Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E86.50 Windows Clients Technical Level
Solution
  • In a Nutshell
  • New Features
  • Enhancements and Resolved Issues
  • Endpoint Security Client Downloads
  • Standalone Client Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Documentation & Related SecureKnowledge Articles

Notes:

  • See Endpoint Security Homepage.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting from E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. See sk129753.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.

Click Here to Show the Entire Article

In a Nutshell

Item Description Download Link
Managed Client E86.50 Endpoint Security Clients for Windows OS (ZIP)
E86.50 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E86.50 Remote Access Clients for Windows (MSI)
Capsule Docs E86.50 Capsule Docs Standalone Client (EXE)
Documentation E86.50 Endpoint Security Client for Windows Release Notes
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

List of New Features in E86.50 for Windows

Show / Hide this section

ID Description
Anti-Ransomware
AHTP-24319 "Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.
Threat Emulation
AHTP-24249 The DHS Compliant Anti-Malware (E2) now fully supports VDI environments.
Media Encryption & Port Protection
EPS-39315 Media Encryption and Port Protection blades are now certified for a Citrix VDI environment. For more information, see the Endpoint Security Client for Windows VDI Administration Guide.
General
EPS-37100 "Search And Fetch" Push Operation that allows Security Administrators to search for files on clients and upload them to SFTP sites.


List of Enhancements and Resolved Issues in E86.50 for Windows 

Show / Hide this section
Enter a keyword of phrase to filter the below table:

ID Description
General
EPS-38263 Enhancement: Resolved an issue in the "Reconnect Tool" mechanism, where Harmony Endpoint Client did not reconnect to original working server. This occurred when two (or more) reconnection attempts were done in a short time of 30 minutes.
EPS-41563 Endpoint Client enforces the use of TLS 1.2 when it connects to the Endpoint server.
EPS-43789 Fixed the CVE-2022-23744 vulnerability.
Forensics
AHTP-24628 Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.
Anti-Ransomware
EPS-39988 Enhancement: Added case-insensitive support for advanced roaming profiles.
AHTP-24319 Enhancement: "Block BitLocker Encryption" is now on by default, which blocks any BitLocker encryption to prevent attackers from the use of BitLocker to encrypt the disk. For new encryption with BitLocker, it is necessary to turn off "Block BitLocker Encryption" in the Anti-Ransomware policy and turn it on after encryption is done.
User Interface
AHTP-24479 Enhancement: For Malicious quarantined files, C:\Windows\system32 was removed from the Incident Path. Now the path shows only the filename.
EPS-42513 Enhancement: When not in use, the UI does not use high CPU resources.
EPS-41560 Enhancement: Redesigned the UI’s Main and Overview pages.
EPS-33801 Enhancement: Option to cancel Anti-Malware scan is not available on the first scan.
EPS-42157 Enhancement: Passwords in CCS (Common Client Settings) were removed from the UI logs.
EPS-42631 If you use a modern UI, then when you try to override the encryption policy, through the “User Check” and click “More Options”, the UI does not display the justification screen and the explorer window stops responding.
Installation
EPS-42133 Enhancement: Extended the support for Endpoint Client to uninstall existing products during the installation of Endpoint Client.
Anti-Malware
EPS-39159 Enhancement: Resolves a rare issue where the Anti-Malware blade did not update signatures on "Shared Signature Server" computers.
EPS-40974 Enhancement: In some scenarios, the Anti-Malware blade can continuously initialize.
EPS-41127 Enhancement: Files marked as "infected" by Anti-Malware while in "Detect Mode" are now examined again after changing to "Prevent Mode".
EPS-40743 Enhancement: Added support to download Anti-Malware signatures from "External Check Point signature server" through HTTPS protocol.
EPS-41839 Enhancement: Resolves an issue where Anti-Malware blade's "File Restore" operation is not written to the log.
VPN
ESVPN-2925 Firewall in standalone VPN client remains enabled regardless of the trac_client_1.ttm file settings.
ESVPN-3299 During upgrade, trac.defaults is not replaced by the file from the installation package (degradation from E86.30).
ESVPN-3297 If the VPN site configuration uses a display name and that name contains spaces, such as ”Check Point site”, then the VPN connection is not established with machine authentication during the Windows pre-logon.
ESVPN-3317 VPN client does not report alerts to SmartConsole if it is not compliant during the SCV check.
Full Disk Encryption
EPS-37933 Enhancement: Added additional support for Atos, Siemens Smart Cards.
EPS-40935 UPDATE: When changing to “FDE Off mode” an OPAL/SED encrypted drive is now decrypted.
EPS-40443 UPDATE: Now when changing from FDE off to FDE on, with "Fast install" selected, a reboot dialog window shows to tell the user a reboot is necessary. Note - Encryption does not start until the computer is rebooted.
EPS-43416 Throughout all the encryption phase, the client UI shows "Initializing" and "Encrypting" as only 0%. 
Threat Emulation
EPS-44181 Performance impact caused by TE blade when working with files located on a shared network.


