What's New

New Features and Enhancements

E88.72 - Released on 26 May 2025

This Hotfix complements the E88.70 release with important fixes. If you installed E88.70, we recommend upgrading to E88.72.

E88.70 - Released on 09 March 2025

Enhancement: The Super Node Server status is now displayed on the Management Server.

Enhancement: Endpoint Security Clients now supports Super Node functionality in semi-isolated environments.

Enhancement: Improved the flow and user experience for uploading files to FTP when running CPInfo.

Enhancement: Language settings configured in Harmony Management UI now change the Endpoint Security Client language but do not override user-defined language settings.

Enhancement: Configuring Data Loss Prevention policy for GenAI applications now provides enforcement granularity per application.

Enhancement:

  • Performance improvements in the Anti-Bot DNS Inspection feature.

  • Admins can now enable/disable the DNS Inspection feature in the Anti-Bot policy (under Advanced settings).

Enhancement:

  • Significantly reduced the volume of Forensics reports generated by Anti-Bot DNS Inspection.

  • Updated DNS Inspection-related detections to use "Domain" as the indicator type, replacing the previous "dns://" URL schema prefix.

Enhancement: Added ability to allow users to dismiss the URL filtering alert and access blocked websites. This option uses the same settings as the Browser Extension in Advanced settings > Web & Files Protection, as follows:

  • Connection attempt from browser without Browser Extension or non-browser process: Allows next connection attempts.

  • Connection attempt from browser with Browser Extension: May require multiple approvals based on security settings before allowing next connection attempts.

Enhancement: Improved the sensors for specific attacks.

Enhancement: Improved Anti-Ransomware remediation for directories.

Enhancement: Improved proxy and Super Node compatibility for the Anti-Ransomware, Behavioral Guard and Forensics Blade.

Enhancement: Behavioral Guard signatures are now loaded faster.

Enhancement: The Forensics report now provides better visibility into the exact Registry location that triggered the detection.

Enhancement: A series of performance optimizations are introduced to improve overall system performance and reduce CPU consumption.

Enhancement: Updated the SDK used for scanning and patching vulnerabilities to version 2024-04 (9.7), enhancing compatibility and performance.

Enhancement: Improved the installation rate in Posture management.

Enhancement: Installation now halts if multiple ESP (EFI System Partition) or old SA (FDE System Area) partitions are detected, displaying an error message that directs users to remove extra partitions before reinstalling. This ensures a clean installation environment.

Enhancement: TPM (Trusted Platform Module) is now automatically disabled (for FDE use only) during OS upgrades to ensure smooth upgrades without compromising security. TPM is re-enabled upon completion.

Enhancement: Enforcement of Infinity IoC by Endpoint Security Client is now performed faster.

Enhancement: The Browser extension icon now displays Data Loss Prevention policy name and number.

E88.62 - Released on 10 February 2025

This Hotfix complements the E88.61 release with important fixes. If you installed E88.61, we recommend upgrading to E88.62.

E88.61 - Released on 01 December 2024

This Hotfix complements the E88.60 release with important fixes. If you installed E88.60, we recommend upgrading to E88.61.

E88.60 - Released on 03 September 2024

Enhancement: Super Node feature now supports environments with restricted network access for local accounts. In setups where local users cannot log into Super Node machines from the network, a special registry key allows the Super Node to run with elevated privileges. This ability enables the NGINX process, which serves files via HTTP protocol, to operate as system instead of a dedicated local user account.

Note, this is not a recommended setup. It should only be used in specific scenarios.

Enhancement: Anti-Malware signature update source is now added to the Management Server event logs.

Enhancement: Improved detection of ransomware in rare scenarios.

Enhancement: Improved the defense against some behavioral patterns.

Enhancement: Improved the usage of advanced signatures.

Enhancement: Reduced the size of some internal files.

Enhancement: Blocking the browser Incognito mode in Chrome, Edge, Firefox, Brave using Management policy is now supported.

E88.50 - Released on 05 August 2024

Enhancement: Added Data Loss Prevention (DLP) capability which detects and prevents unauthorized transmission of confidential information, such as social security numbers, credit card numbers, bank account numbers and so on. Refer to Harmony Endpoint EPMaaS Administration Guide > Configuring the Endpoint Policy > Data Loss Prevention.

