Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E86.20 Windows Clients Technical Level
Solution
  • New Features
  • In a Nutshell
  • Resolved Issues and Enhancements
  • Endpoint Security Clients Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Documentation and Related SecureKnowledge Articles

Notes:

  • See Endpoint Security Homepage.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting from E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. See sk129753.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.

Click Here to Show the Entire Article

List of New Features in E86.20

Show / Hide this section

ID Description
General
ESVPN-2749 The administrator can now exclude traffic to dynamically located SaaS services from a VPN tunnel in Hub Mode. The Security Gateway fetches the locations of excluded services from Internet feeds. When VPN clients connect to a Security Gateway, the gateway sends the locations of excluded services to propagated VPN clients.

This feature requires R81.20 installed on the Security Gateway. Contact Check Point Support for more details.
EPS-38184 Endpoint Protection Solution for Terminal Servers is now open for all customers in Public Early Availability. See sk176939 for setup.
IOC Management
AHTP-23676 The user can now add IOCs to his Management Endpoint by specifying hashes, domains, IPs or URLs that should be blocked by the Endpoint. Adding an IOC causes the Endpoint to block this IOC and protects the Endpoint from it.


In a Nutshell

Item Description Download Link
Managed Client E86.20 Endpoint Security Clients for Windows OS (ZIP)
E86.20 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E86.20 Remote Access Clients for Windows (MSI)
Capsule Docs E86.20 Capsule Docs Standalone Client (EXE)
Documentation E86.20 Endpoint Security Client for Windows Release Notes (English)
E86.20 Endpoint Security Client for Windows Release Notes (Japanese)
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

List of Resolved Issues and Enhancements in E86.20

Show / Hide this section

Enter the string to filter the below table:

ID Description
General
EPS-37545 CPDA.EXE crashes at telemetry-sending if ProgramData folder is moved out of C: drive.
EPS-37336 When using the "Reconnect Tool" to connect to an already-connected Management Server, the client gets disconnected.
EPS-37550 Endpoint Client disconnects from the Management Server when using the Reconnect Tool and the Self Protection prompt is canceled.
EPS-37445 Clients are disconnected when certificates are switched to external from the Management Server.
EPS-36653 In rare scenarios disconnected Endpoint Clients are mistakenly switched to Connected state (by way of the "Connected" policy) for several minutes.
Anti-Malware
EPS-37711 In the Super Node environment, anti-malware signatures are not distributed correctly.
FDE
EPS-35952 Enhancement: Options for fdectonrol.exe to override the Autologon hardware check are added. If hardware change(s) are expected and there is a temporary need to keep the AutoLogon enabled, the hardware-check can be overriden via the fdecontrol.exe tool.
Threat Emulation
AHTP-23593 Enhancement: The Threat Emulation blade is enhanced to support additional file types. Therefore, it can now protect against many new types of files, thus enhancing the overall Endpoint security.
AHTP-23679 Enhancement: Upon any detection log, the user can now right-click the log and exclude the detection, which adds an exclusion to the Management Endpoint. The exclusion prevents this detection from taking place. It is a simplified way to automatically create exclusions once false detections are identified in the logs.
Firewall & Application Control
EPS-37192 In rare scenarios, the Endpoint Client hangs for a while during VPN policy installation.
EPS-32786 Adding a Firewall blade after initial client deployment, while using IPV6 only, disconnects the Endpoint Client from the Management Server.
Media Encryption & Port Protection
EPS-37418 When a device is in the middle of the encryption process, it shows a UserCheck message that writing business data is not allowed.
EPS-36579 Enhancement: Added support for Installing Media Encryption & Port protection via the msiexec /norestart switch. However, when done from Software deployment, a restart request is still shown.
User Interface
EPS-34614 The initial client has a new user interface that reflects the current status of the client
EPS-37522 Forensics blade's name in the overview screen translation is inorrect.
VPN
ESVPN-3084 Enhancement: A certificate from the Windows store can now be automatically selected during the first connection using the trac.exe command line utility. If this option is enabled and only one matching certificate in the Windows store exists, trac.exe selects that certificate and connects to VPN automatically. 

