Support Center > Search Results > SecureKnowledge Details
Replacing Kaspersky Anti-Malware Blade in Harmony Endpoint with a Department of Homeland Security (DHS) Compliant Anti-Malware Blade Technical Level
Solution

Introduction

Some versions of Check Point Harmony Endpoint for Windows use the Kaspersky Anti-Malware blade for static file analysis.

Check Point also offers a version of Harmony Endpoint that does not include the the Kaspersky Anti-Malware blade.

You can replace Harmony Endpoint with the Kaspersky Anti-Malware blade with a version that uses a Department of Homeland Security (DHS) compliant Anti-Malware blade.

For known limitations, click here.

Note - Replacing a DHS compliant Anti-Malware blade with a non-DHS compliant Anti-Malware blade is not supported.


Licensing Requirements

Replacing the Kaspersky Anti-Malware blade with a DHS compliant Anti-Malware blade does not require new licenses. However, the DHS compliant Anti-Malware blade requires all the Harmony Endpoint Threat Prevention blades except the Anti-Bot and URL Filtering blades (optional). You must purchase the license for the required blades.


How to verify whether the client is DHS compliant or not?

To verify, check whether the Check Point Endpoint Security Anti-Malware process is running in the Task Manager. If yes, then the Kaspersky Anti-Malware blade is installed. Otherwise, a DHS compliant Anti-Malware blade is installed. After the replacement, you can disable the Threat Prevention blades that you do not require through the Threat Prevention policy.

How to upgrade Endpoint client from E1 to E2:

Procedure

For on-premises deployments

Important - Before you proceed with the procedure, set your primary signature source to Local Endpoint Servers, and your fallback signature source to Check Point External Signature Source. For more information, see Web & Files Protection in the Harmony Endpoint Administration Guide.
  1. Download the DHS package and upload it to the on-premises Management Server:

    Version Package Full Version Download
    E86.60 E86.60 E2 - Complete Endpoint Security Client for 32 bit systems - Windows OS E86.60.0186 ZIP file
    E86.60 E2 - Complete Endpoint Security Client for 64 bit systems - Windows OS ZIP file
    E86.60 E2 - Initial client ZIP
    file
    E86.50 E86.50 E2 - Complete Endpoint Security Client for 32 bit systems - Windows OS E86.50.0191 ZIP file
    E86.50 E2 - Complete Endpoint Security Client for 64 bit systems - Windows OS ZIP file
    E86.50 E2 - Initial client ZIP
    file
    E86.40 E86.40 E2 - Complete Endpoint Security Client for 32 bit systems - Windows OS E86.40.0170 ZIP file
    E86.40 E2 - Complete Endpoint Security Client for 64 bit systems - Windows OS ZIP file
    E86.40 E2 - Initial client ZIP
    file
    E86.30 E86.30 E2 - Complete Endpoint Security Client for 32 bit systems - Windows OS E86.30.0151 ZIP file
    E86.30 E2 - Complete Endpoint Security Client for 64 bit systems - Windows OS ZIP file
    E86.30 E2 - Initial client ZIP
    file
    E86.26 E86.26 E2 - Complete Endpoint Security Client for 32 bit systems - Windows OS E86.26.6009 ZIP file
    E86.26 E2 - Complete Endpoint Security Client for 64 bit systems - Windows OS ZIP
    file
    E86.26 E2 - Initial client ZIP file
    E86.25 E86.25 E2 - Complete Endpoint Security Client for 32 bit systems - Windows OS E86.25.5061 ZIP file
    E86.25 E2 - Complete Endpoint Security Client for 64 bit systems - Windows OS ZIP
    file
    E86.25 E2 - Initial client ZIP
    file
  2. To completely remove all the Kaspersky components from your server:

