Client Requirements

This section shows the requirements for Endpoint Security clients.

Supported Client Operating Systems

Microsoft Windows

Version	Editions	Architecture	SPs or Updates	Supported Features
11 21H2 10 21H2 10 21H1 (version 2103) 10 20H2 (version 2009) 10 20H1 (version 2004) 10 19H2 (version 1909) 10 19H1 (version 1903) 10 LTSC (version 1809) 10 (version 1809) 10 (version 1803) 10 (version 1709) 10 LTSB (version 1607)	Enterprise Pro	32/64-bit		All
8.1	Enterprise Pro	32/64-bit	Update 1	All
7	Enterprise Professional	32/64-bit	SP1 Microsoft update KB3033929	All

Version

Editions

Architecture

SPs or Updates

Supported Features

11 21H2

10 21H2

10 21H1 (version 2103)

10 20H2 (version 2009)

10 20H1 (version 2004)

10 19H2 (version 1909)

10 19H1 (version 1903)

10 LTSC (version 1809)

10 (version 1809)

10 (version 1803)

10 (version 1709)

10 LTSB (version 1607)

Enterprise
Pro

32/64-bit

All

8.1

Enterprise
Pro

32/64-bit

Update 1

All

Enterprise
Professional

32/64-bit

SP1
Microsoft update KB3033929

All

Microsoft Windows Server

Version	Editions	Architecture	SPs or Updates	Supported Features
2022	All	64-bit		Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client), Media Encryption and Port Protection.
2019	All	64-bit		Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client), Media Encryption and Port Protection.
2016	All	64-bit		Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client).
2012	All	64-bit		Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client)
2012 R2	All	64-bit		Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client)
2008 R2	All	32/64-bit	Microsoft update KB3033929	Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client)

Notes:

To support Endpoint Compliance rules for Windows Server 2016 on versions older than R80.20, see sk122136.
Windows Server CORE is not supported.

VMware ESXi

Version	Supported Features
5.1, 5.5, 6.0	All, except: Full Disk Encryption and Media Encryption & Port Protection

Note - If you install a client package with features that are not supported on the server, the installation succeeds but only the supported features are installed.

Supported Harmony Endpoint Browser Extension for Windows

Harmony Endpoint Browser Extension for Windows clients browsers support:

	Chrome	Microsoft Edge (Chromium)	Firefox	Internet Explorer
File Download Protection
Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection
URL Filtering (for Web Management users only)

Note - Activation of the extension on Firefox ESR requires the user's manual approval.

Supported Languages for Endpoint Security Clients

The Endpoint Security client is available in these languages:

English	German	Polish	Czech	Greek
Italian	Russian	French	Japanese	Spanish
Portuguese

Client Hardware Requirements

The minimum hardware requirements for client computers to run the Total Endpoint Security Package are:

2 GB RAM
2 GB free disk space

The recommended hardware requirements for client computers to run the Total Endpoint Security Package are:

8 GB RAM
6 GB free disk space

Full Disk Encryption Requirements

This section applies to Check Point Full Disk Encryption and not BitLocker Management.

Full Disk Encryption clients must have:

32MB of continuous free space on the client's system volume

Note - During deployment of Full Disk Encryption on the client, the Full Disk Encryption service automatically defragments the volume to create the 32MB of continuous free space, and suspends the Windows hibernation feature while the disk is being encrypted.

Clients must NOT have:

RAID.
Partitions that are part of stripe or volume sets.
Hybrid Drive or equivalent Drive Cache Technologies. See sk107381.
The root directory that is compressed (compressed sub-directories of the root directory are supported).

UEFI Requirements

The new UEFI firmware that replaces BIOS on some computers contains new functionality that is used by Full Disk Encryption.

Full Disk Encryption in UEFI mode requirements are:

Windows 11
Windows 10 32/64-bit
Windows 8.1 Update 1 32/64-bit
Windows 7 64-bit

Unlock on LAN Requirements

Mac OS - On Mac, you can use Unlock on LAN on computers that are shipped with OS X Lion or higher. You can use Unlock on LAN with some earlier computers, if a firmware update is applied to the computer.
Windows - On Windows, you can use Unlock on LAN on computers that support UEFI Network Protocol. UEFI Network Protocol is on Windows 8, Windows 10 or Windows 11 logo certified computers that have a built in Ethernet port. The computer must be running Windows 8, Windows 10 or Windows 11 in native UEFI mode and Compatibility Module Support (CSM) must not be enabled. On some computers, UEFI Network support must be manually enabled in the BIOS setup.

For troubleshooting the UEFI network connectivity issues, see sk93709.

UEFI "Absolute Pointer" Keyboard-less Tablet Touch Requirements

Support for Pre-boot touch input on tablets (64-bit) requires:

A Windows 8, Windows 10 or Windows 11 logo certified computer
The UEFI firmware must implement the UEFI Absolute Pointer protocol

See sk93032 for information about touch support on your device.

Self-Encrypting Drives (SED)

You can use Self-Encrypting Drives with Full Disk Encryption.

The requirements are:

Supported Windows versions in UEFI mode
UEFI firmware that implements the UEFI ATA Pass-through protocol or the UEFI Security Command Protocol
TCG Opal compliant drives version 1.0 or 2.0

See sk108092 for a list of drives explicitly tested by Check Point.

See sk93345 for information about compatibility of a UEFI computer with SED Opal encryption for Check Point Full Disk Encryption.

Support for TPM

The TPM is used to enhance security by measuring integrity of Pre-boot components. To use TPM, you must enable it in the Full Disk Encryption policy.

This system requirement applies:

TPM hardware, based on specification 1.2 or 2.0

Media Encryption & Port Protection Support

Storage Devices:

USB Devices
eSATA devices
CD/DVD devices
SD cards

Capsule Docs Supported Applications

After Capsule Docs clients are installed, they operate in all supported applications.

The supported applications are:

Microsoft Office - Supported versions are described in sk157772
Adobe Reader DC