cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Media Encryption offline Encrypted file access without Checkpoint Agent Installed

Hi Team,GAIA OS: R80.30Endpoint Client: E81.40Blade Enable: Media EncryptionRefer Sk: sk148453We are testing media encryption on one of our customer environments.We successfully encrypted business data in the Pendrive but unable to access from the machine where checkpoint endpoint in not installed and also that machine is not a part of the current organization.So basically we are using Media Encryption Offline Access utility (called as AccessToBusinessData).As far I know once we encrypted the business data or nonbusiness data depend upon the policy that I configure, then we see an application called as Access To Business Data (Name with space) showing inside the Pendrive once the encrypted was completed.Also, I can download the Media Encryption Offline Access utility AccessToBusinessData (Name without space).I try to use both applications but got the below error.01020304Pls, help to find out the solution.Regards@Chinmaya_Naik   

Native Encryption for Mac FDE

My customer has Endpoint Security server R77.30.03 plus the Native Encryption [for Mac FDE] hotfix, and the latest SmartConsole suite (the "E81.40 and higher"; the one linked even from the new E82.00 SK).  Even after cpstop/cpstart from the server hotfix, the Native Encryption menu options don't appear in SmarEndpoint! I *know* the server has the bits (I found the "fde_mac.jar" and related strings in the WSDL files courtesy of heavy grep'ing; heh).  I *know* SmartEndpoint has the bits because I see it when I open it in Demo mode.Regardless, when I connect SmartEndpoint to the server, the Native Encryption recovery options don't appear! Freaky... anyone else have this issue?
ritenm
ritenm inside Endpoint Security Products Thursday
views 176 1

Uninstallation error in R80.97

Facing error while uninstalling checkpoint security agent.Pl find attached file for your reference purpose.Kindly revert back. 
Employee+

Endpoint Security / SandBlast Agent Newsletter - Version – E82.00

Hi all,   We recently released SandBlast Agent E82.00! E82.00 introduces new features, stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk163233   BitLocker Management from SmartEndpoint BitLocker is a very popular full volume encryption feature included with Microsoft Windows versions. Due to its popularity we have integrated the management of BitLocker into SmartEndpoint to ease its operation to our customers and enable single management experience for endpoint security services. BitLocker management is available for data protection license endpoints with Full Disk Encryption service enabled. Note that single encryption method is supported, either Check’s Point Full Disk Encryption or BitLocker with the ability to switch between the two using Crossgrade Functionality. More information is available at BitLocker Management Administration Guide.   BitLocker management requirements: Endpoint Operating System –  Windows 10 Pro and Enterprise editions E82.00 R80.30 with the BitLocker Management Hotfix sk163297           New Detection Techniques E82.00 introduces new enhancements to the Behavioral Guard to detect and prevent complex Meterpreter/reverse shell and RDP Brute Force attacks. Reverse shell attacks obtain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution which is very complex to detect.   The detections is currently deployed is silent mode and will be activated in a later stage.   Important Note: If you’re participating in a POC, security lab evaluation or penetration test of SandBlast Agent, please contact us to activate these detection enhancements as we know pen-testers love such attacks J   VPN's Post Disconnect FeatureThe post disconnect script feature allows users to run scripts on client computers after disconnections from gateways. Please refer to the Revision History of Remote Access for Windows Administration Guide.   Best Ami.B  
Andrea_Poiesi
Andrea_Poiesi inside Endpoint Security Products Wednesday
views 19289 20 1

Endpoint client and Windows 10 1903

Hi everyone,has anyone tried to upgrade windows 10 to the 1903 version and install the endpoint client? in the release notes of ver 80.94 and 80.96 I see that it is not mentioned and does not seem to be supported yet. does anyone have feedback?
ritenm
ritenm inside Endpoint Security Products 2 weeks ago
views 208 2

Roaming user can't able to connect with endpoint management server

I am facing one issue for roaming user i.e checkpoint agent who is not connected in local LAN or MPLS network. showing disconnection so how to resolve this issue. Pl suggest asap.
cjoseph
cjoseph inside Endpoint Security Products 2 weeks ago
views 362 1

Data recovery from Check Point launch failure

I have a Windows 7 laptop with CheckPoint EndPoint Security full Disk Encryption v7.4.1618 and access to the .REC recovery key file.  CheckPoint creates a pink-to-blue band across the top of the screen and does not offer a login prompt. I attempted to reverse the encryption to get to the hard disk data by creating and using a recovery floppy boot disk using the .REC key file but the process claims it cannot find the volume information. Are there alternative methods to access the hard disk data and back it up?  There appears to be no hardware issues, diagnostic results are clear. 
tom_allen
tom_allen inside Endpoint Security Products 2 weeks ago
views 227 3

Exclude Registry keys

Is there a way to exclude registry keys from being scanned and or quarantined?
Soren_Kristense
Soren_Kristense inside Endpoint Security Products 2 weeks ago
views 208 1

Endpoint blades status

HiIs it possible to get status of the blades in the endpoint by a script on the endpoint?We need this as part of the software deployment on the clients.the script must run on the client it self.GreetingsSøren
Juan_Concepcion
Juan_Concepcion inside Endpoint Security Products 2 weeks ago
views 9291 22 6

EndPoint Security URL Filtering

URL Filtering for Endpoint Security.  Presently this is how it's accomplished which is daunting and unmanageable when is this slated to be fixed:Note: This procedure needs to be repeated after every URL filtering policy change.Configuring URL Filtering - One-computer deploymentTo prepare to deploy the URL Filtering blade as part of Endpoint Security clients:Install an R75.40 Security Gateway (R75.40 only). Can be a Virtual Machine.Connect with SmartDashboard to the Security Management Server.Open the R75.40 Security Gateway object properties.Enable the URL Filtering blade - click on OK.Go to the Application & URL Filtering tab - in the left tree, click on Policy - define the relevant rules.Install the security policy on the R75.40 Security Gateway.Connect to the command line on the Security Management Server.Log in to the Expert mode.Run one of these commands to fetch the URL Filtering into the Endpoint policy:[Expert@HostName:0]# eps_policy_fetcher fetchlocal -g <Name of Security Gateway object>For example, eps_policy_fetcher fetchlocal -g GW1[Expert@HostName:0]# eps_policy_fetcher fetchlocal -d $FWDIR/state/<Name of Security Gateway object>/FW1For example, eps_policy_fetcher fetchlocal -d $FWDIR/state/GW1/FW1/Connect with SmartEndpoint GUI to the Endpoint Security Server.Go to the Policy tab.In the URL Filtering rule, make sure that there is an indication that the Security Gateway policy is available for endpoints.Example: Configuring URL Filtering - Distributed deploymentTo prepare to deploy the URL Filtering blade as part of Endpoint Security clients:Connect with SmartDashboard to the Security Management Server.Open the R75.40 Security Gateway object properties.Note: Install an R75.40 Security Gateway (R75.40 only). Can be a Virtual Machine.Enable the URL Filtering blade - click on OK.Go to the Application & URL Filtering tab - in the left tree, click on Policy - define the relevant rules.Install the security policy on the R75.40 Security Gateway.Copy all the files from the $FWDIR/state/<Name of Security Gateway object>/FW1/ directory on the Security Management Server to the $FWDIR/state/__tmp/FW1/directory on the Endpoint Security Management Server.Important Note: If you copy these files via a Windows-based computer, then after transferring them to the Endpoint Security Management Server, it is necessary to run the following command:dos2unix $FWDIR/state/__tmp/FW1/*Connect to the command line on the Endpoint Management Server.Log in to the Expert mode.Run the following command to fetch the URL Filtering into the Endpoint policy:[Expert@HostName:0]# eps_policy_fetcher fetchlocal -d $FWDIR/state/__tmp/FW1Connect with SmartEndpoint GUI to the Endpoint Security Server.Go to the Policy tab.In the URL Filtering rule, make sure that there is an indication that the Security Gateway policy is available for endpoints.
Altor
Altor inside Endpoint Security Products 2 weeks ago
views 1142 10

Endpoint Security VPN Catalina

Hi!I have a problem with my Endpoint Security VPN.Yesterday updated to Catalina and now I cant use your VPN.I believe it is a problem with 32/64 versions.Can you tell me are you going to fix it somehow in nearest time?And I just cant delete your software or re-install it - it gives me "Bad CPU type in executable" when I use your uninstaller.So I'm finding myself in situation in which I cant delete or install your soft.
Chris_Butler
Chris_Butler inside Endpoint Security Products 2 weeks ago
views 311 11

Official CP Endpoint Install / Windows Server 2019 Defender AV / Firewall disable procedure?

Hi All,I am about to deploy Check Point Endpoint Security client 80.30 with Antimalware Engine 2 (E2) on a number of Windows Server 2019 and 2016 Hyper-V Guest VMs and at least 1 bare metal server.As of yet, I have not heard what the official installation procedure should be considering the content of this Knowledgebase article, which indicates that Server 2019 no longer plays nice by disabling it's internal antivirus and firewall components when 3rd party security clients are installed.https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk159373The SK mentions that you must disable Windows Defender Antivirus and Firewall BEFORE installing the CPEP client,I had not seen or heard of this behavior before installing CPEP on a windows server 2019 VM hosting our Blackberry UEM MDM platform, so CPEP went in on top of the MS components. I have since only disabled the Windows Defender Firewall for just "domain" network profile for that VM.) The SK also mentions that this can be done "via GPO" but does not cover how. (caveat, I have yet to, but will fully read through the whole admin guide and whatever other documentation I can find for the latest releases of CPEP to see if it is covered there and will report back if I have a definitive answer) With that said,The following Microsoft post:https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility#fn1Which suggests that a registry edit will make WD AV go "passive" is enough,Is somewhat in conflict with this Microsoft posthttps://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility#fn1Which somewhat ambiguously seems to state that you can uninstall windows defender completely using the add remove roles and features Wizard, after suggesting earlier in the post that removing the feature components only removes the user interface.All very confusing.Anyway, would anyone from Check Point proper like to suggest the specific steps one should take if we intend to deploy CPEP to even a newly built Windows 2016 or 2019 server with nothing but the OS installed yet?What would be the GPO to which the SK refers?Should we be uninstalling the whole feature as described in the second Microsoft link?Also, regarding the aforementioned Blackberry UEM server: I deployed the client while actually working with CP support on a Zoom remote support session. I happened to notice that windows firewall was still running during the same remote session; I was told at that stage that the wscsvc service was removed in the OS and this is Microsoft's doing and by their design. At the end of the day I am therefore at a disadvantage in the case of this specific production server if I was supposed to turn off Windows Defender Anti-Malware BEFORE installing CPEP.So, a specific question, did I break anything by having installed CPEP on a windows Server 2019 machine before "turning off" Windows Defender Anti-Malware? I would assume not if the TAC engineer did not indicate this, but I want to be sure. Once I know what the correct "turn off" method is for Defender per CP, I just hope there is nothing I need to worry about having done things in the wrong order.I would be interested to hear anyone's experiences with CPEP and Windows Server 2016 / 2019 and whether you noticed any issues, or whether you realized that Windows Defender components were still running.Thanks!Chris.EDIT:This is Microsoft's Antivirus and antimalware software: FAQ for reference:https://support.microsoft.com/en-us/help/4466972/windows-10-antivirus-and-antimalware-software-faq#multiple-products 
Daolong_Liu
Daolong_Liu inside Endpoint Security Products 2 weeks ago
views 9807 11 1

how uninstall endpoint client

hi   I want uninstall endpoint client ,but I forget the uninstall password, what should I do? The server and the client is disconnected,according to sk106617 and sk62023 can't do 
whiz8
whiz8 inside Endpoint Security Products 3 weeks ago
views 227 1

Smartendpoint R80.20 HA Pair

 I have an existing SmartEndpoint managing endpoint and I want to build HA pair. Once I build the HA pair, how do the endpoints know about the Standby SmartEndpoint? If the Active one is gone, how does the endpoint connect to standby since it uses IP addresses to connect to the active one? 
Riverascourtesy
Riverascourtesy inside Endpoint Security Products 3 weeks ago
views 214 1

Upgrade windows from 1709-1903 with 81.30

I’ve upgraded windows 10 from 1709 to 1903 with 81.30 already installed. Previously we had to set uefi bios to BCDboot however I was able to upgrade successfully without doint this. Do we know if this is still required?