cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
sysadminnow
sysadminnow inside Endpoint Security Products 4 hours ago
views 165 2

E82.20 allow change always connect setting

Does anyone know how to create a custom .msi file with an already defined site setting and the default always connected change to disabled but still allow users to enable always connect if they wish to? I have followed the documentation for creating my msi and trac.default file but no matter how I configure them the always connect box is always greyed out either with the setting on or off depending on neo_always_connected                                STRING      true                        GW_USER 1 being set to either true or false. I've tried other settings but none seem to help.  Our previous .msi for 81.00 installs our site and allows users to change the setting, I have compared the old and new trac.defaults files but there are not differences besides 82.20 having some new entries, none of which seem to address the problem. Thanks!
chimda
chimda inside Endpoint Security Products 7 hours ago
views 75 3

error massages

I tried installing checkpoint antivirus on my systems and this is the error massage it pop up check point endpoint security requires windows7 sp1 or a greater windows version up to windows 10.0.18200.. pls i need help 
Ami_Barayev1
inside Endpoint Security Products 12 hours ago
views 33 1
Employee+

Endpoint Security / SandBlast Agent Newsletter - Version E82.40

We are happy to announce the release of Endpoint Security Client E82.40. E82.40 introduce new functionalities and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk164956 Windows CryptoAPI Spoofing Vulnerability – CVE-2020-0601 A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. SandBlast Agent can detect and prevent this vulnerability for un-patched systems.       Behavioral Guard enchantments Meterpreter Reverse Shell detections are now active by default. Reverse shell attacks obtain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution which is very complex to detect.   New injection detections including Process Hollowing are now active by default. Process Hollowing is a code injection technique in which the executable section of a legitimate process in the memory is replaced with malicious code. Forensics can now identify starting points of attacks originating from lateral movement and Windows Management Instrumentation (WMI). Indirect execution on a single machine through WMI is now detected and followed in the Forensics Analysis. Behavioral Guard now detects Windows-reported CVEs to generate a log and Forensic Analysis. Below is a forensic report for Process Hollowing       Threat Prevention enhancements and fixes Improves performance slightly by removing unnecessary logs from Behavioral Guard. Fixes an issue in the Forensics Log Card to report a trigger rather than the process of a trigger. Fixes an issue with a Forensic crash in a Virtual Disk Infrastructure (VDI) environment. Anti-Bot detection status now updates to the server User Interface continuously for additions and removals from the client. Fixes an issue that can cause the Anti-Exploit service to crash in x86 systems, after an upgrade. Fixes a rare issue where the machine hangs during an upgrade (related to a driver that Anti-Exploit uses). Fixes an issue where Anti-Exploit may not work immediately after an upgrade. Resolves the issue where an Anti-Malware infection event is not showing in SmartEndpoint Reporting, if special characters are in the path. Resolves an issue where Anti-Malware reporting does not update in SmartEndpoint, after the infections list changes in the Anti-Malware blade. Fixes an Anti-Malware system scan memory issue, when scanning files with alternate data streams. Data and Access Protection enhancements and fixes Resolves an incorrect report about the Full Disk Encryption blade not running during a Windows shutdown, when the Deployment Agent (CPDA) does not receive a shutdown notification. Sets BCDBOOT as the default on fresh installs. Fixes Unified Extensible Firmware Interface (UEFI) to use the customized image rebrandings of UEFI preboots. No longer forces a reboot when the pre-boot bypass is off, by policy. Resolves a possible issue where the Firewall blade has the Initializing status after an upgrade due to some missing dll files. Resolves a possible issue where registry parsing, while self-protection is active, causes a BSOD. Fixes the vsdatant.sys driver synchronization issue that causes a BSOD on driver unload. Resolves the issue where Long Term Evolution (LTE) and Universal Mobile Telecommunication System (UMTS) devices are not recognized as wireless by the "Disconnect wireless connections when connected to the LAN" feature. Fixes and removes the requirement to install Visual Studio 2017 runtimes when running the Media Encryption offline utility "Access to Business Data". Note: The Mac offline utility now supports macOS Catalina (10.15). Fixes an issue where the location inside the organization is not recognized properly. Adds the detection of McAfee Security Endpoint v10.6 into Secure Configuration Verification (SCV). Fixes an issue where the user is not able to use several question marks in the password. Installer and general enhancements and fixes Resolves a possible issue where the client upgrade fails, when the Anti-Malware blade cannot reach a database file, after an ungraceful process termination. Resolves a sudden reboot, after a client upgrade finishes, before a custom countdown timer ends. Resolves an issue where Installer terminates on machines with specific locales, if the user has a name with specific localized UTF-8 characters. Resolves a possible issue where the installation fails, by waiting for a process from a previous installation to stop. Increases the timeout value for Windows Installer (MSI) to wait for Full Disk Encryption to finish a deployment in offline mode. Fixes the Full Disk Encryption uninstall, after a Windows 10 upgrade. Fixes an issue with the Deployment Agent (CPDA). Now, it tries to resend the UpdateRegister message, when the machine has network configuration changes, if the message did not go through, during startup. Resolves an issue where the "Disconnected Policy" is not defined, and appears in the display, when the client is connected. Fixes the issue of duplicate user objects for the same user in Other Users / Computers.     Best Ami.B    
Slava_Zhevelyuk
Slava_Zhevelyuk inside Endpoint Security Products 12 hours ago
views 55 2 1

