cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
John_Gallagher
John_Gallagher inside Endpoint Security Products 2 hours ago
views 33 1

Noise Rule

Hi We are the running Endpoint Client with the Firewall blade enabled. When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.    This makes investigating the logs somewhat difficult as there are limited filtering options available. Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp. I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs. Is it ok to create a block rule only on the ports as below?  Note the source is Any  Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule          
ake_schmidi
ake_schmidi inside Endpoint Security Products yesterday
views 1066 9

kernel panic macOS 10.15 Beta (19A526h) Catalina

Hello TogetherI have with the latest beta of macOS Catalina some kernel panics when macOS is starting up.Installed versions:Endpoint Security: E80.89macOS: 10.15 Beta (19A526h)Is there already a new version? Or does anyone have a workaround?
Andrea_Poiesi
Andrea_Poiesi inside Endpoint Security Products yesterday
views 16630 19 1

Endpoint client and Windows 10 1903

Hi everyone,has anyone tried to upgrade windows 10 to the 1903 version and install the endpoint client? in the release notes of ver 80.94 and 80.96 I see that it is not mentioned and does not seem to be supported yet. does anyone have feedback?
Peter1
Peter1 inside Endpoint Security Products yesterday
views 176 4 1

Endpoint E80.89 VPN client crashes on Mac OS Mojave

Hi there,After upgrade to Mac OS 10.14 the E80.71 client stopped working; so I upgraded to E80.89. However, as soon as I click on the client icon in the toolbar it crashes.I attach a log that was produced to the collect logs option (choosing this option immediately crashed the client).I've tried the obvious things (rebooting computer, installing on different user account, going back to E80.71, uninstalling and reinstalling etc.)Any help would be appreciated. 
PhoneBoy
inside Endpoint Security Products Sunday
views 2937 6 4
Admin

Check Point Endpoint Security Client E80.89 for MAC is now available

E80.89 for macOS 10.14 Support is now available.This release includes stability and quality fixes. New FeaturesSupport for the Endpoint Security Clients on macOS Mojave (10.14)Support for SandBlast Agent previously only available on the Windows platform:Threat Emulation - Evasion resistant sandbox technology detects malicious behavior and prevents any imminent attack.As in Windows, the protection is available in 2 levels:Protection from files written to the file system.Inspection of files downloaded by Chrome using the Chrome browser extension to prevent malicious files from getting to the file system.Anti-Ransomware - Detects and quarantines the most evasive Ransomware variants.Google Chrome Extension with:Threat Extraction - Reconstructs downloaded file, delivering sanitized risk-free files to users in real time.Zero Phishing - Blocks deceptive phishing sites and alerts on password reuse in real-time.Full support for macOS 64-bit.Adds the ability for Remote Access to verify the integrity of the Endpoint Security Management where the Endpoint Security VPN clients connect.This ability exists in the Endpoint Security VPN client for Windows, and is now available for the Endpoint Security client for macOS. See sk108892.EnhancementsNative Encryption Management now supports mobile network users.Remote Access - Opens the default browser of the machine to register to hotspot. See sk131152 for more information on the E80.89 MAC release.
nicolas1984
nicolas1984 inside Endpoint Security Products Saturday
views 137 4

Bridge mode with security gateway 3100 - Possible?

Dear community,I'm installing a new security appliance 3100 on one site of my company, that has 5 ports (eth1, ..., eth5).eth1 is connected to WAN with a public IP addresseth2 is connected to LAN with a private IP address 192.168.33.254/24 and a DHCP server for LAN clients.192.168.33.0/24 is part of a VPN domain. Everything works well with this configuration.Now, as it's a very small site, I'd like to use eth3, eth4 & eth5 for my LAN network too, so I would not need to use an additional switch. I created a bridge called "br1" with IP address 192.168.33.254 and added eth2 & eth3 as members.Since, I'm not able to do anything from eth2 or eth3. I can't get an IP address, I can't reach Internet (even with a static IP address). The SmartCenter logs have entry for dropped packets with reason "Missing OS route".My questions are:- Is this design really supported?- Do you have any idea about what could prevent this design from working?Thank you in advance for your suggestions.
gonianiwa
gonianiwa inside Endpoint Security Products Thursday
views 137 1

Rule to block request if url contains IP address

Hello, I would like to block all request at checkpoint when user will use directly IP address to access websites. As i read about it, it requires to write proper regex for it, i tried to use the following regex, but checkpoint did not accept it. [0-9]+\.[0-9]+\.[0-9]+\.[0-9]
Alex_Gilis
Alex_Gilis inside Endpoint Security Products Wednesday
views 273 4 1

LDAPS and cloud-based Endpoint servers

Is there a procedure similar to sk84620 for cloud-based EPS running on portal.checkpoint.com?I can't realistically ask a customer to use LDAP for organization scanners in clear text over an Internet connection.
zaxonxp45
zaxonxp45 inside Endpoint Security Products Wednesday
views 139 1

Mounting encrypted flash drive under Linux.

In our company we have USB flash drives which are encrypted by Endpoint Security software. If the USB is plugged in on normal computer then the content is the encrypted container and the windows executable which allows to access container by using special interface.So it is possible to access the content on Linux using a Wine emulator to run the software. I wonder if it would be possible to mount the container directly by the Linux system, so the content could be accessible by standard Linux tools (like the rsync, cp, mv, etc.)? Kind regards,Piotr 
TomShanti
TomShanti inside Endpoint Security Products a week ago
views 229 3

Using Hyper-V on Windows 10 with Endpoint Security/VPN

Hi,we are running a VM on Windows 10 with the Hyper-V hypervisor.Currently we have troubles which looks like the Endpoint Client´s VPN interferes with the local VM traffic.We have "route all traffic through VPN" enabled and as soon as the user connects to VPN the VMs are not reachable anymore.Any experience ?I know it worked fine with VMWare Workstation in the past.Regards TomPS: We do not have any desktop firewall rules in place other than "Allow all"
sharkbone
sharkbone inside Endpoint Security Products a week ago
views 297 11

Screenmirroring (Miracast) connection error

We have had the scenario where our Screen mirroring via Miracast or any other technology works only after uninstalling Checkpoint VPN/Firewall software from the affected client. Research shows that most third party VPN solutions identify WiFi Direct (the underlying technology for Miracast/screensharing) as a "Split Tunnel" connection and deem it a risk to security so they disable the functionality.Are there alternative workarounds to this instead of totally uninstalling Checkpoint in order to get this working? We can only keep Checkpoint as our endpoint security solution (vpn / firewall) if we find a permanent solution to this problem or else management will be forced to turn to another solution. Refer to this post https://superuser.com/questions/1353896/miracast-connection-error-after-joining-ad-domain
Marcus_Halmsjo
Marcus_Halmsjo inside Endpoint Security Products a week ago
views 179 1

Exception for Sandblast in E81.40

Hi,We upgraded to EPS version E81.40 and after this we have started to get reports from users that the sandblast browser plugin started scanning downloaded files from domains that we have in exception in the policy for sandblast.Is this a known problem or is there a change in feature i might have missed?
Tom_Kendrick
inside Endpoint Security Products a week ago
views 721 3 14
Employee+

Check Point Endpoint Security versions / release schedules

Hi All, I had some feedback, saying there’s a lack of understanding of the Endpoint release plans, so let me explain…  (Yes, we’re historically not the best as marketing and communications!) First a little history lesson: For those that remember, Endpoint installs were released on the same sort of frequency as Network releases.  You can see all releases documented here: sk117536. However, around 2017, with the rise of Ransomware, R&D appreciated very much, that the world changed too fast, and to ensure our agent could proactively maintain its ability to prevent, a monthly release was necessary. This allowed us to add features, and always aim to keep ahead of the bad guys (with new features, like Anti Ransomware, Behavioural Guard, Anti Exploit, PowerShell malware based prevention etc.) – this is our DNA – to give the best security. This change definitely gave us more features, but, with anything, with a much shorter time to General Availability, and more “moving parts”, the opportunity for bugs to be introduced increased. As part of an overlay team in CHKP, our team provides feedback, every 6 months to R&D in Tel Aviv, and they do listen!  We said - Customers felt they had to upgrade, and felt there were too many versions to maintain. What we do now: Today, we now, where possible, let you upgrade with no reboot, definitely reducing end user impact.  Their aim is to have Endpoint upgrade, just like Chrome does – silently if you want to (no, I have no idea what Chrome version I am running). We also got R&D to provide 2 “channels” – recommended, and latest – see the info in the SK above. E80.96 is the current recommended version. However, there are numerous fixes (but also new features, which always carry the potential for bugs) in E81.10, and E81.20.  Such as the ability to support newer Windows versions. So, we can see E81.10, and then E81.20 are the latest versions. R&D release 2 “latest” versions, and then a new recommended version. So, as an example, E81.30 (the next expected recommended version) is just E81.20, with 10+ significant fixes included (the number of fixes can change). If you prefer to stick to fewer updates, but less features, then the recommended updates channel is the one for you. I hope this helps! Tom Kendrick | EMEA Customer Success Manager & Evangelist – Office Of the CTOCheck Point Software Technologies Ltd.  
Tom_Thackwray
Tom_Thackwray inside Endpoint Security Products 2 weeks ago
views 184 1

Non-domain joined laptop & EPS installation - Failed to send register message to the server

We have half a dozen laptops that are not on the domain that we'd like to protect with EPS Client.I've created a Virtual Group on the Endpoint Server for Non Domain Joined Laptops & downloaded the package from the rule that associates the group.Installing on the Win 10 Home laptop is successful (running via CMD msiexec /i "DRIVE:\path_to_EPS.msi_file\EPS.msi" /l*v C:\EPS_install.log) but I've got the error message "Endpoint Security Client failed to send register message to the server. Contact your administrator".As the laptop is not on the domain it won't see the EPS server the same way all previously deployed clients have. Is there a way to point this non joined laptop to our server's external IP - or is there another way to get the laptop talking to the server?Thanks in advanced!
Floced
Floced inside Endpoint Security Products 2 weeks ago
views 226 1

Endpoint E80.89 : Mac OS : not able to access internet after client shutdown

Hi,I have installed the Endpoint E80.89 client on my Mac (Mojave 10.14.6)The connection to my company's VPN is working fine, but when I disconnect it (and/or shutdown the client), I'm not able to connect to the internet anymoreI'm connected to my Wifi, I receive an IP address, but no internet. I rebooted my Mac, changed the DNS, uninstalled the client, but no postivie resultThe only way I can access internet is either connecting the VPN, either using the "register to Hotspot/hotel" option (but works only for a limited period of time)Can you help with this issue?