Endpoint Security Client Downloads

Show / Hide this section
  • Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E86.50 Clients

Package Description Links
Endpoint Security Clients for Windows OS - Dynamic package (Recommended, with R80.40 and higher):
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.50 and higher.
(EXE)
Initial client:
Initial client is a very thin client without any blade used for software deployment purposes.
(ZIP)
Package Description 32bit 64bit
A package that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
A package that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
Harmony Endpoint package:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)  (ZIP)
Full Disk Encryption and Media Encryption and Port Protection package:
Full Disk Encryption and Media Encryption and Port Protection package.
 (ZIP)  (ZIP)
Threat Prevention package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP) (ZIP)
Package Description Links
Endpoint Security Clients for Windows OS - Full:
A zip file that contains all package permutations listed above (excluding Dynamic package and Initial client)
(ZIP)


Standalone Client Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Endpoint Security E86.50 Clients

Package Description Link
Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
Remote Access VPN Clients
(Automatic Upgrade file)
Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
Remote Access VPN Clients for ATM
(Automatic Upgrade file)
Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from:
Capsule Docs Portal


Endpoint Security Server Downloads 

Show / Hide this section
Endpoint Security Server Package Link
R81.10  Endpoint Security Server R81.10 sk170416
R81  Endpoint Security Server R81 sk166715
R80.40  Endpoint Security Server R80.40 sk160736
R80.30  Endpoint Security Server R80.30 sk144293


Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R81.10  SmartConsole for Endpoint Security Server R81.10 sk175188
R81  SmartConsole for Endpoint Security Server R81 sk170116
R80.40  SmartConsole for Endpoint Security Server R80.40  sk165473

Previous Versions

Endpoint Security Server Package Link
R80.30  SmartConsole for Endpoint Security Server R80.30 sk153153
R80.20  SmartConsole for Endpoint Security Server R80.20 sk137593
R77.30.03  SmartConsole for Endpoint Security Server R77.30.03 / E86.30 and higher (EXE)
R77.30  SmartConsole for Endpoint Security Server R77.30 / E86.30 and higher (EXE)
R80.10  SmartConsole for Endpoint Security Server R80.10 sk119612
R77.30 EP6.5  SmartConsole for Endpoint Security Server R77.30 EP6.5 / E86.30 and higher  (EXE)
R77.20 EP6.2  SmartConsole for Endpoint Security Server R77.20 EP6.2 / E86.30 and higher (EXE)
Note: The above packages include the Recovery Image of version 86.8.62.6


Utilities/Services Downloads

Show / Hide this section
Utilities

Package Description Link
Harmony Endpoint Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine.
  • Delete - Use the Harmony Endpoint remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based
Servers and Workstations
Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Package Description Link
Full Disk Encryption Offline
Management Tool
The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)


Documentation & Related SecureKnowledge Articles

Show / Hide this section
Endpoint Security Server
  R81.10 Release Notes
  Harmony Endpoint Server R81.10 Administration Guide
  Harmony Endpoint Web Management R81.10 Administration Guide
  R81 Release Notes
  Harmony Endpoint Server R81 Administration Guide
  Harmony Endpoint Web Management R81 Administration Guide
  R80.40 Release Notes
  Endpoint Security R80.40 Administration Guide
  R80.30 Release Notes
  Endpoint Security R80.30 Administration Guide
  Endpoint Security Server Supported Upgrade Paths
Endpoint Security Clients
  Endpoint Security Client for Windows User Guide
  Endpoint Security Client for Windows E86.50 Release Notes
  Video: How to deploy and upgrade Endpoint Security Client?
  Enterprise Endpoint Security Windows Client for ATM
  How to upgrade to Windows 10 1607 and above with FDE in-place
  Endpoint Security Server versions and supported Endpoint Security Client versions
  Endpoint Security Client Supported Upgrade Paths
Remote Access VPN Clients
  Remote Access Clients for Windows E86.50 Release Notes
  Remote Access Clients for Windows Administration Guide
Capsule Docs Client
  Capsule Docs Plugin E80.72 and Higher
  Check Point Capsule Docs Viewer User Guide - get from: Capsule Docs Portal

For more information on Check Point Maintrain releases, see: Release map, Upgrade map, Backward Compatibility map, Releases Terminology.

You can also visit our Endpoint forum, Remote Access forum, Capsule Docs forum, or any other CHECKMATES forum to ask questions and get answers from technical peers and Support experts.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment