Showing results for 
Search instead for 
Did you mean: 
Create a Post
kstenger inside Endpoint Security Products Friday
views 139 3

MEPP logs in Splunk

Greetings I was wondering if anyone in the group knows of a method to export the Media Encryption and Port Protection MEPP user activity logs to Splunk? Thanks Kevin
Chinmaya_Naik inside Endpoint Security Products Wednesday
views 259 3

Media Encryption offline Encrypted file access without Checkpoint Agent Installed

Hi Team,GAIA OS: R80.30Endpoint Client: E81.40Blade Enable: Media EncryptionRefer Sk: sk148453We are testing media encryption on one of our customer environments.We successfully encrypted business data in the Pendrive but unable to access from the machine where checkpoint endpoint in not installed and also that machine is not a part of the current organization.So basically we are using Media Encryption Offline Access utility (called as AccessToBusinessData).As far I know once we encrypted the business data or nonbusiness data depend upon the policy that I configure, then we see an application called as Access To Business Data (Name with space) showing inside the Pendrive once the encrypted was completed.Also, I can download the Media Encryption Offline Access utility AccessToBusinessData (Name without space).I try to use both applications but got the below error.01020304Pls, help to find out the solution.Regards@Chinmaya_Naik   
Altor inside Endpoint Security Products Tuesday
views 2453 12

Endpoint Security VPN Catalina

Hi!I have a problem with my Endpoint Security VPN.Yesterday updated to Catalina and now I cant use your VPN.I believe it is a problem with 32/64 versions.Can you tell me are you going to fix it somehow in nearest time?And I just cant delete your software or re-install it - it gives me "Bad CPU type in executable" when I use your uninstaller.So I'm finding myself in situation in which I cant delete or install your soft.
inside Endpoint Security Products Tuesday
views 311 2 2

Forrester names Check Point a Leader in Endpoint Security Suites

    Forrester Research, Inc. conducted an extensive, in-depth analysis of endpoint security features amongst 15 different enterprise cyber security solutions. They evaluated 25 criteria, including malware prevention, data security, mobile and a zero-trust framework alignment.Check Point’s SandBlast Agent supplies a comprehensive enterprise endpoint security solution, assuring organizations are protected from advanced zero-day attacks. Some key features of the solution include Threat Emulation, Threat Extraction, Anti-Ransomware, Zero-Phishing, and more.The criteria in which Check Point obtained the highest possible scores in Enterprise Endpoint Security were: Malware prevention Exploit prevention Secure configuration management Data security Mobile Zero-trust framework alignment Download the report to learn about Forrester’s evaluation of the endpoint security market and why Check Point was recognized as a leader.From the report:“Check Point’s focus on integrating the endpoint security capabilities with its network security portfolio has led to one of the tightest integrations between the two layers in this study, helping customers to enforce a Zero-Trust approach on their endpoint devices.”The Forrester Wave™: Endpoint Security Suites, Q3 2019

Endpoint Security / SandBlast Agent Newsletter - Version – E82.10

We recently released SandBlast Agent E82.10!   E82.10 introduces mainly stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk163578   Support for Windows 10 19H2 Microsoft released Windows 10’s November 2019 Update, codenamed 19H2, on November 12. Also known as Windows 10 version 1909 SandBlast Agent E82.10 is supported on that release Windows 10 19H2.   Main Fixes and enhancements   Threat prevention and Anti-Malware Fixes an issue where symbolic links with Anti-Ransomware honeypot restoration may allow Denial of Service attacks. Older Anti-Ransomware honeypots are now deleted on upgrades. Fixes an issue where Anti-Ransomware honeypots are not created on newer locations like program data and app data, when upgrading from an earlier version of the product. Fixes an Anti-Ransomware False Positive that can occur due to the VMware Horizon Persona Management application. Improves performance of the injection sensor when many processes are launched in a short period of time. Fixes an issue that may cause the Forensics Analysis to include benign processes when NVIDIA processes are launched prior to the Logon screen appearing. Fixes an issue where the entire Forensic incident is not analyzed if it involves the use of NTFS Alternate Data Streams. Fixes an issue where some IPv6 addresses are not correctly identified as internal IPs for the RDP Brute Force detection in Behavioral Guard. Fixes an issue where the Endpoint Security client upgrade fails because the Anti-Malware process fails to unload. Fixes an issue for sites blocked by Anti-Malware web protection. Fixes an issue where Endpoint Security significantly slows the Kaspersky Endpoint Protection upgrade process.   Data and access protection Fixes an issue when the Compliance blade fails to detect the McAfee Endpoint Security running status, if no user is logged in. Fixes an issue where Media Encryption and Port Protection does not update the Offline Data Access utility on an encrypted removable media. Fixes a rare issue where an FDE process crashes when switching from BitLocker Management to FDE. Includes stability and quality fixes. Supports all the features of previous releases. Improves the log mechanism. Logs will stay on the machine for a longer time. Includes performance improvements with large scale topology. General  The initial connection to the server does not require the Endpoint Security Client to be connected to the domain controller. Fixes an issue for the Endpoint Security Client to report its name to display accurately in Deployment reports of SmartEndpoint. Fixes a rare case of BSOD that may happen during an arbitrary process creation. Best Ami.B
DP3049 inside Endpoint Security Products 2 weeks ago
views 289 4

Endpoint Security E80.89, OSX 10.15, no MFA challenge.

Hi Mates,I have Endpoint Security E80.89 running on MacBook Pro on OSX 10.15 (Catalina). When trying to connect via VPN to the corporate server, using Username and password authentication, I do not get the expected MFA challenge, nor do I get the SMS with the authenticate code. This worked on previous versions of both Endpoint Security and OSX, and currently works on my corporate Wintel laptop. I have disabled both firewall and Anti-virus for testing, no change.Any suggestions please?Kind regards,Dave.
Chinmaya_Naik inside Endpoint Security Products 2 weeks ago
views 8435 19

How to upgrade to Windows 10 with FDE in-place (E80.94)

How to upgrade to Windows 10 with FDE in-placeHi Team,OS: R80.20Install on Machine: Enterprise Endpoint Security E80.90 Windows ClientsEnabled Blade :1.Sandblast Agent Anti-Ransomware, behavioral guard and Forensics2.Sandblast Agent Anti-Bot3.Sandblast Agent Threat extraction and emulation4.FullDisk EncryptionEmulation: On CloudFullDisk Encryption Status: EncryptedBOOT MODE: UEFIWe are upgrading the version using SCCM.We try the upgrade from windows 10 (64bit) version 1709 to 1809 but its fail.I Follow the sk120667 (How to upgrade to Windows 10 1607 and above with FDE in-place).We did the below Step.STEP 1: First we check the current UEFI boot mode on Encrypted Machine by going to this location (%ProgramFiles(x86)%\CheckPoint\Endpoint Security\Full Disk Encryption) and run the command "fdecontrol.exe get-uefi-bootmode"and we see the current boot mode is "BOOTMGFW" so on Next stepSTEP 2: I change the boot mode to "BCDBOOT" by command "fdecontrol.exe set-uefi-bootmode bcdboot".But Still, It Fails to upgrade.Do You all think that by OFF the "Pre-Boot Environment for FDE" in policy is resolved the issue?Its very time taking to test on the encrypted machine because on our case its take more than 18 hours to encrypted one Fresh machine.Also, I have one query when we upgrade Windows via ISO-file then, after changing to "BCDBOOT" mode then we unable to run the below command. (CMD)setup.exe /ConfigFile "%SystemDrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini"Kindly help me out what the "exe.setup" stand like which location we run the above command and also about "SetupConfig.ini" file.Thanks in Advance
mistercinux inside Endpoint Security Products 2 weeks ago
views 187 2

How to apply an Antimalware policy to a specific server like a domain controller?

Hello,I'm configuring an anti-malware policy rule that should apply to my domain controllers, for which I configured different specific exclusion paths.The Anti-malware policy applies to users and not to machines, so how could I configure it to apply to my Domain Controllers and not to others servers / endpoints ? Thanks for reading.
RTX_vinan-cano inside Endpoint Security Products 2 weeks ago
views 188 3

Endpoint E82.00 "about" version mismatch

I am just testing E82.00 for Windows 10 on my laptop and have noticed that the Help, About from the tray icon shows "E81.40 build 986101104" as the installed version. The Program and Features entry for the client also says "98.61.1104" Is this a mistake? I've re-installed/repaired, re-downloaded the MSI and it's still the same.  
NeilDavey inside Endpoint Security Products 2 weeks ago
views 226 3

Mobile Access Endpoint Compliance Policies

On our Mobile Access Blade, I use Endpoint Compliance Policies and one of the Enforcement Rules I have set is to Detect if Anti-Virus is installed.We are migrating onto a MDR system and as part of this, the AV product we are going to be using is not on the list of Anti-Virus Providers that Check Point currently list.Before I log a call with our local support company etc, I was wondering if anyone would know if Check Point can change this list and add other AV vendors to this at all?If this list is static and Check Point can't update it, I will have to look at another type of check instead, something like a Custom Rule and check for a running process or something.Thanks
ake_schmidi inside Endpoint Security Products 2 weeks ago
views 2705 20

kernel panic macOS 10.15 Beta (19A526h) Catalina

Hello TogetherI have with the latest beta of macOS Catalina some kernel panics when macOS is starting up.Installed versions:Endpoint Security: E80.89macOS: 10.15 Beta (19A526h)Is there already a new version? Or does anyone have a workaround?
tom_allen inside Endpoint Security Products 2 weeks ago
views 226 4


Hello, I am 100% self taught with the Endpoint Security 81.30 (what we are running currently) on our endpoints. I have downloaded the deployment packages for both the desktops and laptops we have after selecting the blades that we want to run. Desktops do not have the VPN client packages in the EPS.msi file. I deploy with SCCM to the desktops without issue. Shortly after the desktop wants to upgrade. 10 minutes later it has the VPN blade installed. Now I have been working with Virtual groups and deployment rules. Under the console it looks like this. I did delete some deployment rules so I may have answered my our question. Basically I have 3 SCCM deployment packages (2 EPS.msi files) that go to desktops and laptops. I don't want any thing on the console end adding or removing blades. Am I making sense? Thanks!!    
Miguel_Barrios inside Endpoint Security Products 2 weeks ago
views 261 5

Allow only authorized USB

Is it possible to create a policy where they can only be recognized and allow access to particular USBs? 
inside Endpoint Security Products 2 weeks ago
views 185

Endpoint Security / SandBlast Agent - Version – E82.00 for macOS Early Availability

Hi, SandBlast Agent E82.00 for macOS is available for Early Availability. E82.00 for macOS introduces new features, stability and quality improvements. The complete list of improvements can be found in the version release’s Secure Knowledge sk158913 Main Features are: SandBlast Agent E82.00 support macOS Catalina (10.15) New user interface, aligned with the look and feel of the SandBlast Agent for Windows Please note that some of the services (Blades), are not supported in this release and will be supported in the General Availability release planned for Dec-2019.    
John_Yee inside Endpoint Security Products 3 weeks ago
views 203 3

Media Encryption Offline Access Tool for Mac version 10.15/Catalina

Is there a version of the tool that supports Catalina yet?The latest version I see available is from March of 2019.