General

Authenticated Proxy

If you have a proxy server to authenticate access to a resource:

  1. Go to Policy > Client Settings > General > Authenticated Proxy.

  2. Enter:

    • Proxy - Proxy server address in the format address:host. For example, 192.168.79.157:3128

    • Username - User name for the proxy server.

    • Password - Password for the proxy server.

  3. Click Save.

Sharing Data with Check Point

Clients can share information about detected infections and bots with Check Point.

The information goes to ThreatCloud, a Check Point database of security intelligence that is dynamically updated using a worldwide network of threat sensors.

ThreatCloud helps to keep Check Point protection up-to-date with real-time information.

Note - Check Point does not share any private information with third parties.

To share the data with Check Point ThreatCloud:

  1. Go to Policy > Client Settings > General > Sharing Data with Check Point.

  2. Enable anonymized telemetry - Select to enable sharing information with Check Point.

    Select or clear any of these options:

    • Anonymized forensics reports - Forensics reports include a lot of private identifiable information. This option lets customers anonymize this information.

    • Files related to detection - Select to allow Check Point learn more about the attacks through metadata.

    • Memory dumps related to detections - Select to allow sharing memory dumps from the RAM with Check Point.

  3. Click Save.

Connection Awareness

Connection Awareness - Connection awareness controls how an endpoint enforces its Connected or Disconnected policy. By default, the client checks connectivity to the Endpoint Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. to determine its connectivity state. Alternatively, the administrator can configure the client's connection status by checking its connectivity to a different network component, for example, a web server or a router, through ICMP packets or HTTP/HTTPS/IPv4 requests. If the client can connect to the network component, then its connection status is Connected. Otherwise, its connection status is Disconnected.

To configure the connection awareness setting:

  1. Go to the Policy > Client Settings > General > Connection Awareness.

    The Connection Awareness feature allows the administrator to choose between two options:

    1. Connected to management - The client's status is Connected if it is connected to the Endpoint Security Management Servers. This is the default mode.

    2. Connected to a list of specified targets - The client's status is Connected if it is connected to the specified target (network component) regardless of its connection to the Endpoint Security Management Servers.

      If you do not specify a disconnected policy for these addresses, the user is automatically considered connected.

  2. Click Save.

Notes:

Super-Node

What is a Super Node?

A Super Node is a Windows device running a specially configured Endpoint Security Client that also consists of server-like and proxy-like capabilities, and which listens on port 4434 and port 3128 to proxy by default. Super Node is a light-weight proxy (based on NGNIX) that allows admins to reduce their bandwidth consumption and enable offline updates, where only the Super Node needs connectivity to the update servers.

Super Node Workflow

When a device is assigned as a super node and has the supported blades installed, it downloads signatures from the sources defined in the policy and stores a local copy. This local copy serves as the signature source for other Endpoint Security Clients.

When an Endpoint Security Client initiates an update, it follows this process:

  1. The Endpoint Security client checks for the latest signatures from a randomly selected super node listed in the Client Settings > General policy.

  2. If the update fails with the chosen super node, the Endpoint Security client attempts the update with another super node in the list.

  3. If the update fails with all the super nodes listed in the General Client Settings policy, the Endpoint Security client will update directly from the sources specified in the policy.

Primary Advantages:

  • Reduces site bandwidth usage.

  • Reduces server workload.

  • Reduces customer expense on server equipment, as there is no need for a local appliance.

  • Improved scale.

Notes -

  • Super Node is available in both Domain and Work group environments.

  • If the Endpoint Security client configured as a super node is of a lower version than its connection clients, the super node will return a 404 error response when a connection client tries to download the policy signatures. In this case the connection client downloads the signatures from the fallback location.

Supported Features

Endpoint Security Client Version

Features Supported
E85.30 and higher

  • Downloading the software upgrades for Windows installer (MSI) packages from the super nodes.

  • Super node tries to cache the requested files in the local folder.

    Note - The files are cached based on the available free space in the super node device and the cache size configured.
E85.40 and higher

  • Downloading the software upgrades for Dynamic (EXE) packages from super nodes.

  • Downloading Behavioral-Guard & Static Analysis signature updates from super nodes.
E86.10 and higher Downloading client policies and policy changes from super nodes.
E87.00 and higher Harmony Endpoint Security ClientClosed Application installed on end-user computers to monitor security status and enforce security policies. for macOS can be configured to create a local mirror of the Anti-MalwareClosed A component on Endpoint Security Windows clients. This component protects clients from known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. signatures which can be used as a signature source for other Endpoint Security clients for macOS.

