Support Center > Search Results > SecureKnowledge Details
Endpoint Security E80.40
Solution

Endpoint Security Client & Remote Access VPN Clients E80.50 is now available.

IMPORTANT: Check Point recommends to always update your systems to the most recent software release to stay current with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks.

Table of Contents

  • What's New in Endpoint Security E80.40
  • Downloads
    • Fresh Installation
    • Upgrade
      • For Windows
      • For SecurePlatform/Gaia
    • SmartConsole for Endpoint Security Server E80.40
    • Endpoint Security Client E80.40 for Mac
    • Endpoint Security E80.40 Client Packages for Anti-Malware
    • Endpoint Security E80.40 Client Packages for Media Encryption & Port Protection Hotfix
    • Endpoint Security Best Practice Report
    • FDE tools for Endpoint Security Server E80.40
    • Application Control Appscan Tool
  • Documentation
    • General Documentation
    • Client Documentation
    • Server Documentation
    • Additional Documentation
For more information on Check Point Endpoint Security releases, see: Endpoint Security releases map and Endpoint Security upgrade map.
For more information, refer to Endpoint Security E80.40 Known Limitations. You can also visit our Endpoint Security forum, Full Disk Encryption forum or Media Encryption & Check Point GO forum to ask questions and get answers from technical peers and Support experts.

 

What's New in Endpoint Security E80.40

This release includes new features for the server and client.

Endpoint Security Management Features

  • This release supports Smart-1 appliances, Gaia and SecurePlatform.
  • Manage endpoint security for both Windows and Mac platforms using a unified organizational Security Policy.
  • A new Organizational Security Policy provides a full, understandable view of the security policies defined in the organization. You can see all policy rules, assignments and exceptions in a single, unified view.
  • A new Security Overview shows an improved and easier to use view of enforcement status. You can monitor security violations and automatically receive e-mail notifications at predefined thresholds.

Endpoint and Network Security Management Features

  • Endpoint Security Server E80.40 is integrated with Security Management Server R75.40. You can use the SmartConsole E80.40 to manage network security objects R75.40. You can also use SmartConsole R75.40 to manage non-Endpoint Security Software Blades in Endpoint Security Server E80.40.
  • Endpoint Security SmartEvent - includes Full Disk Encryption, Media Encryption and Anti Malware analysis.

Endpoint Security Client Side Features

Media Encryption & Port Protection

  • Set granular access to encrypted business data and non-encrypted personal data on corporate computers.
  • UserCheck engages and educates users to prevent most incidents of unintentional data loss. Upon potential data loss, UserCheck explains the organizational security policy to the user, and allows the user to request an immediate exception to the security policy (based on a logged justification).
  • Thin client support: Citrix Provisioning Services 5.6 SP2
  • Support for eSATA devices
  • Improved logs in SmartView Tracker and SmartLog

Full Disk Encryption

  • Customize graphics in the pre-boot and OneCheck authentication screens.
  • Support for hardware accelerated AES encryption, AES-NI.

Support for Mac Clients

  • Endpoint Security E80.40 management and client support the following Software Blades on Mac:

    • Firewall for Desktop Security
    • Security Compliance
    • Full Disk Encryption
    • Remote Access VPN

New VPN Client

  • Secure Domain Logon (SDL).
  • Secure Client Verification (SCV).
  • Secondary Connect and Multiple Entry Point (MEP).
  • RSA Software Token 4.1.
  • Intel Smart Connect Technology.
  • Support for Secure Authentication API (SAA).
  • Office Mode IP address lease auto renewal.
  • Split DNS.
  • Third Party SCV Checks.
  • Proxy Improvements for Endpoint Security VPN.

Free Endpoint Security Best Practice Analysis:

  • This free tool provides an immediate visibility to your current endpoint security posture and potential risks. This tool will analyze your security posture and provide you with a report including 3 categories: Data Loss risks, Intrusion Risks and Malware Risks
  • This tool does not contain any active security components and is designed to provide a best practice analysis - for Windows-based devices that are running any security solution.

Additional Management Features

  • A new Web Remote Help portal gives online remote help for Full Disk Encryption and Media Encryption devices.
  • Active Directory Scanner usability and performance enhancements.
  • You can change details for users and computers that are not included in an Active Directory domain. You can change details, such as name, email address, and phone number.
  • The management console shows improved information about client installation. Administrators see more data and makes it easier to understand and troubleshoot client installations.

 

Downloads

Note: In order to download some of the packages you will need to have a Software Subscription or Active Support plan.

 

Fresh Installation

Platform Hardware / Appliance Security Management Server
Gaia Open Servers Step 1: Install Gaia with R75.40 Security Management Server

Step 2: Install E80.40

Smart-1 Appliances

(5, 25, 50)

Step 1: Install Gaia with R75.40 Security Management Server

Step 2: Install E80.40

SecurePlatform Open Servers

Step 1: Install SecurePlatform with R75.40 Security Management Server

Step 2: Install E80.40

Smart-1 Appliances

(5, 25, 50)

Step 1: Install SecurePlatform with R75.40 Security Management Server

Step 2: Install E80.40

Windows   (ISO)

 

Upgrade

Endpoint Security Server E80.40 is supported on Check Point Security Management Server R75.40. No HFAs or minor versions can be installed on top of the R75.40 Security Management Server.

  • E80.40 is not supported on top of Standalone R75.40 deployments (where the Security Management Server and Security Gateway are on the same computer).
  • If E80.40 is installed on an R75.40 Security Management Server, you cannot upgrade the Security Management Server to R75.45.
  • Installing E80.40 on top of R75.45 is not supported.

For information on requirements and supported Security Gateways for R75.40, see the R75.40 Release Notes.

 

For Windows:

From existing Endpoint Security setups:

The only supported upgrade for an Endpoint Security Management Server to E80.40 is from Endpoint Security Management Server E80.3x. To upgrade to E80.40 from earlier versions, you must first upgrade your Endpoint Security Management Servers to E80.3x.

For upgrade instructions, please follow the procedure described in the Endpoint Security E80.40 Installation and Upgrade Guide. Before performing upgrade from E80.3x to E80.40, the policies need to be exported and converted from E80.3X format to E80.40 format. This is a mandatory step before starting the upgrade process.

Use the Policy Export and Convert Tool (E80.30) in order to export the E80.3.x policies.

Platform Security Management Server
Windows (ISO)

Clarification: If you currently have an existing Endpoint Security Setup (e.g., E80.3x), in addition to existing Network Security Management Server (e.g., R75.x), and would like to have both on the same machine (R75.40 and E80.40) - this upgrade path is not supported because you cannot transfer your Endpoint Security configuration. In such cases, you will need to reconfigure your Endpoint Security policies.

From existing Non-Endpoint Security Management Server (versions prior or equal to R75.40) setups:

For upgrading an existing Non-Endpoint-Security Management Server (Prior or equal to R75.40) setup to E80.40, you can use the ISO for E80.40 on Windows. The ISO will upgrade the Non-Endpoint Security Management Server to R75.40, if needed, and then will continue upgrade to E80.40.

 

For SecurePlatform/Gaia:

From existing Non-Endpoint Security Management Server (versions prior to R75.40) setups:

For upgrading an existing Non-Endpoint-Security Management Server (prior to R75.40) setup to E80.40, first you need to upgrade to R75.40. Then, upgrade to E80.40 using the table below (for the relevant OS).

If you have:

Platform Hardware / Appliance Security Management Server
Gaia Open Servers

Install E80.40

Smart-1 Appliances

(5, 25, 50)

Install E80.40

SecurePlatform Open Servers

Install E80.40

Smart-1 Appliances

(5, 25, 50)

Install E80.40

Note:

When installing SecurePlatform/Gaia, installation should be done from a folder other than /var. In general, it is recommended to work with the existing /var/tmp or create a dedicated folder under /var. Installation from /var folder will not work properly and will have impact on SSH communication.

