Harmony Endpoint for Linux Overview
Check Point Harmony Endpoint for Linux protects Linux Endpoint devices from malware, and provides Threat Hunting / Endpoint Detection and Response capabilities. The solution is centrally managed and can be used as a Management-as-a-Service or deployed on a local on-premises server.
For supported Linux versions and limitations, see sk170198.
|
|
Note - Starting in R81, the on-premises Endpoint Security Server supports Harmony Endpoint for Linux. To enable Harmony Endpoint for Linux, you must enable the Linux installation package flag as described in sk177250. |
Prerequisites
-
Available Internet access for the protected device.
-
For RHEL/CentOS, it is necessary to have access to EPEL (Extra Packages for Enterprise Linux) repository.
-
If the device has no internet access, you must enable access to certain URLs. For more information, see sk116590.
Key Threat Prevention Technologies
Anti-Malware
-
The Anti-Malware
A component of the Endpoint Security client that protects against known and unknown viruses, worms, Trojan horses, adware, and keystroke loggers. security engine detects trojans, viruses, malware, and other malicious threats. -
The engine is implemented as a multi-threaded flexible scanner daemon. It is managed centrally through a web-console.
-
In addition, it supports command line utilities for on-demand file scans, access functionality, and automatic signature updates.
-
Managed centrally through a web-console and also supports Command Line Utilities for on-demand file/folder scans, detection lists and file restorations
Endpoint Detection and Response (EDR) / Threat Hunting
-
Harmony Endpoint for Linux, updates Threat Cloud with Indicator of Compromise (IoC) and Indicator of Attack (IoA) events.
-
The Threat Hunting technology lets the administrators proactively search for cyber threats that made it through the first line of defense to the Linux Endpoint device.
-
Threat Hunting uses advanced detection capabilities, such as queries and automation, to find malicious activities and extract hunting leads of data.
-
Supporting events:
-
Process - start / stop
-
Files - create / delete / rename / open
-
Network - local connections, ports, DNS
-
Behavioral Guard
-
Dynamic analysis of malware executed on the Endpoint Client is performed based on the behavioral patterns of various attack types, including ransomware, cryptominers, and trojans.
-
Centrally managed via the web management platform.
-
Leverages a large set of constantly updated signatures to detect, prevent, and remediate modern attacks.
-
Features automatic signature updates powered by the latest intelligence, ensuring adaptation to emerging threats
Anti-Ransomware
Scans the endpoint for any encryption actions and blocks the action before encryption.
Forensics
Generates detailed analytics and interactive reports from threats and incidents, providing a comprehensive view of attack flows and actionable insights for effective remediation.
|
|
Note - It is available from version 1.20.7 and you must enable it manually. To do that, run:
|
Supported Linux Versions
|
Distribution/OS Version |
1.20.7 |
1.18.16 |
1.18.12 |
1.15.10 |
1.15.7 |
1.13.3 |
1.13.2 |
|---|---|---|---|---|---|---|---|
| Ubuntu 24.04 (64-bit) |
|
|
|
|
|
|
|
| Ubuntu 22.04* (64-bit) |
|
|
|
|
|
|
|
| Ubuntu 20.04* (64-bit) |
|
|
|
|
|
|
|
| Ubuntu 18.04* (64-bit) |
|
|
|
|
|
|
|
| Ubuntu 16.04 (64-bit) |
|
|
|
|
|
|
|
|
Debian Linux 12* (64-bit) |
|
|
|
|
|
|
|
|
Debian Linux 11* (64-bit) |
|
|
|
|
|
|
|
| Debian Linux 10* (64-bit) |
|
|
|
|
|
|
|
| Debian Linux 9* (64-bit) |
|
|
|
|
|
|
|
|
Red Hat Enterprise Linux |
|
|
|
|
|
|
|
|
Red Hat Enterprise Linux |
|
|
|
|
|
|
|
|
Red Hat Enterprise Linux |
|
|
|
|
|
|
|
|
Red Hat Enterprise Linux |
|
|
|
|
|
|
|
|
Alma Linux 9* (64-bit) |
|
|
|
|
|
|
|
|
Alma Linux 8* (64-bit) |
|
|
|
|
|
|
|
|
CentOS 8* (64-bit) |
|
|
|
|
|
|
|
|
CentOS 7* (64-bit) |
|
|
|
|
|
|
|
|
Oracle Linux 8* (64-bit) |
|
|
|
|
|
|
|
|
Oracle Linux 7* (64-bit) |
|
|
|
|
|
|
|
|
Amazon Linux 2 (64-bit) |
|
|
|
|
|
|
|
|
SUSE Linux Enterprise Server (SLES) 15* (64-bit) SP2 and SP3 |
|
|
|
|
|
|
|
|
SUSE Linux Enterprise Server (SLES) 12* (64-bit) |
|
|
|
|
|
|
|
|
OpenSUSE 15* |
|
|
|
|
|
|
|
|
OpenSUSE 42.3 |
|
|
|
|
|
|
|
|
Fedora 39¹ |
|
|
|
|
|
|
|
|
Fedora 38¹ |
|
|
|
|
|
|
|
|
Fedora 37 |
|
|
|
|
|
|
|
|
Fedora 36 |
|
|
|
|
|
|
|
|
Fedora 35 |
|
|
|
|
|
|
|
|
Fedora 34 |
|
|
|
|
|
|
|
*Also supports all the released Kernel Security Patches.
¹Only Anti-Malware support.
Linux Kernel Support
Harmony Endpoint for Linux supports the general-purpose Linux kernels included in standard Linux distributions. These kernels come by default with Linux distribution.
This excludes kernels that are:
-
Non default kernels
-
Unbreakable kernels
-
Appliance, for example, Exadata
-
Community based, for example, ELRepo
-
Custom Compiled kernels
-
Desktop and Gaming kernels