Uploading Client Packages to the Repository

Upload new client versions to the Package Repository on the Endpoint Security Management Server.

Endpoint Security Client packages contain the components (also known as Blades) to be installed on Endpoint Security clients.

There are a few client packages available for each client release. We recommend that you use the Dynamic Package. This is is a self-extracting executable (*.EXE file) that contains all components. Other packages are either EPS.MSI files for Windows or zip files for macOS, that contain different permutations of components.

When you upload packages to the repository on the Endpoint Security Management Server, they are stored by default at $FWDIR/conf/SMC_Files/uepm/msi

After you upload a package to the repository, you can choose the components that you want to install on the clients. You can then deploy the packages in one of two ways:

  • Automatically, using deployment rules.

  • Manually, after exporting the packages.

These are the client packages. Some may not be available for your client release.

The Dynamic Package is a self-extracting executable EXE file. All other packages are either EPS.MSI files for Windows or zip files for macOS.

After you upload the packages to the repository, they are stored by default at $FWDIR/conf/SMC_Files/uepm/msi

Directory

Package

NEWDA

Initial client

This is a very thin client without any components. Used for software deployment.
Dynamic

Complete Endpoint Security Client for any CPU (32-bit or 64-bit). This is a self-extracting executable EXE file with all components (Blades).

Only the components you select are part of the exported package, so that it can be much smaller than an exported Windows MSI package. In contrast, MSI packages include all the components in the smallest package in the repository that contains the selected components. You can also configure the Dynamic Package so that it includes only the installation prerequisites that you need, for example .NET or Anti-Malware signatures.

Dynamic packages are optimized for upgrades, so the package that is downloaded to the Endpoint Security client includes only the changes from the installed version. This results in a significant decrease in network traffic. A typical download size for an upgrade using the Dynamic Package with all components is less than 200 MB, compared to hundreds of MB for an MSI package.

Best Practice - Use the Dynamic Package for your client release.

Dynamic packages are available for release E82.40 and higher. To use Dynamic Packages for releases E81.40 to E82.30, open a Service Request on the Check Point Support Center.

ATM

Endpoint Security client for unattended machines, such as ATMs (automated teller machines for bank customers). It runs without a GUI. To learn how to use this package, see sk133174.

Master_FULL_E1

Complete Endpoint Security Client for 32-bit systems

Master_FULL_E1_x64

Complete Endpoint Security Client for 64-bit systems

Master_FULL_NO_NP

Complete Endpoint Security Client without Anti-Malware for 32-bit systems

Master_FULL_NO_NP_x64

Complete Endpoint Security Client without Anti-Malware for 64-bit systems

Master_SBA

SandBlast Agent Client for 32-bit systems

Master_SBA_x64

SandBlast Agent Client for 64-bit systems

Master_ENCRYPTION

Full Disk Encryption and Media Encryption & Port Protection Client for 32-bit systems

Master_ENCRYPTION_x64

Full Disk Encryption and Media Encryption & Port Protection Client for 64-bit systems

Master_TP

Threat Prevention Client for 32-bit systems:

  • Desktop Firewall and Application Control

  • Anti-Malware

  • Forensics and Anti-Ransomware

  • Anti-Bot

  • Threat Emulation

  • Compliance

Master_TP_x64

Threat Prevention Client for 64-bit systems:

  • Desktop Firewall and Application Control

  • Anti-Malware

  • Forensics and Anti-Ransomware

  • Anti-Bot

  • Threat Emulation

  • Compliance

  1. Open SmartEndpoint and connect to the Endpoint Security Management Server.

  2. In the Deployment tab, click Software Deployment Rules.

  3. In a Deployment rule, in the Actions column, click an Endpoint Client Version or Do Not Install, and select Manage Client Versions.

In the Package Repository, for Dynamic Packages, the Platform is Any CPU. For other packages the Platform is either 64 bit or 32 bit.

Important -

  • For each release you must choose the type of package you want to use: Either a Dynamic Package or an MSI package. It is not possible to upload to the repository two types of package for one client release.

  • Package deployment fails if you upload both the Dynamic Package and the initial client to the same repository. Upload either one of the files.

  1. Open SmartEndpoint and connect to the Endpoint Security Management Server.

  2. In the Deployment tab, click Software Deployment Rules.

  3. In a Deployment rule, in the Actions column, click an Endpoint Client Version or Do Not Install, and select Manage Client Versions.

  4. Click an option:

    • Load the latest supported client version from the internet - Download a zip file that contains the most recent packages from the Check Point Support Center.

    • Load a folder containing client installers - Select a folder that contains packages from your network.

    • Load client installer file - Select one package file to upload. The Dynamic Package has the .exe extension

    • Delete package - Select a package to delete, and click this. Select Save. If the package is in use, a message shows that you cannot delete it.

    In the Package Repository, for Dynamic Packages, the Platform is Any CPU. For other packages the Platform is either 64 bit or 32 bit.

After you upload a Dynamic Package to the repository, you can configure the package to further reduce the size of the package that installs on the Endpoint Security clients.

  1. Open SmartEndpoint and connect to the Endpoint Security Management Server.

  2. In the Deployment tab, click Packages for Export.

  3. Select a Dynamic Package. Those are the packages that have Dynamic package Additional Settings Additional Settings in the Settings column.

  4. In the Settings column, select Dynamic package Additional Settings Additional Settings and click Advanced Package Configuration.

  5. In the Configure Package window, configure these options:

    Page

    Option

    General

    Disable the Endpoint Security Client's user interface - For unattended machines, such as ATMs. To learn about packages for ATMs, see sk133174. By default, the client user interface is included in the package.

    Dependencies

    Select the dependencies to include in the package:

    • .NET Framework 4.6.1 Installer (60MB) - Recommended for Windows 7 computers without .NET installed.

    • 32-bit support (40MB) - Selected by default. Recommended for 32-bit computers.

    • Visual Studio Tools for Office Runtime 10.0.50903 (40 MB) - Recommended if the package includes Capsule Docs.
    Anti-Malware

    Choose the signatures to include in the package. This choice determines the level of Anti-Malware protection from the time that a client gets the package until it gets the latest Anti-Malware signatures from the signature provider.

    • Include Full Signatures - Recommended for installing on computers without high-speed connectivity to the Anti-Malware server.

    • Include MIN Signatures -Selected by default. Recommended for a clean installation on computers that are connected to the Anti-Malware server.

    • Include NONE signatures - Recommended for upgrades only.

  6. Click OK

  7. In the SmartEndpoint toolbar, click Save.