The administrator can now exclude traffic to dynamically located SaaS services from a VPN tunnel in Hub Mode. The Security Gateway fetches the locations of excluded services from Internet feeds. When VPN clients connect to a Security Gateway, the gateway sends the locations of excluded services to propagated VPN clients.
Endpoint Protection Solution for Terminal Servers is now open for all customers in Public Early Availability. See sk176939 for setup.
The user can now add IOCs to his Management Endpoint by specifying hashes, domains, IPs or URLs that should be blocked by the Endpoint. Adding an IOC causes the Endpoint to block this IOC and protects the Endpoint from it.
In a Nutshell
E86.20 Endpoint Security Clients for Windows OS
E86.20 Endpoint Security Clients for Windows OS - Dynamic package
CPDA.EXE crashes at telemetry-sending if ProgramData folder is moved out of C: drive.
When using the "Reconnect Tool" to connect to an already-connected Management Server, the client gets disconnected.
Endpoint Client disconnects from the Management Server when using the Reconnect Tool and the Self Protection prompt is canceled.
Clients are disconnected when certificates are switched to external from the Management Server.
In rare scenarios disconnected Endpoint Clients are mistakenly switched to Connected state (by way of the "Connected" policy) for several minutes.
In the Super Node environment, anti-malware signatures are not distributed correctly.
Enhancement: Options for fdectonrol.exe to override the Autologon hardware check are added. If hardware change(s) are expected and there is a temporary need to keep the AutoLogon enabled, the hardware-check can be overriden via the fdecontrol.exe tool.
Enhancement: The Threat Emulation blade is enhanced to support additional file types. Therefore, it can now protect against many new types of files, thus enhancing the overall Endpoint security.
Enhancement: Upon any detection log, the user can now right-click the log and exclude the detection, which adds an exclusion to the Management Endpoint. The exclusion prevents this detection from taking place. It is a simplified way to automatically create exclusions once false detections are identified in the logs.
Firewall & Application Control
In rare scenarios, the Endpoint Client hangs for a while during VPN policy installation.
Adding a Firewall blade after initial client deployment, while using IPV6 only, disconnects the Endpoint Client from the Management Server.
Media Encryption & Port Protection
When a device is in the middle of the encryption process, it shows a UserCheck message that writing business data is not allowed.
Enhancement: Added support for Installing Media Encryption & Port protection via the msiexec /norestart switch. However, when done from Software deployment, a restart request is still shown.
The initial client has a new user interface that reflects the current status of the client
Forensics blade's name in the overview screen translation is inorrect.
Enhancement: A certificate from the Windows store can now be automatically selected during the first connection using the trac.exe command line utility. If this option is enabled and only one matching certificate in the Windows store exists, trac.exe selects that certificate and connects to VPN automatically.
Usage: trac.exe connect -a true
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with Remote Access Client privileges (CVE-2021-30360 resolution)
The Secure Configuration Verification can now recognize Windows 11. See sk176367 for details on how to configure SCV.
Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.