"Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.
The DHS Compliant Anti-Malware (E2) now fully supports VDI environments.
Media Encryption & Port Protection
Media Encryption and Port Protection blades are now certified for a Citrix VDI environment. For more information, see the Endpoint Security Client for Windows VDI Administration Guide.
"Search And Fetch" Push Operation that allows Security Administrators to search for files on clients and upload them to SFTP sites.
List of Enhancements and Resolved Issues in E86.50 for Windows
Enter a keyword of phrase to filter the below table:
Enhancement: Resolved an issue in the "Reconnect Tool" mechanism, where Harmony Endpoint Client did not reconnect to original working server. This occurred when two (or more) reconnection attempts were done in a short time of 30 minutes.
Endpoint Client enforces the use of TLS 1.2 when it connects to the Endpoint server.
Fixed the CVE-2022-23744 vulnerability.
Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.
Enhancement: Added case-insensitive support for advanced roaming profiles.
Enhancement: "Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.
Enhancement: For Malicious quarantined files, C:\Windows\system32 was removed from the Incident Path. Now the path shows only the filename.
Enhancement: When not in use, the UI does not use high CPU resources.
Enhancement: Redesigned the UI’s Main and Overview pages.
Enhancement: Option to cancel Anti-Malware scan is not available on the first scan.
Enhancement: Passwords in CCS (Common Client Settings) were removed from the UI logs.
If you use a modern UI, then when you try to override the encryption policy, through the “User Check” and click “More Options”, the UI does not display the justification screen and the explorer window stops responding.
Enhancement: Extended the support for Endpoint Client to uninstall existing products during the installation of Endpoint Client.
Enhancement: The DHS compliant package (E2) now support dynamic package.
Enhancement: Resolves a rare issue where the Anti-Malware blade did not update signatures on "Shared Signature Server" computers.
Enhancement: In some scenarios, the Anti-Malware blade can continuously initialize.
Enhancement: Files marked as "infected" by Anti-Malware while in "Detect Mode" are now examined again after changing to "Prevent Mode".
Enhancement: Resolves an issue where Anti-Malware blade's "File Restore" operation is not written to the log.
Compliance blade does not detect E2 Anti-Malware signature updates. Refer to sk179386.
Firewall in standalone VPN client remains enabled regardless of the trac_client_1.ttm file settings.
During upgrade, trac.defaults is not replaced by the file from the installation package (degradation from E86.30).
If the VPN site configuration uses a display name and that name contains spaces, such as ”Check Point site”, then the VPN connection is not established with machine authentication during the Windows pre-logon.
VPN client does not report alerts to SmartConsole if it is not compliant during the SCV check.
Full Disk Encryption
Enhancement: Added additional support for Atos, Siemens Smart Cards.
UPDATE: When changing to “FDE Off mode” an OPAL/SED encrypted drive is now decrypted.
UPDATE: Now when changing from FDE off to FDE on, with "Fast install" selected, a reboot dialog window shows to tell the user a reboot is necessary. Note - Encryption does not start until the computer is rebooted.
Throughout all the encryption phase, the client UI shows "Initializing" and "Encrypting" as only 0%.
Performance impact caused by TE blade when working with files located on a shared network.
Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.
Endpoint client fails to send files to emulation on a Threat Emulation (TE) Appliance that runs engine 59.990001349 or earlier. The issue does not affect emulation performed through ThreatCloud Emulation. Refer to sk180179.