Enhancement: The system now automatically blocks vulnerable drivers upon their creation on the device. This includes drivers that are downloaded, extracted, copied, or otherwise introduced to the system.

Enhancement: Installing any of the Anti-Malware, Anti-Bot, Forensics, or Threat Emulation blades requires Microsoft .NET Framework version 4.7.2 or higher. For all other configurations, the minimum required Microsoft .NET Framework version is 4.6.1. Refer to sk182480.

Enhancement: Enhanced software security through advanced compilation techniques and updated the core libraries, strengthening enterprise protection.

Enhancement: The Harmony Endpoint connectivity tool no longer uses E1 URLs.

Enhancement: Added pagination to the Blade tabs tables in the Clients UI to improve the performance when loading large datasets.

Enhancement: URL Filtering eliminates User Check popups for blocked connections in supported browsers with the Harmony Extension installed. This reduces interruptions, improving user experience. In Incognito mode, blocked connections are silently dropped.

Enhancement: URL Filtering logs in the Management Server logs now include additional information:

  • Policy Name

  • Policy Version

  • Policy Installation Time

Enhancement:

  • Added ability to recover malware files detected and removed from critical system areas, which was previously restricted.

  • Malware detection alerts now appear on both the client UI and the management console.

Enhancement: The Critical Scan feature is improved to include boot sector scanning.

Enhancement: Refined the ability to detect network-related security threats.

Enhancement: Improved the detection of some types of Ransomware and Wipers.

Enhancement: Improved the RDP usage information for advanced signatures.

Enhancement: When illegitimate login attempts are detected, the account that is targeted will be removed from the list of accounts authorized to access the specific computer.

Enhancement: Data transferred through OS pipes is now reported to the Threat Hunting tool.

Enhancement: Additional folders in ProgramData are now protected against tampering.

Enhancement: Optimized detection algorithm to reduce false positives in generic anti-ransomware signature.

Enhancement: After a password change, Microsoft Entra ID users are now prompted to lock and unlock the computer to synchronize the Windows password and the FDE Pre-boot password.

Enhancement: The Mobile Enrollment feature in the Endpoint Security Client UI now supports all the available languages.

Enhancement: FDE Pre-boot Remote Help now features a user-friendly wizard interface. This guided flow helps users easily select the type of assistance they need before system boot.

Enhancement: The PS2 keyboard default setting for Dell Latitude 5420 laptops is now changed to "FALSE" (disabled).

Enhancement: Printers installed as software devices are now controlled by the Media Encryption and Port Protection Blade, allowing administrators to apply access policies and rules to regulate communication with these virtual printer resources, enhancing security oversight.

E88.41 - Released on 23 June 2024

NEW: This version introduces support for Windows 11 version 24H2 as an GA (General Availability) version.

Note: Endpoint Security Clients running versions lower than E88.41 may encounter crashes or unpredictable behavior, including Blue Screen of Death (BSOD) errors.

Enhancement: It is now possible to scan Active Directory using custom filters.

Enhancement: The system now employs a more accurate language detection mechanism to automatically select the appropriate localized user interface language based on the Operating System default settings, providing a seamless experience without manual selection.

Enhancement: Added the URLF Popups Suppression feature, which controls the frequency of URL Filtering popups for the same blocked URL.

Enhancement: Added integration with the Media Encryption Blade for scanning connected removable drives.

Enhancement: Enhanced the Threat Prevention methods against some types of attacks.

Enhancement: Improved visibility into processes attached to a debugger.

Enhancement: Improved the honeypot files naming algorithm to enhance the security against targeted attacks.

Enhancement: Improved the efficiency of executing advanced threat signatures.

Enhancement: Improved visibility into files mounted from disc image or CD image.

Enhancement: Added support for performing Mobile Enrollment from the Endpoint Security Client UI when using the FDE Smart Pre-boot (EA feature). If Smart Pre-boot features that require Mobile Login are enabled, users are now prompted to enroll their mobile devices for authentication purposes.

