Support Center > Search Results > SecureKnowledge Details
Enterprise Endpoint Security E86.60 Windows Clients Technical Level
Solution
  • In a Nutshell
  • New Features
  • Enhancements and Resolved Issues
  • Endpoint Security Client Downloads
  • Standalone Clients Downloads
  • Endpoint Security Server Downloads
  • Management Console Downloads
  • Utilities/Services Downloads
  • Known Limitations
  • Documentation & Related SecureKnowledge Articles

Notes:

  • See Endpoint Security Homepage.
  • If you use Endpoint Security Client for Threat Emulation on an appliance (not through ThreatCloud Emulation), refer to sk180179.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
  • Starting from E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. See sk129753.
  • This release includes all limitations of earlier releases unless explicitly shown as resolved.

Click Here to Show the Entire Article

In a Nutshell

Item Description Download Link
Managed Client E86.60 Endpoint Security Clients for Windows OS (ZIP)
E86.60 Endpoint Security Clients for Windows OS - Dynamic package (EXE)
VPN Standalone Client E86.61 Remote Access Clients for Windows (MSI)
Capsule Docs E86.60 Capsule Docs Standalone Client (EXE)
Documentation E86.60 Endpoint Security Client for Windows Release Notes
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?

List of New Features in E86.60 for Windows

Show / Hide this section

ID Description
Anti-Ransomware
AHTP-25171 Endpoint Client now blocks against more encryption programs that may be used to encrypt a drive as part of a Ransomware attack. Programs that are used for legitimate purposes can be allowed by excluding the encryptor's signature. The feature is controlled by the "Block Bitlocker Encryption" option in the Endpoint management.
EPS-43864 The new UI is now configured as the default UI for the Endpoint Security Client.


List of Enhancements and Resolved Issues in E86.60 for Windows 

Show / Hide this section
Enter a keyword of phrase to filter the below table:

ID Description
Compliance
EPS-44683 A rare issue where the Compliance blade stops working when Log4J vulnerability mitigation is enabled.
EPS-44682 The Compliance blade displays redundant user checks.
EPS-44826 The Compliance blade stops running during internal log operations.
VPN
ESVPN-3347 Enhancement: Stability and performance improvements in the Virtual Network Adapter driver.
ESVPN-3410 Enhancement:
No connection error in VPN client for Windows when:
  • The site contains several gateways in Multiple Entry Point (MEP) mode.
  • Those gateways have SAML login options with different "Name" values but the same "Display Name" values.
ESVPN-2581 Enhancement: Added support for Advanced Encryption Standard New Instructions. AES-NI is a set of CPU instructions to improve the speed of traffic encryption and decryption with Advanced Encryption Standard (AES) cryptographic algorithms. VPN client for Windows uses AES-NI automatically if the CPU supports it.
ESVPN-3295 Check Point Endpoint Security VPN constantly consumes more than 30% of CPU when the VPN is not connected. A reboot does not fix the issue.
ESVPN-3103 Enhancement: Added option to define a time when to show the re-authentication window. Refer to sk75221 for more details about the reauth_grace_period parameter. The value can be set in the trac.defaults configuration file on the client-side and, or in the trac_client_1.ttm configuration file on the Security Gateway.
ESVPN-3355 SecuRemote VPN client for Windows shows the warning "No security policy is configured" when Desktop Policy is defined.
ESVPN-3436 To mitigate the potential for local privilege elevation, starting in E86.60 the VPN client for Windows will always install into the standard Windows folder for 32-bit applications (by default "C:\Program Files (x86)").
For organizations where the VPN client still should be installed in the non-default folder, an administrator can use the MSI parameter "INSTALLDIR”:
"CheckPointVPN.msi INSTALLDIR="C:\MyOrgApplications"
ESVPN-3419 To mitigate the potential to disable VPN functionality, Endpoint Security VPN Client for Windows protects relevant registry keys from modification.
Full Disk Encryption
EPS-39000 Enhancement: Check Point FDE now supports shrinking encrypted volumes.
EPS-43860 An issue in the deployment phase where enabling fast initial encryption through policy could not be undone.
EPS-43138 A pre-boot keyboard issue with Dell XPS 13 9300. 
EPS-43051 Added support to FDE rescan. Now when dynamic encryption is enabled, encryption automatically starts when new volumes or disks are added.
User Interface
EPS-43429 Enhancement: In the new UI, it is now possible to click on the blade's icon in the main page tiles to navigate to the blade's page.
EPS-43901 Enhancement: In the new UI, the VPN reauthentication button now shows on the VPN blade's page and the tray icon menu.
EPS-44023 Enhancement: When hovered over, the tray lock icon in the new UI now updates to the correct status.
EPS-43943 Enhancement: Added Ukrainian language support to the legacy and new UI.
EPS-41025 Enhancement: The logo was updated in the legacy UI.
Infrastructure
EPS-34852 Enhancement: Endpoint Client now supports communication with the  Endpoint Server through an authenticated proxy when the proxy username and password are received through policy.
EPS-44539 During version upgrade on 32bit Win7 machines, get the blue screen of death (BSOD).
Endpoint Client Watchdog
EPS-43264 Improvements in performances of Endpoint Client Watchdog.
Installation
EPS-30855 In a rare scenario, the Endpoint upgrade procedure stops, which results in no network connectivity.
EPS-44770 If these two things are done at the same time:
  • The Media encryption blade from the deployment rule is removed
  • Upgraded to a higher version
The upgrade fails in installed versions earlier than 86.20. The workaround is to first upgrade to a higher version and then remove the Media encryption blade from the deployment rule
Anti-Malware
EPS-38948 While the user tries to cancel a scan, the Anti-Malware blade stops responding.
AHTP-24967 Enhancement: When malware shows in the Endpoint Client Anti-Malware (E2) detection logs, the user can now right-click the log and exclude the detection, which adds an exclusion to the management. This exclusion prevents the detection from taking place. It is a simplified procedure to automatically create exclusions when incorrect detections are identified in the logs.
EPS-42487 In a rare scenario, after an upgrade when machine is disconnected from the Internet, the Security Gateway and Anti-Malware blade do not perform as expected.
Anti-Ransomware
AHTP-25171
 
Enhancement: Endpoint Client now blocks against more encryption programs that may be used to encrypt a drive as part of a Ransomware attack. Programs that are used for legitimate purposes can be allowed by excluding the encryptor's signature. The feature is controlled by the "Block Bitlocker Encryption" option in the Endpoint management.


Endpoint Security Client Downloads

Show / Hide this section
  • Starting from E80.85, Harmony Endpoint improves coverage of malicious threats by sending anonymized Incident related data to the Check Point Threat Cloud. This feature is turned on by default. For more information, including how to disable this feature, refer to sk129753.
  • To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Endpoint Security E86.60 Clients

Package Description Links
Endpoint Security Clients for Windows OS - Dynamic package (Recommended, with R80.40 and higher):
Complete Endpoint Security Client for any CPU (32bit or 64bit). This is a self-extracting executable EXE file with all components (Blades) to be used as Dynamic package with R80.50 and higher.
(EXE)
Initial client:
Initial client is a very thin client without any blade used for software deployment purposes.
(ZIP)
Package Description 32bit 64bit
A package that includes Endpoint Complete package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
A package that includes Endpoint Complete package with the exception of Anti-Malware:
  • Desktop FW and Application Control
  • Forensics and Anti-Ransomware
  • URL Filtering
  • Anti-Bot
  • Threat Emulation
  • Media Encryption and Port Protection
  • Full Disk Encryption
  • Compliance
  • Remote Access VPN
  • Capsule Docs 
(ZIP)  (ZIP)
Harmony Endpoint package:
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
(ZIP)  (ZIP)
Full Disk Encryption and Media Encryption and Port Protection package:
Full Disk Encryption and Media Encryption and Port Protection package.
 (ZIP)  (ZIP)
Threat Prevention package:
  • Desktop FW and Application Control
  • Anti-Malware
  • Forensics and Anti-Ransomware
  • Anti-Bot
  • Threat Emulation
  • Compliance
(ZIP) (ZIP)
Package Description Links
Endpoint Security Clients for Windows OS - Full:
A zip file that contains all package permutations listed above (excluding Dynamic package and Initial client)
(ZIP)


Standalone Clients Downloads

Show / Hide this section
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone E86.60 Clients

Package Description Link
Capsule Docs Standalone Client Capsule Docs package for environments that are managed by Capsule Docs Cloud Service. (EXE)
Capsule Docs PC Viewer Check Point Capsule Docs Viewer is a stand-alone client that lets you view documents that were protected through Capsule Docs. Get from:
Capsule Docs Portal
Note: These Standalone clients do not require Endpoint Security Server installation as part of their deployment.

Standalone E86.61 Clients

Note: E86.61 version resolves Known Limitation ESVPN-3608.
Package Description Link
Remote Access Clients for Windows Remote Access VPN Client for SmartDashboard-managed clients (MSI)
Remote Access VPN Clients
(Automatic Upgrade file)
Remote Access VPN Client for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)
Remote Access VPN Clients for ATM Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface. (MSI)
Remote Access VPN Clients for ATM
(Automatic Upgrade file)
Unattended Remote Access VPN clients, managed with CLI and API and do not have a User interface for automatic upgrade through the gateway. For SmartDashboard-managed clients only. (CAB)


Endpoint Security Server Downloads 

Show / Hide this section
Endpoint Security Server Package Link
R81.10  Endpoint Security Server R81.10 sk170416
R81  Endpoint Security Server R81 sk166715
R80.40  Endpoint Security Server R80.40 sk160736
R80.30  Endpoint Security Server R80.30 sk144293


Management Console Downloads

Show / Hide this section

Management Console for Endpoint Security Server

The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.