Sandblast Cloud URL filtering

G'day Guys,I'm trying to figure out how URL filtering works with SBA? Customer only has SBA there is no gateway.I am getting conflicting information that it cant be done??? Surely info I get is wrong, it is such a standard feature these day?Can anyone confirm this for me?Thanks

Export Data

How can we get an export (*.csv) of the devices that have and don't have Checkpoint Endpoint installed? Any suggestions welcome. 

Cannot download endpoint client package

After having activated the Endpoint blade on my SMS, I proceed to downloading the endpoint client package but it seems to load forever without the download process ever coming to an end (a screenshot has been attached). There is nothing wrong with my internet connection and the eval license has been attached to the device. Has anybody seen this before? Many thanks in advance.

Unable to edit user messages in SmartEndpoint R80.20

We have  SmartEndpoint R80.20 running on Windows 2012 Server. We get an unhanded exception error when trying to configure user messages, for example within Media Encryption & Port Protection Blade and the Default UserCheck Messages Settings  Has anyone see this issue before?
PBOON
PBOON inside Endpoint Security Products Monday
views 351 4

Enforce Policy Firewall fail on MAC 10.15.2

I got the error message Enforce Policy Firewall fail while connecting to VPN on MAC 10.15.2 on Check Point Security Endpoint E82.00. Anyone face the same issue and how to solve this?
samuel11
samuel11 inside Endpoint Security Products Saturday
views 167 2

Windows update from 1809 to 1903 with Endpoint Security E82.00 breaks BCD Boot on Probook 640 G4

Has anyone experienced problems with Endpoint Security E82.00 breaking during the feature update to 1903? It's an identical problem to that described in this post:https://community.checkpoint.com/t5/Endpoint-Security-Products/Windows-10-1803-Auto-Upgrade-with-FDE-Failing/m-p/23293#M507The problem occurred on two Probook 640 G4s. Both had Endpoint Security E82.00 installed and Windows 10/1809 with recent security updates. In both cases, bcdboot was enabled (as advised in the other post) and the Bios was up to date.There is a boot loop as the 1903 update tries to finish installing, and Checkpoint is not listed among the devices in the boot menu. Decrypting the hard drive (via recovery media) allowed the 1903 update to complete and the machine to boot to Windows. Checkpoint then was uninstalled and reinstalled from scratch.  
nagaraja_cs
nagaraja_cs inside Endpoint Security Products Saturday
views 206 5

Full Disk Encryption stuck at 99%

Hi Team, FDE is stuck at 99%.OEM partition is not getting encrypting,it is stucked at 0%.Is there any solution for this ?Is there any exclusion we can add so that we can skip  this partition from being encrypted.Attaching the screenshots for the reference.   

