Introduction

Check Point Endpoint Security Client secures endpoints running macOS. The client secures the endpoint using these features:

  • Anti-Malware

  • Remote Access VPN (managed by the policy created in SmartConsole and installed on the VPN Gateway)

  • Firewall for desktop security

  • Compliance

  • Media Encryption & Port Protection

  • Native Encryption Management

  • Threat Emulation

  • Forensics

  • Anti-Ransomware

  • Capsule Docs

  • SandBlast Agent Browser Extension for Chrome

    • Threat Emulation

    • Threat Extraction

    • Zero Phishing

    • Password Reuse

    • URL Filtering

All features except the Remote Access VPN are centrally managed from SmartEndpoint.

What's New

New Features

  • Early Availability support for the Endpoint Security Clients on macOS Monterey (12).

  • Support for Macs with M1 chip.

    • Rosetta 2 translator must be installed.

    • Compliance, Anti-Malware, Full Disk Encryption, Media Encryption & Port Protection blades include universal binaries and can run as native processes on Apple M1 computers.

    • Apple is gradually introducing new alternatives to kernel extensions, but only in macOS Monterey and higher. Apple recognizes the kernel extensions as supported kernel extension types. On Apple M1, in order to allow third party kernel extensions, the Security Policy needs to be changed to "Reduced Security". Note that a Managed Mac purchased via Apple business or school manager programs does not require "Reduced Security". See Change Startup Disk Security Settings and Deployment Reference in macOS.

  • Software Deployment Early Availability: In order to ease future Endpoint Security version upgrades, reducing dependency on MDMs and dedicated scripts, Endpoint Management Software Deployment may be used instead. Software Deployment using the Endpoint Management is possible, only if the installed Endpoint Security version is E84.70 or higher and the Endpoint Security Management Server version is R81.10 or higher.

  • Port Protection (Early Availability): The Port Protection feature for blocking USB, Bluetooth, camera and printer devices, which was included in the Early Availability September 2021 release of E85.30 Endpoint clients for macOS, is now available on the client version only. Starting December 2021, the feature will become available again for Cloud services running version R81 and above. The feature will also be available for on-premise servers in the future. Additionally, E85.30 GA clients for macOS can enable Port Protection policies by making use of a local configuration file per each Endpoint Client. This is also true for E85.30 GA clients for macOS, which are managed by servers that do not support Port Protection for macOS. Users that configured Port Protection for macOS feature in the Early Availability September 2021 release of E85.30 Endpoint clients for macOS are now required to modify their Port Protection policy in order to continue working with the feature. This feature is supported in macOS 10.15 and higher. See sk176366 for more details.

  • Detect mode for Anti-Malware and Anti-Ransomware blades:

    • When in detect mode, Endpoint Security no longer remediates or quarantines any suspicious application.

    • For Anti-Malware blade detect mode, see sk169753.

  • Endpoint Security is now notarized. macOS no longer blocks the Endpoint Security Installation Application.

  • Self-protection is now always enabled, and yet the administrator can turn self-protection on or off. See sk171012.

  • Media Encryption now supports Time Machine on external media (macOS 11 and higher).

  • New Remote Access VPN features:

    • Support for the Security Assertion Markup Language (SAML) protocol in user authentications.

    • Support for Smart Cards for user authentication on macOS 10.15 Catalina and higher.

    • Support of fixed MAC addresses for Office Mode IP addresses allocation.

  • Advanced Threat Prevention blades performance improvements for macOS 11 and higher based on better filtering capabilities introduced as part of Endpoint Security Framework.

Enhancements

  • This release includes stability, quality and performance fixes:

    • It is now possible to configure Media-Encryption exclusions (for USB).

    • "SideCar", "HandOver", and "Airdrop" are now supported. IPv6 unblock-all is no longer required.