Users can now execute PowerShell scripts on client computers using Push operations. Refer to sk173414.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-23199
Behavioral Guard has a new active behavioral security technology that attempts to find zero-day local privilege escalation (LPE) attempts. The primary focus of this technology is to identify kernel exploits utilized for LPE.
AHTP-23200
Media Encryption events (including a new device addition and copying a file from an external device) are now sent to Threat Hunting.
In a Nutshell
Item
Description
Download Link
Managed Client
E85.30 Endpoint Security Clients for Windows OS
(ZIP)
E85.30 Endpoint Security Clients for Windows OS - Dynamic package
Enhancement: Allow uninstalling of Media Encryption blade during an upgrade.
EPS-33911
Enhancement: The installation of EPS.msi that is manually extracted from the dynamic package is now blocked.
EPS-33296
The Harmony Client may crash during the repair operation because of inconsistent redistributable libraries.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-23203
Enhancement: Improved the AMSI analysis performance.
AHTP-23198
Enhancement: Improved Performance of Forensics by enhancing the dynamic exclusions.
AHTP-23158
Enhancement: Improved the performance and capabilities of the DLL hijacking detector in Behavioral Guard.
EPS-34276
Enhancement: Improved performance of Behavioral Guard scripts processing to make the same script not re-evaluated until a new version of signatures is available.
AHTP-23175
Enhancement: Removed Honey Pots that can be duplicated multiple times in a Terminal Server environment.
AHTP-23133
Disabled the Microsoft Outlook email sensor add-in for versions older than 2010. Previously the sensor was enabled but was not functioning.
EPS-33944
The dbgxshell process may hang due to a Forensic sensor.
Threat Emulation
AHTP-20982
Enhancement: Threat Emulation blade does not create copies of the inspected files while inspecting them. Instead, it uses the original file during the inspection process. This improves the Harmony Endpoint performance and the overall security of the endpoint.
AHTP-21868
Enhancement: Harmony Browse Static Analysis model updates will not require a service restart. Whenever there is a need to update a static-analysis mode, the service will continue running, keeping the endpoint secured during the entire update process.
Anti-Malware
EPS-33565
The Anti-Malware blade may attempt to update signatures while the signatures update process is already running.
EPS-33846
The initial signature update may not start after Clean install.
EPS-33781
The Anti-Malware engine may prevent malware, although operating in "Detect Mode".
Media Encryption
EPS-33884
Access to Business Data Tool (Offline Access Utility) fails when using the NTFS and exFAT filesystems for encrypted media.
UI
EPS-32076
The CCS policy state may show policy as disconnected although we only check for the connected policy.
Infrastructure
EPS-33678
Enhancement: Location Awareness can be used with inner sources that respond to HTTP and HTTPS.
EPS-33756
Push Operations may fail when a very large payload is used.
Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and higher.
Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only.
(CAB)
E85.30 Capsule Docs Standalone Client
Capsule Docs package for environments that are managed by Capsule Docs Cloud Service.
(EXE)
Capsule Docs PC Viewer
Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs.
The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.