Checkpoint Endpoint Blades (User/Machine Based)

Its a Important part when we going to create a new virtual group during implementation to segregate the machine/user with different group.But when you going to create a new virtual group then we able to see two option :Virtual Group (Used for Both User & Machine)Computer Group (Used Only for Machine) Different blades group is use base in the following chart :FDE – Machine BasedMEPP – User BasedOne Check – User BasedCapsule Docs – User BasedAnti-Malware – User BasedAnti -Ransomware, Forensics and remediation – Machine BasedAnti-Bot – User BasedThreat Emulation and Threat Extraction – User BasedCompliance – User BasedURL Filtering – Machine BasedFirewall – User basedAccess Zones – User BasedApplication Control – User BasedClient Settings – User BasedAs per my personal experience use “computer group” for machine based policy even you have a option to create "virtual group" for machine based. Regards@Chinmaya_Naik

Endpoint Security: Active Directory scanner LDAPS

Hi allI ran in problems while setting up Active Directory scanner with LDAPS enabled on a fresh installed R80.40 server.The only error message i got is: unable to establish a connection to the domain controllerI've imported the certificates to keystore and restarted the needed services.With 'bin/keytool -list -keystore lib/security/cacerts certificate.cer -storepass password' I can see the certificate listed. I also installed the intermediate cert.Because I wasn't sure where to install the certs, I've put them in both stores:- $CPDIR/jre_32- $CPDIR/jre_64From the CLI on the CP management server a 'telnet ip.add.re.ss 636' to the Active Directory domain controller is successfull.Another thing I've tried is to change the settings in file$UEPMDIR/engine/conf/ldap.utils.propertiesfrom use.ssl=false to use.ssl=trueThis didn't help either.I tried then the AD sync with LDAP. This was successfull.So it must have something to do with LDAPS. How can I troubleshoot this further?Thanks for a hint... 
J_B
J_B inside Endpoint Security Products Friday
views 191 4 1

Endpoint Policy Server

When pushing out new clients to devices, does the Endpoint Policy Server handle this, or will the new client be downloaded from the Primary Management Server? I was almost sure that the client would be downloaded from the Policy Server that the client is connected to, but it's not really clear within the documentation as it doesn't specify client upgrades?  We're gradually updating 4000+ clients and the comms links are getting hammered, almost as if all the client downloads are coming from the Primary Management Server.The Endpoint Policy Server handles the most frequent and bandwidth-consuming communication. The Endpoint Policy Server handles these requests without forwarding them to the Endpoint Security Management Server:All heartbeat and synchronization requests.Policy downloadsAnti-Malware updatesAll Endpoint Security client logs (the Endpoint Policy Server is configured as Log Server by default).It would be great if you could restrict the Policy Servers to only communicate with certain subnets that you specify, a bit like what you can do with distribution points within SCCM.  There doesn't seem to be any real logic behind the proximity analysis, apart from a simple ping command.
Gerry_Locke
Gerry_Locke inside Endpoint Security Products Thursday
views 555 18 1

Is there a way?

We recently had a bunch of laptops purchased, and apparently the only way to get them imaged by System Centre is if System Centre is deploying Windows 10 1909. So I updated our task sequence to use Windows 10 1909. Unfortunately, our current version of Checkpoint is 80.82, which won't install on Windows 10 1909......apparently. No problem (or so I thought)......just get a more recent version of Checkpoint. However it seems that all our Checkpoint infrastructure needs to be upgraded before we can use the current version of Checkpoint.So now we are stuck in a hard place - we tell the people who need computers that they can't have them because our antivirus is incompatible - and end up with a bunch of people who are employed to do no work, or we deploy a bunch of machines with no antivirus. The only person who knows anything about Checkpoint is our I.T. manager, who is generally too busy to worry too much about antivirus software, so at this point we have had to take the decision to deploy a bunch of machines with no antivirus.I have tried installing the version that I assume we need (82.10?), but it comes up and says 'no blades selected'Surely it shouldn't be this hard. Isn't there some plain vanilla version of Checkpoint I can install that will at least protect our PCs until someone has time to do the other upgrades required to support this version?
tom_allen
tom_allen inside Endpoint Security Products Thursday
views 186 2

Exclude Powershell Scripts

I have a need to for  a couple of users to be able to run some PowerShell scripts on their PC's. Currently they are getting flagged and the script put in quarantined. Its being flagged as PDM:Trojan.Win32.Generic with the category of riskware. How do I go about setting this up? Thanks!