Enhancement: Added support for the Media Encryption and Port Protection Blade on systems running the ARM architecture.

Enhancement: In Media Encryption authorization scanning, improved the dialog for Anti-Malware scanning progress.

E88.32 - Released on 17 July 2024

This Hotfix complements the E88.31 release with important fixes.

E88.31 - Released on 03 June 2024

This Hotfix complements the E88.30 release with important fixes. If you installed E88.30, we recommend upgrading to E88.31.

E88.30 - Released on 17 April 2024

NEW: Added ability to update SA and OFR offline. Refer to sk180690 to preform Offline Update.

NEW: In Advanced Capabilities, added Detect/ Prevent/ Off modes for these sensors:

  • ThreatCloud Reputation,

  • Offline Reputation,

  • Static Analysis of Office Files,

  • Static Analysis of Executable files,

  • Static Analysis of DDL Files.

For more information about configuring these modes, see Harmony Endpoint EPMaaS Administration Guide > Configuring the Endpoint Policy > Configuring the Threat Prevention Policy > Web & Files Protection.

Enhancement: Endpoint Security Clients now supports uploading CPInfo to Amazon Simple Storage Service (S3) through push operation and manually using the S3 application.

Enhancement: Administrators now have the ability to set a timeout and require a password for the Disable Capabilities feature in the General section of Client Settings. This password prompt, currently available only in English, allows control over who can disable capabilities on any Windows client by requiring password authentication before accessing the Disable Capabilities screen on the Client User Interface. Once capabilities are disabled, the specified timeout interval determines the duration after which the disabled capabilities are automatically restored to operational status

Enhancement: The Threat Emulation Blade in Client UI is displayed as File Protection.

Enhancement: The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point ThreatCloud. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process.

Enhancement: The Anti-Malware E1 Blade now allows to specify the processes which are spawned from trusted processes (for example, their descendants) that should be excluded from malware scans and monitoring. This minimizes unnecessary resources utilization and potential false positives.

Enhancement: It is now possible to install only the Anti-Malware E2 Blade, independently from installing the Threat Emulation blade.

Enhancement: Improved the time it takes to upload events to threat hunting.

Enhancement: The detection of ransomware is now faster. Implemented a new mechanism that can potentially pause and prevent ransomware encryption from occurring in certain scenarios, particularly during the initial stages of an attack.

Enhancement: Improved the signature capabilities.

Enhancement: Improved the signature accuracy.

Enhancement: Improved visibility of sensors into processes.

Enhancement: Improvements in remediation.

Enhancement: PIV Smartcard driver now supports IDEmia Cosmo 8.1 cards and compressed certificates.

Enhancement: Both the FDE classic Pre-boot and Smart Pre-boot flows are now refined to a smoother flow for visually impaired users

Enhancement: Added ability to change Endpoint Security clients language from the Management UI, under Policy > Client Settings > User Interface.

E88.20 - Released on 13 March 2024

Enhancement: Implemented security measures for validation of software components, mitigating risks from unverified code. This enhances the Endpoint Client security posture and promoting reinforced computing environment.

Enhancement: The Anti-Bot, URL Filtering, Threat Emulation and Anti-Malware E2 DHS Blades now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process.

Enhancement: It is now possible to see the installed hotfixes in the Endpoint Security Clients UI.

Enhancement: Added support for the "SameFile" rule parameter for matching behavioral indicators.

Enhancement: Added sensor to detect attack initiation from emails.

Enhancement: Modified the ranking algorithm to detect only file wipers.

Enhancement: Improved stability of Endpoint Security Clients.

Enhancement: Remediation now returns a new status - "FileAlreadyQuarantined", if the file is already handled as part of the incident. Previously, Remediation manager showed "File already deleted", when files were quarantined.

Enhancement: Harmony Endpoint now supports Posture Automatic Deployment configured in policy.

Enhancement: The installer no longer switches the FDE Pre-boot type to FDE Smart Pre-boot (EA feature) by default, now it requires applying a specific policy prior to installation. When installed, switching the type of Pre-boot can be done in policy settings during regular operations, eliminating the need for upgrades for switching as it was in previous versions.

