Installation and Upgrade Settings
The default installation and upgrade setting is that users can postpone the Endpoint Security Client installation or upgrade.
You can change these settings:
-
Default reminder interval - Set the time, in minutes, after which users are reminded to install the client.
-
Force Installation and automatically restart after - Set the time, in hours, after which the installation starts automatically.
-
Maximum delay in download of packages - Set the maximum number of hours an end user can postpone the Endpoint Security Client installation or upgrade.
Agent Uninstall Password
You can allow a user to uninstall the Endpoint Security client on their remote Windows computer.
Agent Uninstall Password is the password you use to uninstall the client. The password protects the client from unauthorized removal. The password can only contain English letters in lower or upper case, and these special characters: 0-9 ~ = + - _ ( ) ' $ @ , .
The default uninstall password is "secret".
Best Practice - For security reasons, we strongly recommend that you change the default uninstall password.
Local Deployment Options
When you use Automatic Deployment, you can configure clients to use local storage to upgrade Endpoint Security clients. This lets administrators use Automatic Deployment, without the need for each Endpoint Security client to download a package from the Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data.
This is only supported on Windows clients.
Note - If local deployment is enabled for a client, the administrator can still choose whether clients try to download packages from the Endpoint Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. if packages are not found in local storage. This option is called: Enable Deployment from server when no MSI was found in local paths.
To enable Deployment with a locally stored package:
-
Upload each package to the Package Repository of the Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..
-
Put the same packages in local storage location on client computers, for example:
C:\TEMP\EPS\32bit\EPS.msi
-
Go to the Policy view > Client Settings > Installation > Deployment from Local Paths and URLs
-
Select Allow to install software deployment packages from local folders and URLs.
-
Optional: Select Enable Deployment from Server when no MSI was found in local paths. When selected, if no MSI file is in the local paths or URLs, the client checks the Endpoint Security Management Server for packages.
-
Click Deployment Paths and add the package or patch location.
-
Click OK.
-
Go to Deployment Policy > Software Deployment, and create or edit a deployment rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. which includes the package version.
-
Click Save
-
Install Policy to deploy the rule to the clients.
Note - If the version of the Endpoint Security client in the Deployment rule and in the local file path is not the same, the client is not deployed. If the version on the server and in the local file path are not the same, an error shows.