cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Jeff_Gao
Jeff_Gao inside Endpoint Security Products yesterday
views 293 6

Endpoint Security client license is not available

Dear all        I have install endpoint client,but the client prompt "The Endpoint Security client license is not available.Contact your administrator",as follow: But i have install eval license and windows client also can connect to smartendpoint server.I also try update ,but can not update windows client can connect to smartendpoint server by 443.What is the reason?thanks!
Mahdi_Haghani
Mahdi_Haghani inside Endpoint Security Products yesterday
views 273 2

MFA for remote VPN users

Hi Guys,In my organization we have many people that using checkpoint VPN software to connect to work space.Could we make the authentication more secure with some kind of the MFA? Looking for some solution purely by checkpoint if its possible.Would appreciate if you can share your experience.Regards,Mahdi 
Hrvoje_Brlek
Hrvoje_Brlek inside Endpoint Security Products Wednesday
views 163 5

Enable any port on Register to Hotspot (SmartEndpoint or Global Properties)

Hi,We are using Endpoint Security clients from E80.87 to E82.10, on approximately 1000 users. Our firewall gateway is on version R80.30, and our Endpoint Security Management Server is also on R80.30 (with two external Endpoint Policy Servers). As we have a lot of roaming users we need the ability to use the Register to Hotspot functionality with all ports open during the registration.I followed the sk41586 and defined the any_port through GuiDBedit tool, and applied it on the Global Properties (see attachment below) on the firewall gateway. But, as we are using the SmartEndpoint console, there is also the ability to define the ports to be used for Hotspot registration (Policy -> Allow hotspot registration). How can I define the any_port through SmartEndpoint, what value do I have to use (see attachment below)? There is no description in the admin guide what to use for any port if you define it through SmartEndpoint. And the thing that confuses me the most. What configuration will be applied on the client side when connected to VPN, the one defined on the gateway in Global Properties or the one defined in the SmartEndpoint Policy? Below is the configuration I get in trac.config when I connect to the VPN:<PARAM fw_hotspot_ports="&lt;any_port>"></PARAM><PARAM fw_hotspot_ports="443"></PARAM><PARAM fw_hotspot_ports="80"></PARAM><PARAM fw_hotspot_ports="8080"></PARAM><PARAM fw_hotspot_ports="8080"></PARAM><PARAM fw_hotspot_ports="8444"></PARAM> Thanks,Hrvoje  
Altor
Altor inside Endpoint Security Products Wednesday
views 2796 17

Endpoint Security VPN Catalina

Hi!I have a problem with my Endpoint Security VPN.Yesterday updated to Catalina and now I cant use your VPN.I believe it is a problem with 32/64 versions.Can you tell me are you going to fix it somehow in nearest time?And I just cant delete your software or re-install it - it gives me "Bad CPU type in executable" when I use your uninstaller.So I'm finding myself in situation in which I cant delete or install your soft.
Pantsu
Pantsu inside Endpoint Security Products Wednesday
views 138 3

checkpoint mobile access vpn in linux centos

hello i want to install checkpoint mobile access vpn client in linux (centos) machine, how  can  i do it ?  
John_Yee
John_Yee inside Endpoint Security Products Tuesday
views 104 3

Media Encryption - Not able to open the Business Data side of an encrypted drive offline.

With an off brand 2 TB drive we are able to encrypt the drive but get an error trying to access it out of network/offline. The user gets an error saying "The version of this file is not compatible with the version of windows you are running.". The drive was encrypted on Windows 10 Enterprise 1803 64bit with an E81 client. The user's laptop is Windows 7 SP1 64bit. Anyone seen this before? Any ideas what it might be?
Alex_Gilis
Alex_Gilis inside Endpoint Security Products Monday
views 373 5 1

LDAPS and cloud-based Endpoint servers

Is there a procedure similar to sk84620 for cloud-based EPS running on portal.checkpoint.com?I can't realistically ask a customer to use LDAP for organization scanners in clear text over an Internet connection.
Caroline
Caroline inside Endpoint Security Products Monday
views 148 2

