Harmony Endpoint Security Client E88.30 for Windows is now available as GA

JonnyRabinowitz — Mon, 22 Apr 2024 09:26:12 GMT

Happy to share!!

Check Point Harmony Endpoint Security Client E88.30 for Windows is now available as GA (General Availability). This release includes both enhancements and resolved issues.

Enhancements

Enhancements included in this release include the following:

Disable Capabilities Enhancements:

Within the “General” section of the “Client Settings” under policy, there is an option that can allow end users, to disable client capabilities from the client UI. There are two enhancements added to this capability:

Password: It is possible to define a password, that must be entered on the client UI, before capabilities can be disabled
Timeout: Period, defined in minutes, after which any detection capabilities disabled will be automatically restored to operation, if this was not previously done

Can see more information in the relevant section in the Administration Guide: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/Topics-HEP/General.htm#Disable_Capabilities

DNS Inspection Support:

The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point Threat Cloud engines for the analysis of DNS traffic. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process. Existing Anti-Bot settings apply to the DNS detections as well

CPInfo Collection to S3

“Push Operations” allow requests to be sent to specific clients. When selecting “Collect Client Logs” under “Agent Settings”, there is an additional option available to upload the log data (CPInfo) to Amazon Simple Storage Service (S3) where it can be later accessed

Ability to change Harmony Endpoint client's language from the management UI

Within the “User Interface” section of the “Client Settings” under policy, there are additional options that allow explicit selection of a language for utilization in the client UI. These options are in addition to the previously supported functionality which can still be enabled by selecting the “Default” option. When ‘Default’ is selected the client attempts to utilize the language as determined by the locale defined on the client. If language display for the locale is not supported on the client, then English will be used as the client language

Changes to Threat Emulation Blade

Previously, the Windows client included the “Threat Emulation” blade. This blade allowed for selection of the Detection Mode for “Files Threat Emulation” mode and this setting also implicitly set the Prevent / Detect mode for other capabilities that execute in the same blade, such as File Reputation and Static Analysis detections. The “Threat Emulation” blade was also required to be running when selection of E2 Anti-Malware engine was selected

This has now been changed as follows:

The “Threat Emulation” blade is now displayed in the client UI as the “File Protection” blade. This better reflects the broader set of capabilities it includes that are related to detections on files, of which “Threat Emulation” is only one capability
Within the “Advanced” policy settings for “Web &Files Protection” in “Threat Prevention Policy Settings” it is possibly to separately configure detection settings for each of the following:

Threat Cloud Reputation
Offline Reputation
Static Analysis

Office Files
Executable Files
DLL Files

Other Enhancements:

Added ability to update Static Analysis models and Offline Reputation hash lists (OFR)OFR offline. Refer to sk180690 for more details as to perform Offline Update.
EPS-56719: Improved the time it takes to upload events to threat hunting
Full Disk Encryption (FDE)

PIV Smartcard driver now supports IDEmia Cosmo 8.1 cards and compressed certificates.
Both the FDE classic Pre-boot and Smart Pre-boot flows are now refined to a smoother flow for visually impaired users.

Security Enhancements:

There are multiple security enhancements in this release including the following:

EPS-56439: The detection of ransomware is now faster. Implemented a new mechanism that can potentially pause and prevent ransomware encryption from occurring in certain scenarios, particularly during the initial stages of an attack.
Multiple enhancements to extended scope of behavioral indicators that can be created and improve their accuracy. This increases the coverage of distributed signatures

Please see sk182109 for the complete list of enhancements and resolved issues in this release

Also please feel free to reach out to me directly for any further clarifications and / or information on Early Access (EA) programs. Early Access programs for semi-isolated networks are continuing

Regards

Jonny Rabinowitz | Harmony Endpoint Product Manager
Check Point Software Technologies Ltd. | M +972.54.4970073 | jonnyr@checkpoint.com

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

cstueckrath — Wed, 24 Apr 2024 09:28:05 GMT

Hello Jonny,

there are some very good enhancements in this version. However, we observe being unable to register clients to our DNS-Servers when this version is installed. Lookups work fine, though.

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

JonnyRabinowitz — Wed, 24 Apr 2024 09:33:57 GMT

Thanks for the feedback. Note this release includes analysis of DNS requests. Can you please check whether you have any anti-bit detections related to these DNS messages?

====================================================================================================

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

cstueckrath — Wed, 24 Apr 2024 10:01:50 GMT

nothing in the logs.

If we disable Threat Prevention on the client we can register again, so it might be related to the current change in the Anti-Bot blade.

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

JonnyRabinowitz — Wed, 24 Apr 2024 10:18:36 GMT

sorry to hear that

if internal to C P can you send coinfo collected during issue

is customer can only recommend to open TAC case. If unicast me SR I will help to get it escalated

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

cstueckrath — Thu, 25 Apr 2024 11:31:43 GMT

Issue has resolved itself. All systems can register again. ¯\_(ツ)_/¯

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

the_rock — Thu, 25 Apr 2024 11:42:52 GMT

Tested in my windows VM, very good so far.

Andy

topic Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA in Endpoint

Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Re: Harmony Endpoint Security Client E88.30 for Windows is now available as GA