Usage: trac.exe connect -a true
ESVPN-3119 Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with Remote Access Client privileges (CVE-2021-30360 resolution)
ESVPN-3044 The Secure Configuration Verification can now recognize Windows 11. See sk176367 for details on how to configure SCV.


Endpoint Security Clients Downloads

Show / Hide this section
Important:
  • Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E86.20 Clients

Platform Package Description Links
Windows
Endpoint Security Clients for Windows OS - Dynamic package (Recommended, with R80.40 and higher):
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.40 and higher.
(EXE)
Initial client:
Initial client is a very thin client without any blade used for software deployment purposes.
(ZIP)
Package Description 32bit 64bit
A package that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
A package that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
Harmony Endpoint package:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)  (ZIP)
Full Disk Encryption and Media Encryption and Port Protection package:
Full Disk Encryption and Media Encryption and Port Protection package.
 (ZIP)  (ZIP)
Threat Prevention package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP) (ZIP)
Package Description Links
Endpoint Security Clients for Windows OS - Full:
A zip file that contains all package permutations listed above (excluding Dynamic package and Initial client)
(ZIP)

Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Endpoint Security E86.20 Clients

Platform Package Description Link
Windows Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
Remote Access VPN Clients - Automatic Upgrade file Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
Remote Access VPN Clients for ATM - Automatic Upgrade file Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from: Capsule Docs Portal

Endpoint Security Server Downloads 

Show / Hide this section
Endpoint Security Server Package Link
R81.10 Endpoint Security Server R81.10 sk170416
R81  Endpoint Security Server R81 sk166715
R80.40  Endpoint Security Server R80.40 sk160736
R80.30  Endpoint Security Server R80.30 sk144293

Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R81.10 SmartConsole for Endpoint Security Server R81.10  sk175188
R81  SmartConsole for Endpoint Security Server R81  sk170116
R80.40  SmartConsole for Endpoint Security Server R80.40  sk165473

Previous Versions

Endpoint Security Server Package Link
R80.30  SmartConsole for Endpoint Security Server R80.30 sk153153
R80.20  SmartConsole for Endpoint Security Server R80.20 sk137593
R77.30.03  SmartConsole for Endpoint Security Server R77.30.03 / E86.20 and higher (EXE)
R77.30  SmartConsole for Endpoint Security Server R77.30 / E86.20 and higher (EXE)
R80.10  SmartConsole for Endpoint Security Server R80.10 sk119612
R77.30 EP6.5  SmartConsole for Endpoint Security Server R77.30 EP6.5 / E86.20 and higher  (EXE)
R77.20 EP6.2 SmartConsole for Endpoint Security Server R77.20 EP6.2 / E86.20 and higher (EXE)
Note: The above packages include the Recovery Image of version 86.8.62.6

Utilities/Services Downloads

Show / Hide this section
Utilities

Platform Package Description Link
Windows Harmony Endpoint Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine. 
  • Delete - Use the Harmony Endpoint remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Platform Package Description Link
Windows Full Disk Encryption Offline Management Tool The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)
Windows Full Disk Encryption Offline Management Tool (Japanese) The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)

Show / Hide this section
Document
Endpoint Security Server
R81.10 Release Notes
Endpoint Security R81.10 Administration Guide
Endpoint Security Web Management R81.10 Administration Guide
R81 Release Notes
Endpoint Security R81 Administration Guide
Endpoint Security Web Management R81 Administration Guide
R80.40 Release Notes
Endpoint Security R80.40 Administration Guide
R80.30 Release Notes 
Endpoint Security R80.30 Administration Guide
Endpoint Security Clients
Endpoint Security Client for Windows User Guide (English)
Endpoint Security Client for Windows User Guide (Japanese)
E86.20 Endpoint Security Client for Windows Release Notes (English)
E86.20 Endpoint Security Client for Windows Release Notes (Japanese)
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
Remote Access VPN Clients
E86.20 Remote Access Clients for Windows Release Notes
E80.72 and higher Remote Access Clients for Windows Administration Guide
Capsule Docs Client
E80.72 and higher Capsule Docs Plugin User Guide
Check Point Capsule Docs Viewer User Guide: Get from: Capsule Docs Portal

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment