Client Requirements

This section shows the requirements for Endpoint Security clients.

Supported Client Operating Systems

Microsoft Windows

Version

Editions

Supported starting from

11 LTSC (version 24H2)

Enterprise Pro

Endpoint Security Client E88.41

VPN Standalone Client E88.40

11 24H2

Enterprise Pro

Endpoint Security Client E88.41

VPN Standalone Client E88.40

11 23H2

Enterprise Pro

Endpoint Security Client E87.62

VPN Standalone Client E87.60

11 22H2

Enterprise Pro

Endpoint Security Client E86.70

11 21H2

Enterprise Pro

Endpoint Security Client E85.40

10 22H2

Enterprise Pro

EA support: Endpoint Security Client E86.80

GA support: Endpoint Security Client E87.00

10 LTSC (version 21H2)

Enterprise Pro

Endpoint Security Client E86.00

10 21H2

Enterprise Pro

Endpoint Security Client E86.00

10 21H1 (version 2103)

Enterprise Pro

Endpoint Security Client E85.00

10 20H2 (version 2009)

Enterprise Pro

Endpoint Security Client E85.00

10 20H1 (version 2004)

Enterprise Pro

Endpoint Security Client E85.00

10 19H2 (version 1909)

Enterprise Pro

Endpoint Security Client E85.00

10 19H1 (version 1903)

Enterprise Pro

Endpoint Security Client E85.00

10 LTSC (version 1809)

Enterprise Pro

Endpoint Security Client E85.00

10 (version 1809)

Enterprise Pro

Endpoint Security Client E85.00

10 (version 1803)

Enterprise Pro

Endpoint Security Client E85.00

10 (version 1709)

Enterprise Pro

Endpoint Security Client E85.00

10 LTSB (version 1607)

Enterprise Pro

Endpoint Security Client E85.00

8.1 Update 1

Enterprise Pro

Endpoint Security Client E85.00

7 SP1

Microsoft update KB3033929

Enterprise
Professional

Endpoint Security Client E85.00

Notes:

  • For existing Endpoint Security deployments, before upgrading your OS version, you must first upgrade the Endpoint Security Client to a version that supports the desired OS version based on the table above.

  • For additional information on Windows 7 support, refer to sk164006.

  • Windows Operating Systems are supported according to Check Point Client Support life cycles, also on Virtual Machines. However, there is no dedicated QA process for all possible variants of Windows. If you encounter a specific issue related to a different edition of a supported Windows OS version, Check Point will provide best-effort support through R&D assistance.

Microsoft Windows Server

Version

Editions

Supported starting from

Supported Features

2022 64-bit

All

E85.40

Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client), Media Encryption and Port Protection.

2019 64-bit

All

E85.00

Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client), Media Encryption and Port Protection.

2016 64-bit

All

E85.00

Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client).

2012 R2 64-bit

All

E85.00

Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client)

2012 64-bit

All

E85.00

Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client)

2008 R2

32/64-bit

All

E85.00

Compliance, Anti-Malware, Firewall, Application Control, Forensics, Anti-Ransomware, Anti-Bot, Threat Emulation, Capsule Docs (Standalone Client)

Notes:

  • To support Endpoint Compliance rules for Windows Server 2016 on versions older than R80.20, see sk122136.

  • Windows Server CORE is not supported.

  • If you install a client package with features that are not supported on the server, the installation succeeds but only the supported features are installed.

  • The Anti-Exploit feature is supported starting from the 2016 64-bit version.

Supported Harmony Endpoint Browser Extension for Windows

Harmony Endpoint Browser Extension for Windows clients browsers support:

 

Chrome

Microsoft Edge (Chromium)

Firefox

Internet Explorer

File Download Protection

Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection

URL Filtering (for Web Management users only)

Note - Activation of the extension on Firefox ESR requires the user's manual approval.

Supported Languages for Endpoint Security Clients

The Endpoint Security client is available in these languages:

  • English

  • German

  • Polish

  • Czech

  • Greek

  • Italian

  • Russian

  • French

  • Japanese

  • Spanish

  • Portuguese

  • Ukrainian

Client Hardware Requirements

The minimum hardware requirements for client computers to run the Total Endpoint Security Package are:

  • 2 GB RAM

  • 2 GB free disk space

The recommended hardware requirements for client computers to run the Total Endpoint Security Package are:

  • 8 GB RAM

  • 6 GB free disk space

Full Disk Encryption Requirements

This section applies to Check Point Full Disk Encryption and not BitLocker Management.

Full Disk Encryption clients must have:

  • 512MB of continuous free space on the client's system volume

Note - During deployment of Full Disk Encryption on the client, the Full Disk Encryption service automatically defragments the volume to create the 512MB of continuous free space, and suspends the Windows hibernation feature while the disk is being encrypted.

Clients must NOT have:

  • RAID.

  • Partitions that are part of stripe or volume sets.

  • Hybrid Drive or equivalent Drive Cache Technologies. See sk107381.

  • The root directory that is compressed (compressed sub-directories of the root directory are supported).

UEFI (Unified Extensible Firmware Interface) Requirements

The new UEFI firmware that replaces BIOS on some computers contains new functionality that is used by Full Disk Encryption.

Full Disk Encryption in UEFI mode requirements are:

  • Windows 11

  • Windows 10 32/64-bit

  • Windows 8.1 Update 1 32/64-bit

  • Windows 7 64-bit

Unlock on LAN Requirements

  • macOS - On macOS, you can use Unlock on LAN on computers that are shipped with OS X Lion or higher. You can use Unlock on LAN with some earlier computers, if a firmware update is applied to the computer.

  • Windows - On Windows, you can use Unlock on LAN on computers that support UEFI Network Protocol. UEFI Network Protocol is on Windows 8, Windows 10 or Windows 11 logo certified computers that have a built in Ethernet port. The computer must be running Windows 8, Windows 10 or Windows 11 in native UEFI mode and Compatibility Module Support (CSM) must not be enabled. On some computers, UEFI Network support must be manually enabled in the BIOS setup.

For troubleshooting the UEFI network connectivity issues, see sk93709.

UEFI "Absolute Pointer" Keyboard-less Tablet Touch Requirements

Support for Pre-boot touch input on tablets (64-bit) requires:

  • A Windows 8, Windows 10 or Windows 11 logo certified computer

  • The UEFI firmware must implement the UEFI Absolute Pointer protocol

See sk93032 for information about touch support on your device.

Self-Encrypting Drives (SED)

You can use Self-Encrypting Drives with Full Disk Encryption.

The requirements are:

  • Supported Windows versions in UEFI mode

  • UEFI firmware that implements the UEFI ATA Pass-through protocol or the UEFI Security Command Protocol

  • TCG Opal compliant drives version 1.0 or 2.0

See sk108092 for a list of drives explicitly tested by Check Point.

See sk93345 for information about compatibility of a UEFI computer with SED Opal encryption for Check Point Full Disk Encryption.

Support for TPM

The TPM is used to enhance security by measuring integrity of Pre-boot components. To use TPM, you must enable it in the Full Disk Encryption policy.

This system requirement applies:

  • TPM hardware, based on specification 1.2 or 2.0

Media Encryption & Port Protection Support

Storage Devices:

  • USB Devices

  • eSATA devices

  • CD/DVD devices

  • SD cards