Connexion without SMS code

Hi mates, (Pardon my english, I'm french 🙂 )When I connect to checkout vpn I receive a SMS code to enter but I hade my phone stolen today so I can't receive any sms. Do you know if there is another option to connect to checkpoint ? Thank you 🙂Caroline 
kstenger
kstenger inside Endpoint Security Products Friday
views 198 3

MEPP logs in Splunk

Greetings I was wondering if anyone in the group knows of a method to export the Media Encryption and Port Protection MEPP user activity logs to Splunk? Thanks Kevin
Chinmaya_Naik
Chinmaya_Naik inside Endpoint Security Products a week ago
views 277 3

Media Encryption offline Encrypted file access without Checkpoint Agent Installed

Hi Team,GAIA OS: R80.30Endpoint Client: E81.40Blade Enable: Media EncryptionRefer Sk: sk148453We are testing media encryption on one of our customer environments.We successfully encrypted business data in the Pendrive but unable to access from the machine where checkpoint endpoint in not installed and also that machine is not a part of the current organization.So basically we are using Media Encryption Offline Access utility (called as AccessToBusinessData).As far I know once we encrypted the business data or nonbusiness data depend upon the policy that I configure, then we see an application called as Access To Business Data (Name with space) showing inside the Pendrive once the encrypted was completed.Also, I can download the Media Encryption Offline Access utility AccessToBusinessData (Name without space).I try to use both applications but got the below error.01020304Pls, help to find out the solution.Regards@Chinmaya_Naik   
Tal_Eisner
inside Endpoint Security Products a week ago
views 337 2 2
Employee+

Forrester names Check Point a Leader in Endpoint Security Suites

    Forrester Research, Inc. conducted an extensive, in-depth analysis of endpoint security features amongst 15 different enterprise cyber security solutions. They evaluated 25 criteria, including malware prevention, data security, mobile and a zero-trust framework alignment.Check Point’s SandBlast Agent supplies a comprehensive enterprise endpoint security solution, assuring organizations are protected from advanced zero-day attacks. Some key features of the solution include Threat Emulation, Threat Extraction, Anti-Ransomware, Zero-Phishing, and more.The criteria in which Check Point obtained the highest possible scores in Enterprise Endpoint Security were: Malware prevention Exploit prevention Secure configuration management Data security Mobile Zero-trust framework alignment Download the report to learn about Forrester’s evaluation of the endpoint security market and why Check Point was recognized as a leader.From the report:“Check Point’s focus on integrating the endpoint security capabilities with its network security portfolio has led to one of the tightest integrations between the two layers in this study, helping customers to enforce a Zero-Trust approach on their endpoint devices.”The Forrester Wave™: Endpoint Security Suites, Q3 2019
Ami_Barayev1
inside Endpoint Security Products 2 weeks ago
views 208 1
Employee+