E88.70 and higher

Super node proxies are supported for offline environment.

Limitations

  • By default, the cache max size is 4 GB and will automatically purge files after 7 days of inactivity. Files stored for a longer time without access are removed from cache.

  • Super Node requires an addition of approximately 350 MB to operate properly.

To configure a Super Node:

For Management Servers supporting Manage Super Nodes capability:

  1. Go to Policy > Client Settings.

  2. From the toolbar, click Manage Super Nodes.

    The Manage Super Nodes page is displayed.

  3. Click + and select the devices you want to define as Super Nodes and then click Add.

    Note - You can also use the search bar to search for a device or devices that you want to define as Super Nodes.

    Widgets are created for each entities selected as super nodes.

  4. To edit the maximum number of concurrent connections a super node can handle simultaneously:

    Notes -

    • This feature is supported only on Endpoint Security Client versions E88.70 and higher.

    • The default value of maximum number of simultaneous connections is 5000.

    1. In the super node widget, click Edit.

      The Edit Concurrent Connections window is displayed.

    2. In the Max number of concurrent connections field, enter the maximum number of concurrent connections the super node can handle.

    3. Click OK.

  5. After selecting the devices and configuring concurrent connections, click Save.

    Note - Configuring a device as a Super Node does not require policy installation.

  6. Go to Client Settings and select the required ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session.. In the Capabilities & Exclusions pane, click General and scroll-down to Super Nodes section.

  7. Click + and add Super Nodes with all its specific devices to the relevant Client Settings rule.

  8. Click Save and install the rule.

Note - Super Node settings are rule dependent. It means that Super Nodes defined in the General tab will be applied only to devices which are related to a specific rule.

To configure a super node proxy for offline environment:

Super node proxy configuration is available for Endpoint Security Clients version 88.70 and higher.

Notes -

  • (Recommended) Do not configure more than five proxies in the Client Settings.

  • Super node itself requires internet access.

  1. After installing Harmony Endpoint, configure a device with the internet access to be a super node.

  2. From this device configure the super node policies for the devices without access to internet.

  3. Create an Export package.

  4. Install the package with the super node policy on the device without access to the internet.

Limitations of the Super node proxy:

Super node proxy do not support:

Disable Capabilities

Disable Capabilities allows users to turn on or turn off capabilities, such as Threat Prevention, ComplianceClosed Check Point Software Blade on a Management Server to view and apply the Security Best Practices to the managed Security Gateways. This Software Blade includes a library of Check Point-defined Security Best Practices to use as a baseline for good Security Gateway and Policy configuration., and so on in the Endpoint Security client.

Note - If the Endpoint Security Client device is restarted, the option to enable or disable the capabilities will only be available after five minutes.

To allow users to disable capabilities:

  1. Go to Policy > Client Settings > General > Disable Capabilities.

  2. Select the capabilities that can be disabled by the user on the client.

  3. To enable the disabled capabilities automatically after a set interval of time:

    Note - This is supported only on Windows with Endpoint Security client version E88.30 and higher.

    1. Select the Set timeout checkbox.

    2. In the timeout field, enter the time in minutes.

  4. To allow users to disable the capabilities only after entering a password, select the Protect by password checkbox.

    Note - This is supported only on Windows with Endpoint Security client version E88.30 and higher.

    1. Click Manage Disable Capabilities Protect Password.

      Note - Optionally, from the taskbar, click Manage and select the Manage Disable Capabilities Protect Password from the list.

    2. In the Password field, enter a password and re-enter the password in the Confirm Password field.

      Note - Make sure the password is at least eight characters long, without spaces, and includes:

      • An uppercase letter

      • A lower case letter

      • A number.

    3. Click OK.

  5. Click Save & Install.

Network Protection

You can let users disable network protection on their computers.

Network Protection includes these components:

To configure network protection alerts:

  1. Go to the Policy > Client Settings > General > Network Protection.

  2. You may select Allow users to disable network protection on their computers - To disable network protection.

  3. In the Network Protection section, select or clear these options for each Firewall and Application Control:

    • Allow Log - To generate logs for events.

    • Allow Alert - To generate alerts for events. You must also select this to use Alert in the Track column of Firewall rules.

  4. Click Save.

Push Operations

Push Operations are operations that the server pushes directly to client computers with no policy installation required. You can set the minimum time interval between status updates of Push Operations.

For more information, see Performing Push Operations.

To set the minimum time interval between status updates of Push Operations:

  1. Go to the Policy > Client Settings > General > Push Operation.

  2. Set the Minimum interval between status updates of Push Operations.

  3. Click Save.