Client Requirements

This section shows the requirements for Endpoint Security clients, including supported operating systems and hardware requirements.

Supported Client Operating Systems

Microsoft Windows

Version	Editions	Arch.	SPs or Updates	Supported Features
10 19H2 (version 1909) 10 19H1 (version 1903) 10 LTSC (version 1809) 10 (version 1809) 10 (version 1803) 10 (version 1709) 10 LTSB (version 1607)	Enterprise Pro	32/64-bit		All
8.1	Enterprise Pro	32/64-bit	Update 1	All
7	Enterprise Professional	32/64-bit	SP1 Microsoft update KB3033929	All

Version

Editions

Arch.

SPs or Updates

Supported Features

10 19H2 (version 1909)

10 19H1 (version 1903)

10 LTSC (version 1809)

10 (version 1809)

10 (version 1803)

10 (version 1709)

10 LTSB (version 1607)

Enterprise
Pro

32/64-bit

All

8.1

Enterprise
Pro

32/64-bit

Update 1

All

Enterprise
Professional

32/64-bit

SP1
Microsoft update KB3033929

All

Microsoft Windows Server

Version	Editions	Arch.	SPs or Updates	Supported Features
2019	All	64-bit		Compliance, Anti-Malware, Firewall, SandBlast Agent features, Capsule Docs (Standalone Client)
2016 (*)	All	64-bit		Compliance, Anti-Malware, Firewall, SandBlast Agent features, Capsule Docs (Standalone Client)
2012	All	64-bit		Compliance, Anti-Malware, Firewall, SandBlast Agent features, Capsule Docs (Standalone Client)
2012 R2	All	64-bit		Compliance, Anti-Malware, Firewall, SandBlast Agent features, Capsule Docs (Standalone Client)
2008 R2	All	32/64-bit	Microsoft update KB3033929	Compliance, Anti-Malware, Firewall, SandBlast Agent features, Capsule Docs (Standalone Client)

(*) To support Endpoint Compliance rules for Windows Server 2016 on versions older than R80.20, see sk122136.

(**) Note - Terminal Servers are not supported.

(***) Note -Windows Server CORE is not supported.

VMware ESXi

Version	Supported Features
5.1, 5.5, 6.0	All except: Full Disk Encryption and Media Encryption & Port Protection
	Note- If you install a client package with features that are not supported on the server, the installation succeeds but only the supported features are installed.

Supported Languages for Endpoint Security Clients

The Endpoint Security client is available in these languages:

English	German	Polish
Czech	Italian	Russian
French	Japanese	Spanish

Client Hardware Requirements

The minimum hardware requirements for client computers to run the Total Endpoint Security Package are:

2 GB RAM
2 GB free disk space

Full Disk Encryption Requirements

This section applies to Check Point Full Disk Encryption and not BitLocker Management.

Full Disk Encryption clients must have:

32MB of continuous free space on the client's system volume

Note - During deployment of Full Disk Encryption on the client, the Full Disk Encryption service automatically defragments the volume to create the 32MB of continuous free space, and suspends the Windows hibernation feature while the disk is being encrypted.

Clients must NOT have:

RAID.
Partitions that are part of stripe or volume sets.
Hybrid Drive or other similar Drive Cache Technologies. See sk107381.
The root directory cannot be compressed. Subdirectories of the root directory can be compressed.

UEFI Requirements

The new UEFI firmware that replaces BIOS on some computers contains new functionality that is used by Full Disk Encryption. Full Disk Encryption in UEFI mode requirements are:

Windows 10 32/64-bit
Windows 8.1 Update 1 32/64-bit
Windows 7 64-bit

Unlock on LAN Requirements

Mac OS - On Mac, you can use Unlock on LAN on computers that are shipped with OS X Lion or higher. You can also use Unlock on LAN with some earlier computers, if a firmware update is applied to the computer.
Windows - On Windows, you can use Unlock on LAN on computers that support UEFI Network Protocol. UEFI Network Protocol is on Windows 8 or Windows 10 logo certified computers that have a built in Ethernet port. The computer must be running Windows 8 or windows 10 in native UEFI mode and Compatibility Module Support (CSM) must not be enabled. On some computers, UEFI Network support must be manually enabled in the BIOS setup.

To troubleshoot UEFI network connectivity, see sk93709.

UEFI "Absolute Pointer" Keyboard-less Tablet Touch Requirements

Support for Pre-boot touch input on tablets (64-bit) requires:

A Windows 8 or Windows 10 logo certified computer
The UEFI firmware must implement the UEFI Absolute Pointer protocol

You can use sk93032 to test your device for touch support.

Self-Encrypting Drives (SED)

You can use Self-Encrypting Drives with Full Disk Encryption. The requirements are:

Supported Windows versions in UEFI mode
UEFI firmware that implements the UEFI ATA Pass-through protocol or the UEFI Security Command Protocol
TCG Opal compliant drives version 1.0 or 2.0

See sk108092 for a list of drives explicitly tested by Check Point.

See sk93345, to test a UEFI computer for compatibility with SED Opal encryption for Check Point Full Disk Encryption.

Support for TPM

The TPM is used to enhance security by measuring integrity of Pre-boot components. To use TPM, you must enable it in the Full Disk Encryption policy. This system requirement applies:

TPM hardware, according to specification 1.2 or 2.0

Media Encryption & Port Protection Support

Storage Devices:

USB Devices
eSATA devices
CD/DVD devices
SD cards

Capsule Docs Supported Applications

After Capsule Docs clients are installed, they work in all supported applications. The supported applications are:

Microsoft Office - Supported versions are described in sk157772.
Adobe Reader DC