Endpoint Security / SandBlast Agent Newsletter - Version – E82.10

We recently released SandBlast Agent E82.10!   E82.10 introduces mainly stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk163578   Support for Windows 10 19H2 Microsoft released Windows 10’s November 2019 Update, codenamed 19H2, on November 12. Also known as Windows 10 version 1909 SandBlast Agent E82.10 is supported on that release Windows 10 19H2.   Main Fixes and enhancements   Threat prevention and Anti-Malware Fixes an issue where symbolic links with Anti-Ransomware honeypot restoration may allow Denial of Service attacks. Older Anti-Ransomware honeypots are now deleted on upgrades. Fixes an issue where Anti-Ransomware honeypots are not created on newer locations like program data and app data, when upgrading from an earlier version of the product. Fixes an Anti-Ransomware False Positive that can occur due to the VMware Horizon Persona Management application. Improves performance of the injection sensor when many processes are launched in a short period of time. Fixes an issue that may cause the Forensics Analysis to include benign processes when NVIDIA processes are launched prior to the Logon screen appearing. Fixes an issue where the entire Forensic incident is not analyzed if it involves the use of NTFS Alternate Data Streams. Fixes an issue where some IPv6 addresses are not correctly identified as internal IPs for the RDP Brute Force detection in Behavioral Guard. Fixes an issue where the Endpoint Security client upgrade fails because the Anti-Malware process fails to unload. Fixes an issue for sites blocked by Anti-Malware web protection. Fixes an issue where Endpoint Security significantly slows the Kaspersky Endpoint Protection upgrade process.   Data and access protection Fixes an issue when the Compliance blade fails to detect the McAfee Endpoint Security running status, if no user is logged in. Fixes an issue where Media Encryption and Port Protection does not update the Offline Data Access utility on an encrypted removable media. Fixes a rare issue where an FDE process crashes when switching from BitLocker Management to FDE. Includes stability and quality fixes. Supports all the features of previous releases. Improves the log mechanism. Logs will stay on the machine for a longer time. Includes performance improvements with large scale topology. General  The initial connection to the server does not require the Endpoint Security Client to be connected to the domain controller. Fixes an issue for the Endpoint Security Client to report its name to display accurately in Deployment reports of SmartEndpoint. Fixes a rare case of BSOD that may happen during an arbitrary process creation. Best Ami.B
DP3049
DP3049 inside Endpoint Security Products 2 weeks ago
views 309 4

Endpoint Security E80.89, OSX 10.15, no MFA challenge.

Hi Mates,I have Endpoint Security E80.89 running on MacBook Pro on OSX 10.15 (Catalina). When trying to connect via VPN to the corporate server, using Username and password authentication, I do not get the expected MFA challenge, nor do I get the SMS with the authenticate code. This worked on previous versions of both Endpoint Security and OSX, and currently works on my corporate Wintel laptop. I have disabled both firewall and Anti-virus for testing, no change.Any suggestions please?Kind regards,Dave.
Chinmaya_Naik
Chinmaya_Naik inside Endpoint Security Products 2 weeks ago
views 8524 19

How to upgrade to Windows 10 with FDE in-place (E80.94)

How to upgrade to Windows 10 with FDE in-placeHi Team,OS: R80.20Install on Machine: Enterprise Endpoint Security E80.90 Windows ClientsEnabled Blade :1.Sandblast Agent Anti-Ransomware, behavioral guard and Forensics2.Sandblast Agent Anti-Bot3.Sandblast Agent Threat extraction and emulation4.FullDisk EncryptionEmulation: On CloudFullDisk Encryption Status: EncryptedBOOT MODE: UEFIWe are upgrading the version using SCCM.We try the upgrade from windows 10 (64bit) version 1709 to 1809 but its fail.I Follow the sk120667 (How to upgrade to Windows 10 1607 and above with FDE in-place).We did the below Step.STEP 1: First we check the current UEFI boot mode on Encrypted Machine by going to this location (%ProgramFiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption) and run the command "fdecontrol.exe get-uefi-bootmode"and we see the current boot mode is "BOOTMGFW" so on Next stepSTEP 2: I change the boot mode to "BCDBOOT" by command "fdecontrol.exe set-uefi-bootmode bcdboot".But Still, It Fails to upgrade.Do You all think that by OFF the "Pre-Boot Environment for FDE" in policy is resolved the issue?Its very time taking to test on the encrypted machine because on our case its take more than 18 hours to encrypted one Fresh machine.Also, I have one query when we upgrade Windows via ISO-file then, after changing to "BCDBOOT" mode then we unable to run the below command. (CMD)setup.exe /ConfigFile "%SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"Kindly help me out what the "exe.setup" stand like which location we run the above command and also about "SetupConfig.ini" file.Thanks in Advance
mistercinux
mistercinux inside Endpoint Security Products 2 weeks ago
views 213 2

How to apply an Antimalware policy to a specific server like a domain controller?

Hello,I'm configuring an anti-malware policy rule that should apply to my domain controllers, for which I configured different specific exclusion paths.The Anti-malware policy applies to users and not to machines, so how could I configure it to apply to my Domain Controllers and not to others servers / endpoints ? Thanks for reading.