    If Then

    You have upgraded your server
    at least once

    1. Download the KAV_removal.sh script from here.
    2. Transfer the KAV_removal.sh script to the Endpoint Manager Server. For example, use FileZilla or WinSCP to transfer the file.
    3. Connect to the Endpoint Manager Server over SSH.
    4. Before you execute the script, update its permission by running the chmod 777 KAV_removal.sh command.
    5. Execute the KAV_removal.sh script.
    6. Run the uepm_stop && uepm_start command and restart any open Smart Endpoint instances or restart the Endpoint Management Server.
    If it is a fresh install or a server
    that was never upgraded
    1. In the Gaia portal, scroll down to Upgrades (CPUSE) and click Status & Actions
    2. On the toolbar, click Showing all packages.
    3. Right-click the package with the name KAV, and click Uninstall.
    4. Right-click the package again and click Delete from disk.
  3. For Management Servers running a version lower than R80.40, do one of these:

    • Upgrade the Management Server, including the connection points and High-Availability (HA) servers to R80.40 or higher and apply the patch from sk178413.

    • Obtain signature updates only from internet by changing the policy signature source to Check Point External Signature Source. For more information, see Web & Files Protection in the Harmony Endpoint Administration Guide.

  4. Upgrade the Endpoint Security Client to the relevant Build that supports the DHS compliant Anti-Malware blade (see the Full Version column in the first table above). For more information, see Deploying Endpoint Security Clients > Automatic Deployment Using Deployment Rules > Deploying the Endpoint Security Package with Deployment Rules in the Endpoint Security R80.40 Administration Guide.

  5. Delete the existing client package on the Management Server using SmartEndpoint.


For cloud deployments

  1. In the Infinity Portal > Harmony Endpoint administration portal, click Endpoint Settings > Policy Operation Mode.

  2. Scroll down and click To switch to a DHS compliant version, raise a request. The system sends a confirmation email when the tenant successfully migrates to a DHS compliant Anti-Malware blade.

  3. Upgrade the Endpoint Security Client to the relevant Build that supports the DHS compliant Anti-Malware blade (see the Full Version column in the first table above). For more information, see Deploying Endpoint Clients > Automatic Deployment of Endpoint Clients > Deployment Rules in the Harmony Endpoint Administration Guide.


For ATM deployments

  • Use this command line with the EPS.msi file: msiexec.exe /i EPS.msi /ISATM=1


Known Limitations

You cannot revert to the Kaspersky Anti-Malware blade. To revert, contact Check Point Support.
The DHS compliant client requires all Harmony Endpoint Threat Prevention blades, except Anti-Bot and URL Filtering, which are optional.
You cannot install both the DHS compliant Anti-Malware blade and Kaspersky Anti-Malware blade on the client. After you install the Harmony Endpoint client with the DHS compliant Anti-Malware blade, there is no indication of its type. To verify the blade installed, check whether the Check Point Endpoint Security Anti-Malware process is running in the Task Manager. If yes, then the Kaspersky Anti-Malware blade is installed. Otherwise, a DHS compliant blade is installed.
Starting from E86.50, the new client UI shows a DHS compliant icon on the Anti-malware blade panel (see sk178346: Changing the Endpoint Client User Interface for changing to the new UI).
In all versions older than E80.40, obtaining signature updates through the Management Server is not supported and updates may be obtained only through the Internet. In versions R80.40 and above, support for both local signature & external updates is available. For R80.40 you may install hotfix available in sk178413 or the latest Jumbo Hotfix which includes this hotfix. For R81 and above no additional hotfix is required.
For on-premises deployments, you can upload and export a package only through Smart Endpoint.
Starting from E86.50, it is possible to export E2 packages also from the web UI.
Servers upgraded to a DHS complaint Anti-Malware blade may still contain residue files related to Kaspersky. If you delete these residue files, the snapshot might get corrupted and you will not be able to revert.
After you replace the Kaspersky Anti-Malware blade with a DHS compliant Anti-Malware blade, the system automatically restarts the computers on which the Endpoint Security client is installed. 
These features are not supported for Endpoint versions prior to E86.50:
  • Super-Node
  • Citrix PVS and VMware Horizon Virtual Desktop Infrastructure (VDI)
  • Microsoft Terminal Server
  • Right-click and exclude a log in the Smart View
  • Dynamic package (.exe)

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment