What's New

New Features

  • Adds a new protection in Static Analysis against CVE-2020-0601. This prevents the use of spoofed ECC (Elliptic Curve Cryptography) certificates on malicious executables.

  • Behavioral Guard now detects Windows reported CVEs to generate a log and Forensic Analysis. An example is CVE-2020.0601. This is different from the Static Analysis protection that is not dependent on Windows reported CVEs.

  • Behavioral Guard Meterpreter Reverse Shell detections are now active by default.

  • Behavioral Guard new injection detections including Process Hollowing are now active by default.

  • Forensics can now identify starting points of attacks originating from lateral movement and Windows Management Instrumentation (WMI). Indirect execution on a single machine through WMI is now detected and followed in the Forensics Analysis.

Enhancements

  • Anti-Malware

    • Resolves the issue where an Anti-Malware infection event is not showing in SmartEndpoint Reporting if special characters are in the path.

    • Resolves an issue where Anti-Malware reporting does not update in SmartEndpoint after the infections list changes in the Anti-Malware blade.

    • Fixes an Anti-Malware system scan memory issue when scanning files with alternate data streams.

  • Anti-Exploit

    • Fixes an issue that can cause the Anti-Exploit service to crash in x86 systems after an upgrade.

    • Fixes a rare issue where the machine hangs during an upgrade related to a driver that Anti-Exploit uses.

    • Fixes an issue where Anti-Exploit may not work immediately after an upgrade.

  • Anti-Bot

    • Anti-Bot detection status now updates to the server User Interface continuously for additions and removals from the client.

  • Behavioral Guard and Forensics

    • Improves performance slightly by removing unnecessary logs from Behavioral Guard.

    • Fixes an issue in the Forensics Log Card to report a trigger rather than the process of a trigger.

    • Fixes an issue with a Forensic crash in a Virtual Disk Infrastructure (VDI) environment

  • Firewall and Application Control

    • Resolves a possible issue where the Firewall blade has the Initializing status after an upgrade due to some missing dll files.

    • Resolves a possible issue where registry parsing while self protection is active causes a BSOD.

    • Fixes the vsdatant.sys driver synchronization issue that causes a BSOD on the driver unload.

    • Resolves the issue where Long Term Evolution (LTE) and Universal Mobile Telecommunication System (UMTS) devices are not recognized as wireless by the "Disconnect wireless connections when connected to the LAN" feature.

  • Full Disk Encryption

    • Resolves an incorrect report about the Full Disk Encryption blade not running during a Windows shutdown when the Deployment Agent (CPDA) does not receive a shutdown notification.

    • Sets BCDBOOT as the default on fresh installs.

    • Fixes Unified Extensible Firmware Interface (UEFI) to use the customized image rebrandings of UEFI preboots.

    • No longer forces a reboot when the pre-boot bypass is off by policy.

  • Media Encryption and Port Protection

    • Fixes and removes the requirement to install Visual Studio 2017 runtimes when running the Media Encryption offline utility "Access to Business Data".

      Note - The Mac offline utility now supports macOS Catalina (10.15).

  • VPN

    • Fixes an issue where the location inside the organization is not recognized properly.

    • Adds the detection of McAfee Security Endpoint v10.6 into Secure Configuration Verification (SCV).

    • Fixes an issue where the user is not able to use several question marks in the password.

  • Installer

    • Resolves a possible issue where the client upgrade fails when the Anti-Malware blade can not reach a database file after an ungraceful process termination.

    • Resolves a sudden reboot after a client upgrade finishes before a custom countdown timer ends.

    • Resolves an issue where Installer terminates on machines with specific locales if the user has a name with specific localized UTF-8 characters.

    • Resolves a possible issue where the installation fails by waiting for a process from a previous installation to stop.

    • Increases the timeout value for Windows Installer (MSI) to wait for Full Disk Encryption to finish a deployment in the offline mode.

    • Fixes the Full Disk Encryption uninstall after a Windows 10 upgrade.

  • General

    • Fixes an issue with the Deployment Agent (CPDA). Now it tries to resend the UpdateRegister message when the machine has network configuration changes if the message didn't go through during startup.

    • Resolves an issue where the "Disconnected Policy" is not defined and appears in the display when the client is connected.

    • Fixes the issue of duplicate user objects for the same user in Other Users / Computers.

 

 
24 February 2020
© 2020 Check Point Software Technologies Ltd.

Endpoint Security Client E82.40 Release Notes