 

SmartConsole for Endpoint Security Server E80.40

The SmartConsole for Endpoint Security Server E80.40 allows the Administrator to connect to the Endpoint Security Server E80.40 and to manage the new Endpoint Security E80.40 Software Blades.
Use this SmartConsole in Demo mode to experience Endpoint Security Server E80.40 capabilities.

Platform SmartConsole GUI
Windows

 

Endpoint Security Client E80.40 for Mac

Check Point Endpoint Security E80.40 for Mac is the first and only single client that combines all essential components for Total Security on the endpoint. It includes these Software Blades:

  • Firewall for Desktop Security
  • Compliance
  • Full Disk Encryption
  • VPN for transparent remote access to corporate resources

Check Point Endpoint Security protects PCs and eliminates the need to deploy and manage multiple agents.

Use this Client in order to deploy Endpoint Security Clients on Mac OS X.

Download the E80.40 Endpoint Security Client for Mac.

Endpoint Security E80.40 Client Packages for Anti-Malware Hotfix

Check Point Endpoint Security E80.40 Client Packages for Anti-Malware introduce few monitoring fixes, as described in sk87740 (Endpoint Security E80.40 Client Packages for Anti-Malware). All other Software Blades are not changed compared to E80.40.

Download the Endpoint Security E80.40 Client Packages for Anti-Malware from sk87740.

Endpoint Security E80.40 Client Packages for Media Encryption & Port Protection Hotfix

Endpoint Security E80.40 Media Encryption & Port Protection Hotfix is now available, as described in sk90474. All other Software Blades are not changed compared to E80.40.

This hotfix provides the ability to decrypt a device, that was encrypted with Media Encryption E80.3x or earlier and whose encrypted container size is over 40GB. It also eliminates a redundant eject message to the user.

Download the Endpoint Security E80.40 Client Packages for Media Encryption & Port Protection Hotfix from sk90474.

Endpoint Security Best Practice Report

This tool provides insight into security risks and potential vulnerabilities on the endpoint on which it is run.

This tool does not contain any active security components and is designed to provide a best practice analysis - for Windows-based devices that are running any security solution.

** This tool collects anonymous statistical data regarding various findings to improve its accuracy.

You can use this tool in 2 flavors:

Platform Endpoint Security Best Practice Report
Windows (32/64 bit)
(5.5 Mb)
Windows (32/64 bit)
(14.5 Mb) (with Export Report)

 

FDE tools for Endpoint Security Server E80.40

The FDE tools for Endpoint Security Server E80.40 allow an Administrator to access files on a non-bootable system when the disk is encrypted.

Download the Full Disk Encryption tools for Endpoint Security E80.40.

The ZIP file with tools includes:

  • Full Disk Encryption Cpinfo Collector for Preboot: Utility that gathers information regarding Full Disk Encryption Preboot Environment
  • Full Disk Encryption Demo Mode Recovery Image: Recovery image for Full Disk Encryption Demo Mode
  • Full Disk Encryption Dynamic Mount Utility for Windows: Utility for accessing a protected disk from a Windows system, if the operating system fails on the endpoint computer.
  • Full Disk Encryption Dynamic Mount Utility for WindowsPE: Utility for accessing a protected disk from a Windows PE media, if the operating system fails on the endpoint computer.

Application Control Appscan Tool

The Appscan Tool lets you automatically create Application Control rules based on common applications and operating system files on the endpoint computers network. This is especially useful when you have a clean standard image.

You can import a list of programs identified by their checksums, instead of by filename. Checksums are unique identifiers for programs that cannot be forged. This prevents malicious programs from masquerading as other, innocuous programs.

Create an Appscan for each disk image used in your environment. You can then create rules that will apply to those applications. You create Appscan files by running the appscan.exe utility on a computer with a tightly-controlled disk image, then importing the file into Endpoint Security.

Download the Application Control Appscan Tool.

Documentation

General Documentation

Client Documentation

Server Documentation

Additional Documentation

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment