Jump to main content
R81.20
Check Point
Endpoint Security Web Management
Administration Guide
Index
R81.20 Endpoint Security Web Management Administration Guide
Search
Important Information
Introduction to Endpoint Web Management
API Support
Logging into
Endpoint Web Management Console
Reconnect Tool
Supported Operating Systems for the
Endpoint Security
Client
Microsoft Windows Server
macOS
Support Information
Linux
Deploying
Endpoint
Clients
Installation Token
To enable token-limited registration
Automatic Deployment of Endpoint Clients
Automatic Deployment of Endpoint Clients
Troubleshooting Issues with the
Tiny Agent
on Windows OS
Endpoint Setup Error Messages
Log File Location
Endpoint Security Component Package
Deployment Rules
To create new deployment rules for automatic deployment
Manual Deployment of Endpoint Clients
Using the Export Package
Export the package or file
Installing the Exported Package or Client
Adding a New VPN Site to an Exported Package
Remote Installation of
Initial Client
Setting the
Deployment
Agent
Certificates and DNS
Privileges
Setting the Target Devices
Other AV Solutions
Enable Access to the Task Scheduler Through the Windows Firewall in a Domain Profile
Remotely Installing the
Initial Client
To install the Initial Client remotely from the "Push Operations" view
To install the Initial Client remotely from the Computer Management view
Windows Task Scheduler on endpoint devices
Security Considerations
Progress of Installation and Error Handling
Ports and Permissions
Upgrades
Heartbeat Interval
Monitoring
Endpoint Security
Deployment and Policy
Configuring Alert Messages
Configuring an E-mail Server
Uninstalling Third-Party
Anti-Virus
Software Products
Manually uninstall Symantec, McAfee, or Kaspersky
To uninstall Symantec, McAfee and Kaspersky together manually
To uninstall any other Anti-Virus software manually
Uninstalling a product using an updated Products.json file
Managing
Administrators
for the
Endpoint Web Management Console
To switch between accounts
Managing Users in Endpoint Security
Viewing Computer Information
Select a View
Creating a Custom View
Status Icon
Filters
Endpoint Device Filters
Computer Status Attributes
Endpoint Status Fields
Endpoint Data Fields
Working with the Computers Table
Managing Computers
General Actions
The Overview View
Operational Overview
Reports
Generate Report
Scheduled Reports
Announcements
Managing Devices
Managing Storage and Peripheral Devices
Managing Storage Device Groups
Using Wild Card Characters
Viewing Events
Viewing Endpoint Posture
Vulnerabilities by Severity
Top 5 Risky Apps
Top Vulnerable Devices
Patches By Status
Vulnerability Assessment Table
Device and Application View Reference
Patch Status Messages
Device Details Widget
CVE Details Widget
Scanning Devices
Mitigating Vulnerable CVEs
Isolating a Device
Applying the Patch for CVEs
Verifying the Applied Patch
Configuring Endpoint Policy
Policy Mode
Configuring the
Threat Prevention
Policy
Policy Rule Definition Reference
Policy toolbar options
Web & Files Protection
URL Filtering
Add a URL to the blacklist
To search for a URL
To import URLs from an external source
Export a list of URLs
Download (Web) Emulation & Extraction
Credential Protection
Files Protection
Behavioral Protection
The
Anti-Bot
Component
The
Behavioral Guard
&
Anti-Ransomware
Component
The
Anti-Exploit
Component
Analysis & Remediation
Remediation & Response
Optimizing the Endpoint Security Client for Servers and Profiles
Optimizing the
Endpoint Security
Client for Servers
To automatically optimize the Endpoint client for a server
Quarantine Management
Known Limitations
Supported Actions
Endpoint
Quarantine Manager
Deleting a Quarantined File
Restoring a Quarantined File
Sending a File to Quarantine
Importing a Quarantined File
Endpoint Security
Client Device Restart Requirements
Configuring the Data Protection Policy
Configuring Full Disk Encryption
The Policy rule consists of these parts
Policy toolbar options
Disable Full Disk Encryption
Disk Encryption for Windows
Authentication before the
Operating System
Loads (Pre-boot)
Settings
Advanced Pre-boot Settings
User Authorization before Encryption
User Assignment
Smart Pre-Boot
Enable Smart Preboot
Easy Unlock
Self Unlock
Passwordless
Pre-boot
Authentication
Enable passwordless preboot authentication
Single Sign-On
with
OneCheck Logon
BitLocker Encryption for Windows Clients
Configuration options
Taking Control of Unmanaged
BitLocker
Devices
FileVault Encryption for
macOS
Global Policy Settings for
Full Disk Encryption
Check Point
Full Disk Encryption
Self-Help Portal
Activating the Self-Help Portal
Configuring the Self-Help Portal
User Settings for the Self-Help Portal
Monitoring the Self-Help Portal Policy
Configuring Media Encryption and Port Protection
Configuring the Read Action
To configure the Read action
Import exclusions
To export exclusions
Configuring the Write Action
Configure the Write action
To import exclusions
Export exclusions
Configuring Business-Related File Types
See the list of business-related and non-business-related file types
Configure business and non-business related file types
Configuring Authorization Settings
Managing Devices
To manually add a new device
To add an exclusion to a device
Managing Groups
Using Wild Card Characters
Advanced Settings for Media Encryption
UserCheck Messages
Advanced Encryption
Site Configuration
Media Lockout (Lockout Settings)
Offline Access
Password Constraints
Media Encryption Remote Help
Port Protection
To create a new Port Protection rule
Global Policy Settings for
Media Encryption
Configuring
Access & Compliance
Policy
Firewall
Configuring
Security Zones
Configure a Trusted Zone
Configuring Firewall Rule Advanced Settings
Configuring Inbound/Outbound Rules
Inbound Traffic Rules
Outbound Traffic Rules
Parts of Rules
Editing a Rule
Deleting a Rule
Managing
Firewall
Objects and Groups
Supported Object Categories
Creating Objects
Used In
Configuring the Application Control Policy
Creating the List of Applications on the Reference Device
Collect a list of applications on the reference device
Appscan
Command Syntax
Uploading the
Appscan
XML File to the
Endpoint Security Management Server
Configuring Application Permissions in the
Application Control
Policy
Supported Actions
Configure terminate settings
App Rules
Custom Rules
Disabling or Enabling Windows Subsystem for Linux (WSL)
Developer Protection
Configure Developer protection
Exclusions to Developer Protection
Compliance
Planning for Compliance Rules
Configuring
Compliance
Policy Rules
Ensuring Alignment with the Deployed Profile
Compliance Action Rules
Check Objects
Compliance Remediation Objects
Create or change a Remediation object
Service Packs for
Compliance
Ensuring that Windows Server Updates Are Installed
Detecting Common Vulnerabilities and Exposures
Configuring Posture Assessment Settings
Anti-Virus
for
Compliance
Monitoring
Compliance
States
About to be Restricted State
Configuring Global Policy Settings
Share Data
Full Disk Encryption
Configuring Client Settings
User Interface
Pre-Boot Images
Windows Background Image
Customized Client Image
Customized Browser Block Pages
Log Upload
Installation and Upgrade Settings
Agent Uninstall Password
Local Deployment Options
Authenticated Proxy
Sharing Data with
Check Point
Connection Awareness
Super-Node
Configure a Super Node through the toolbar
Disable Capabilities
General Network Protection
Push Operations
Connected, Disconnected and Restricted Rules
Backward Compatibility
Import or Export Policies
Exporting Policies
Importing Policies
Capabilities of Offline Client
Performing Data Recovery
Check Point
Full Disk Encryption
Recovery
Full Recovery with Recovery Media
Full Disk Encryption Drive Slaving Utility
BitLocker
Recovery
To get the recovery key for a client computer
FileVault Recovery
Password Reset using a Personal Key
Decrypt and recover a FileVault-encrypted Mac with APFS
For a volume formatted as CoreStorage on macOS 10.12 or higher
Giving Remote Help to Full Disk Encryption Users
Managing
Active Directory
Scanners
Required Permissions to Active Directory
Required configuration for domains
Organization Distributed Scan
Full
Active Directory
Sync
Active Directory
Authentication
Configuring Active Directory Authentication
UPN Suffixes and
Domain
Names
Configuring Alternative
Domain
Names
Troubleshooting Authentication in Server Logs
Troubleshooting Authentication in Client Logs
Managing
Virtual Groups
Add a device to a
virtual group
Certificate Management
Add a new certificate
Anti-Malware Updates
Viewing Logs
Exporting Logs
Export logs from the web management interface
Creating Security Certificates for TLS Mutual Authentication
Query Language Overview
Forensics Data
Sending Forensics Data to Third-Party Analytics Tool
Downloading
Forensics
Reports
Download the forensics report of an event
Endpoint Security
for Linux
Endpoint Security
for Linux Overview
Deploying
Endpoint Security
for Linux
Configuring a Proxy Server on the
Endpoint Security Management Server
Downloading the Installation Script
Endpoint Security
for Linux CLI Commands
Quarantine Commands
Scans & Detections
Logs
Uninstall
Endpoint Security
for Linux
Endpoint Security for Linux Additional Information
Endpoint Security
for Windows Virtual Desktop Infrastructure (VDI)
Software Blades
for Persistent Desktops
Creating a Basic Golden Image for Persistent Desktops
Configuring Clients for Persistent Desktops
Creating a Pool for Persistent Desktops
General
Shared Signatures Server
Configuring Clients for Non-Persistent Desktops
Creating a Pool for Non-Persistent Desktops
Disabling the
Anti-Malware
Periodic Scan
Software Blades
for Non-Persistent Desktops
Basic Golden Image Settings
Assigning Policies to VDI Pools
Limitations
Disabling the
Anti-Malware
Periodic Scan
Advanced Settings for Persistent Desktops
Advanced Settings Non-Persistent Desktops
Configuration with the Script
Configuration with the Script
Disabling the
Anti-Malware
Periodic Scan
Advanced Settings for Persistent Desktops
Advanced Settings Non-Persistent Desktops
Configuration with the Script
Configuring the Client Machine
Configuration with the Script
Endpoint Security for Terminal Server / Remote Desktop Services
Limitations
Deploying the Endpoint Security Client on a Terminal Server / Remote Desktop Service
Best Practice to Enable Software Blades
Recent Tasks
Known Limitations
Appendix
Appendix A - Deploying
Endpoint Security
Client using SCCM
Step 1: Create the
Endpoint Security
Windows Application in SCCM
Step 2: Deploy the
Endpoint Security
Windows Application in SCCM
Appendix B - Uninstalling the Endpoint Security Client (For macOS and Windows)
Appendix C - Deploying
Endpoint Security
Client Using
Microsoft Intune
Use Case
Prerequisites
Preparing the
Endpoint Security
Client Windows Package for Deployment
Endpoint Security
Configuration
Creating the Endpoint Security Client Windows App in Microsoft Intune
Appendix D - Microsoft Intune Wipe and Windows Reset with Full Disk Encryption
25 June 2026
© 2022 - 2026 Check Point Software Technologies Ltd.