Deploying Endpoint Security

Client packages for Mac clients must be distributed manually and do not use Software Deployment.

To get the macOS client package:

1. In SmartEndpoint, on the Deployment tab, select an entity in the Action column and click Load client installer file.

2. Browse to the new client package.

   The selected package is put in the Package Repository.

3. Click Mac Client > Download.

4. In the window that opens, select which features to include in the package and click OK.

5. Optional: If Remote Access VPN is part of the package, you can configure a VPN site.

6. Select the location to save the package.

   The selected package starts to download.

7. The package shows in the configured location.

   Use a third party distribution method to distribute the ZIP file to Endpoint users.

Installing the Client

To install Endpoint Security:

1. Double-click the ZIP file to expand it.

2. Click the APP file that appears next to the ZIP file.

   The Check Point Endpoint Security Installer opens.

3. Click Install.

4. Enter a Name and Password to authorize the installation and click OK.

   Wait while package installs.

5. A message shows that the package installed successfully or failed for a specified reason. Click Close.

   If the installation was successful, the Endpoint Security icon appears in the menu bar.

Notes: After the installation, Media Encryption & Port Protection blade requires kernel extension approval, to be performed by the end user in the system preferences screen, or by MDM configuration, to be followed by a reboot. Until these two operations are performed, the blade remains offline. Upon first installation, Anti-Malware, Media Encryption, Firewall, Full Disk Encryption, Anti-Ransomware, Forensics, and Threat Emulation blades require full disk access approval by the end-user or by MDM configuration.

Upgrading the Client

Upgrades can be performed in the same way as installations or by using Endpoint Security Software Deployment in Endpoint Web Management Console.

Software Deployment feature pushes new Endpoint Security client versions or to Add/Remove blade(s).

Endpoint Security Needs User Authentication

The following text may appear in the Endpoint Security Status Overview : "Endpoint Security needs user authentication."

Internal data communication with Endpoint Security Management Server requires a valid Kerberos ticket, which can only be acquired when the machine can connect to the Active Directory and when the end user has performed authentication.

Active Directory authentication can be initiated using the "Authenticate" option in the Endpoint Security Options menu.

Note - After the upgrade, Media encryption & port protection blade requires kernel extension approval, to be performed by the end-user in the system preferences screen, or by MDM configuration, to be followed by a reboot. Until these two operations are performed, the blade remains offline.

Uninstalling the Client

To uninstall Endpoint Security:

1. Open a Terminal Window.

2. Run:

   sudo "/Library/Application Support/Checkpoint/Endpoint Security/uninstall.sh"

• If the Endpoint Security client was encrypted, the uninstall script first prompts for a login and a logout to disable FileVault.

  After decryption, the script continues to uninstall the client.

• After you install Endpoint Security client, you must reset the computer in SmartEndpoint.

  See the Endpoint Security Server Administration Guide for your server version.