This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Nelson_Custodio
Explorer
‎2021-01-05 07:13 AM

Finding endpoints that have not received the 1/1/2021 VPN Patch

Unfortunately, my organization had to manually install the 80.81 - 81.10 patch to all our endpoints.  Now that we are in the new year is there a command I can run to see what clients are still unpatched? Or clients that have attempted to connect but are unable to because they are not patched?

0 Kudos
5 Replies
Lior_Arzi
Employee Alumnus
Employee Alumnus
‎2021-01-05 07:23 AM

Hi

 

from sk171213:

How to determine if the patch is installed?

There are several recommended options:
  • Look at the patch logs for success/failure messages when using the EPPatch.msi – For more information, follow sk171275.
  • Look for the file version of the epklib.sys itself (C:\windows\system32\drivers\) and validate that the version is the same as or higher than 8.60.5.7253
  • To use Check Point's Compliance blade to examine the outdated driver that needs replacement (by checking the version) – follow sk171279.
Nelson_Custodio
Explorer
‎2021-01-05 07:31 AM
In response to Lior_Arzi

Thanks but I was hoping for something I can pull remotely through the logs.  I also don't own the compliance blade

0 Kudos
Lior_Arzi
Employee Alumnus
Employee Alumnus
‎2021-01-05 07:49 AM

If you have our Endpoint Security you automatically have the license for our compliance.

you can use it to query it remotely as described in sk171279.

0 Kudos
rrbranco
Contributor
Contributor
‎2021-01-05 01:53 PM

Perhaps you could also take a look to this oneliner ...


https://community.checkpoint.com/t5/Scripts/Endpoint-Versions-ONELINER/m-p/106988#M737

0 Kudos
ED
Advisor
‎2021-01-06 12:31 AM

@Nelson_Custodio 

Open your logs and paste in this query:

action:"Log In" AND ("Endpoint Security") AND (E80.81 or E80.82 or E80.83 or E80.84 or E80.85 or E80.86 or E80.87 or E80.88 or E80.89 or E80.90 or E80.92 or E80.94 or E80.95 or E80.96 or E80.97 or E81.00 or E81.10)

Then you will find all the clients with the old versions still trying to connect. Take a look at 7 days to catch the most recently. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events