What's New

New Features

  • Remote Installation of Initial Client

    • In Endpoint Security Client E83.30 and higher, you can now install the Initial Client remotely without third party tools. See the SandBlast Agent Administration Guide for more information.

  • Virtual Desktop Infrastructure

    • Endpoint Security now supports Citrix VDI (Virtual Desktop Infrastructure) for persistent and non-persistent virtual machines. See sk167072.

  • Firewall and Application Control

    • Endpoint Security Client supports a new "Isolated" mode which isolates the computer from the outside world. See sk169758.

    • The Application Control blade can now choose to terminate applications on execution through policy. See sk141692.

  • VPN

    • Adds an option to switch the language of the user interface to the Windows locale. See sk75221 for configuration information.

      • The option only affects standalone clients.

      • The installation process sets the language of the Endpoint Security full suite and the user cannot change it after the installation.

    • Adds the ability to withhold the name of the last VPN user. See sk75221 for configuration information.

  • Media Encryption and Port Protection

    • A new file audit log value contains the sha256 file checksum for written files on removable medias.

  • Infrastructure

    • The Endpoint Security Client now includes the Greek language.

Enhancements

  • Anti-Malware

    • Resolves an issue where the Anti-Malware engine delays its start for a few seconds after the application of a new policy.

  • Threat Hunting

    • Introduces the ability to isolate a machine through the Threat Hunting interface.

    • Fixes a rare issue with the Threat Hunting batch size where large batches block all data reporting until the next reboot.

  • Threat Emulation and Anti-Exploit

    • Anti-Exploit now blocks the actively exploited vulnerability CVE-2020-17087.

  • Anti-Ransomware, Behavioral Guard and Forensics

    • Fixes an issue that can cause a delay for an Anti-Ransomware detection when a specific Windows process is active.

    • Reduces false positives in Anti-Ransomware with improvements to the thresholds for detecting mass encryption.

    • Improves performance for a hard-coded Anti-Ransomware feature with a move to Behavioral Guard. Rule updatability and exclusions for this feature are now possible in Behavioral Guard.

    • Anti-Ransomware exclusions now support environment variables.

    • Improves the Credential Dumping detection technique to reduce False Positives.

    • In Server environments, Forensics no longer delete files created by Windows processes that may do a lot of file processing.

    • Fixes a rare issue where Forensics drivers do not enforce exclusions. Forensics now enforces exclusions in user mode to handle these rare scenarios.

    • Fixes an issue where the Forensics Analysis fails to add a process to the incident model.

    • Fixes an issue which causes high CPU usage while Forensics purges older database data.

    • Windows scripts processes such as PowerShell.exe and wscript.exe are now "Suspicious" in Forensics Analysis. Remediation settings for "Suspicious" processes now apply.

  • Firewall and Application Control

    • Resolves a rare issue where the Firewall and Application Control process consumes high CPU on a blade startup.

    • Resolves a rare issue where the Firewall blade still blocks IPv6 traffic after the user stops network protection.

  • Full Disk Encryption

    • Fixes the issue where there is an unapplied preboot bypass configuration during the Operating System upgrade.

    • Fixes an incompatibility with the Google Drive File Stream where the EPS client can not install, upgrade or delete with the FDE blade.

    • Fixes the stretched screen in preboot on certain machines.

    • Fixes a rare scenario where Self Encrypting Disks are stuck on 0% encryption.

    • Fixes an issue with Smart Card single sign-on.

  • URL Filtering

    • URL Filtering now supports Mozilla Firefox along with the Chrome and Edge-Chromium browsers.

  • Installation

    • Resolves a rare issue where the Anti-Malware and Firewall blades do not unregister "Windows Security Center" correctly in Endpoint client uninstalls.

    • Resolves a rare issue in the Software deployment process where the package downloads while it already resides on the disk.

    • Resolves a rare issue where an Endpoint Security client upgrade fails due to an Anti-Malware upgrade failure.

    • Resolves an issue where a command line window pops ups for a few seconds in the Anti-Malware uninstallation process.

    • Resolves a rare issue where an Endpoint Security component (cpda.exe) silently crashes as it tries to gather information from the installation file.

    • CVE-2020-6021: Resolves an issue in Check Point Endpoint Security Client for Windows prior to version E84.20 where users have write access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker prior to E84.20 can initiate the installation repair and place a specially crafted DLL in the repair folder which runs with the Endpoint client’s privileges.

  • Infrastructure

    • Resolves a rare issue where an Endpoint Security component (cpda.exe) crashes during the Endpoint Security Client upgrade process.

    • Resolves a rare issue where the Windows Security Center does not recognize Anti-Malware and Firewall blades correctly.

    • Non-Persistent VDI is now configurable through policy. See the Endpoint Security VDI Administration Guide.

    • Resolves an issue where clients enter the Restrict state by mistake after the client removes a blade from the command line.

    • Resolves a rare issue where the client User Interface does not appear after a clean Endpoint Security client installation.

    • Resolves a rare issue where an Endpoint Security client component (cpda.exe) leaks memory as it attempts upgrades.