Enhancement: Improved the FDE database maintenance, preventing memory allocation issues during long running installations.

E88.10 - Released on 19 February 2024

Enhancement: Endpoint Security Client installer now supports the Czech, Greek, Ukrainian, and Portuguese languages.

Enhancement: The Client UI now sets the English language as the default if the provided LCID value corresponds to a language that is not officially supported.

Enhancement: Performance improvements of the anti-tampering mechanism for network drives accessed by users.

Enhancement: Improved remediation against persistent malware.

Enhancement: Improved the detection of malware masquerading.

Enhancement: Improved evasion techniques detections.

Enhancement: Improved the accuracy of wipers detection.

Enhancement: Improved the remediation process for detected DLLs.

Enhancement: Improved the detection of credentials theft.

Enhancement: Added support for advanced signatures.

Enhancement: Harmony Endpoint management now enforces a new Global policy if it is changed, and Endpoint Security Client applies URLS changes without a reboot.

Enhancement: Improved the detection of shadow copy creation.

Enhancement: The VSMON process now speeds up the opening of listen sockets by 20% when dealing with high network loads, like those encountered by DNS servers.

Enhancement: Wi-Fi card for the Lenovo L14 Generation 3 is now supported in FDE Smart Pre-boot (EA feature).

Enhancement: The TESvc service is now renamed to CPFileAnlyz (Check Point Endpoint Security File Analyzer).

E88.00 - Released on 22 January 2024
NEW: Harmony Endpoint now supports Microsoft Entra ID (previously Azure Active Directory) Domain Services.
Enhancement: Harmony Endpoint now sends hardware info to the Server.
Enhancement: Harmony Endpoint now supports uninstalling Trellix (as part of McAfee product). It can be done using the "REMOVEPRODUCTS" parameter.
Enhancement: Harmony Endpoint now supports Quarantine Management with the external Server API. 
Enhancement: Date format now consists of three letters of the month, followed by the day, year and time. For example, Oct 5, 2023 2:47 PM.
Enhancement: Endpoint Client now supports Windows 11 with Smart App Control on also when the machine is offline.
Enhancement: Anti-Malware E1 license is now updated automatically also on VDI and in Super Node environments.
Enhancement: The Anti-Malware E2 Blade now supports critical area scans.

Enhancement: Expanded Windows component monitoring, which translates to enhanced protection.

Enhancement: When detection occurs, the reports to Threat Hunting are now sent faster.

Enhancement: Performances improvements for advanced signatures.

Enhancement: Improved injections logic for better detections of malicious operations.

Enhancement: Improved the protections against advanced malware.

Enhancement: Silent signatures for leads are no longer forwarded to Threat Hunting to minimize the risk of the user confusing them with actual attacks.

Enhancement: Improved the AMSI exclusion mechanism.

Enhancement: Improved the AMSI performance on Exchange Servers.

Enhancement: Behavioral Guard and Forensic Blade now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process. Note: This functionality is available only for customers using Smart Exclusions.

Enhancement: Improved Behavioral analysis by scanning of event related data blocks.

Enhancement: SHA1 exclusions can now be used to exclude files based on the macro hash, similar to excluding a file using its regular hash. This feature expands the existing file exclusion capability by allowing targeted exclusions focused on the macro content instead of the entire file.

Enhancement: Improvement in the Posture Management Installation rate.

Enhancement: Application Control Custom Rules evaluation is optimized for performance.

Enhancement: Updated the Full Disk Encryption Smart Pre-boot Wi-Fi drivers.

Enhancement: The Full Disk Encryption Blade now supports users from Microsoft Entra ID, previously known as Azure Active Directory. See the Known Limitations section.

Enhancement: Full Disk Encryption Preboot now supports longer user names (up to 64 symbols) and passwords (up to 256 symbols), removing the previous 31-symbol limit. This change applies to user credential fields in both FDE Preboot and the FDE Recovery Tool.

Enhancement: Added browser-based Data Leak Prevention (DLP) capability for Early Availability (EA) customers. In the initial phase, when the browser extension is activated, security is enhanced through the scanning of both uploaded and downloaded files.