Latest Versions

Endpoint Security Server Package Link
R81.10  SmartConsole for Endpoint Security Server R81.10 sk175188
R81  SmartConsole for Endpoint Security Server R81 sk170116
R80.40  SmartConsole for Endpoint Security Server R80.40  sk165473

Previous Versions

Endpoint Security Server Package Link
R80.30  SmartConsole for Endpoint Security Server R80.30 sk153153
R80.20  SmartConsole for Endpoint Security Server R80.20 sk137593
R77.30.03  SmartConsole for Endpoint Security Server R77.30.03 / E86.30 and higher (EXE)
R77.30  SmartConsole for Endpoint Security Server R77.30 / E86.30 and higher (EXE)
R80.10  SmartConsole for Endpoint Security Server R80.10 sk119612
R77.30 EP6.5  SmartConsole for Endpoint Security Server R77.30 EP6.5 / E86.30 and higher  (EXE)
R77.20 EP6.2  SmartConsole for Endpoint Security Server R77.20 EP6.2 / E86.30 and higher (EXE)
Note: The above packages include the Recovery Image of version 86.8.62.6


Utilities/Services Downloads

Show / Hide this section
Utilities

Package Description Link
Harmony Endpoint Remediation Manager for Administrators

The administrator utility contains the capabilities of the end-user utility plus these additional features:

  • Quarantine - Send files to quarantine.
  • Delete - Use the Harmony Endpoint remediation service to delete a file. 
  • Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based
Servers and Workstations
Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.  (EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)   (TGZ)

For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.

Full Disk Encryption Offline Management Tool

Package Description Link
Full Disk Encryption Offline
Management Tool
The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery. (TGZ)


Known Limitations

Show / Hide this section
Issue ID Description
ESVPN-3608 E86.60 Standalone VPN client starts but VPN connection cannot be established if there was no connection to the Internet during the VPN service start (system boot, restart).
The "Connectivity with the Check Point Endpoint Security service is lost. VPN Service is down" error will be displayed until the Internet connection is resumed. 

Users and devices that may be affected:
  1. Majority of ATMs because these machines do not have access to the Internet.
  2. Users at hotels, airports, etc., who connect through a hotspot portal but cannot use the system browser because the firewall policy blocks ports.
  3. Organizations with restricted access to the Internet (only through VPN), such as banks, the military, or governments.
The issue was fixed in E86.61. The download links can be found above, under the Standalone Client Downloads section in this SK.
If E86.61 Standalone VPN Client is installed, installation of  E86.60 Endpoint Security Client (complete package) fails. To upgrade E86.61 Standalone VPN Client with a complete package, use E86.70 or above.
ESVPN-3508
 
If a user with administrative privileges opens the "Network Connections" list, and then disables/enables the connection associated with the "Check Point Virtual Network Adapter For Endpoint VPN Client" device, connections to the VPN site fail. As a result, the VPN client shows this error message "Failed to load virtual network adapter".
To resolve this issue, restart the "Check Point Endpoint Security VPN" service or reboot the computer.
AHTP-26316 Endpoint client fails to send files to emulation on a Threat Emulation (TE) Appliance that runs engine 59.990001349 or earlier. The issue does not affect emulation performed through ThreatCloud Emulation. Refer to sk180179.


Documentation & Related SecureKnowledge Articles

Show / Hide this section
Endpoint Security Server
  R81.10 Release Notes
  Harmony Endpoint Server R81.10 Administration Guide
  Harmony Endpoint Web Management R81.10 Administration Guide
  R81 Release Notes
  Harmony Endpoint Server R81 Administration Guide
  Harmony Endpoint Web Management R81 Administration Guide
  R80.40 Release Notes
  Endpoint Security R80.40 Administration Guide
  Endpoint Security Server Supported Upgrade Paths
Endpoint Security Clients
  Endpoint Security Client for Windows User Guide
  Endpoint Security Client for Windows E86.60 Release Notes
  Harmony Endpoint Security for Windows MDM Deployment Guide
  Video: How to deploy and upgrade Endpoint Security Client?
  Enterprise Endpoint Security Windows Client for ATM
  How to upgrade to Windows 10 1607 and above with FDE in-place
  Endpoint Security Server versions and supported Endpoint Security Client versions
  Endpoint Security Client Supported Upgrade Paths
Remote Access VPN Clients
  Remote Access Clients for Windows E86.60 Release Notes
  Remote Access Clients for Windows Administration Guide
Capsule Docs Client
  Capsule Docs Plugin E80.72 and Higher
  Check Point Capsule Docs Viewer User Guide - get from: Capsule Docs Portal

For more information on Check Point Maintrain releases, see: Release map, Upgrade map, Backward Compatibility map, Releases Terminology.

You can also visit our Endpoint forum, Remote Access forum, Capsule Docs forum, or any other CHECKMATES forum to ask questions and get answers from technical peers and Support experts.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment