Q&A is listed below the slides
Full Details about E88.70 Release
https://support.checkpoint.com/results/sk/sk182578
What about the disk I/O? This is also important for server environments.
We are making ongoing improvements in this area by reducing redundant forensic recording operations
Are there plans to include a Remote Access VPN client in Harmony Endpoint for Linux?
This is in the roadmap.
Will you support native integration between Harmony Endpoint and Google SecOps or Microsoft Sentinel ?
Harmony Endpoint uses Infinity Events to forward logs via syslog and customers parse th
e logs in their SIEM. If additional support is needed, please reach out to your local Check Point office with the specifics.
Any plan for HEP to collect an display a dashboard for HW and SW inventory from endpoints?
Machine hardware is already presented under Asset Management. Software inventory is planned of a bigger project to revamp Application Control towards the end of the year.
What about firewall management for Linux platforms as a key capability for Windows?
Hey, this is in our roadmap but not targeted to 2025. If you have this as a requirement, please reach out to your local office.
When did the honey pot files name change from (something related to CP name) to random characters?
As part of 88.41 release. it was done to enhance security
Will there be a unified client for all Check Point products in the future: IA, legacy VPN, Endpoint, SASE?
Check Point has decided to keep HEP+VPN, Harmony SASE, and Identity Awareness agents separately in 2025 to focus on each product enhancements. We are expecting consolidation later in years to come.
Why is 88.70 not the current recommended version?
We have a process to recommended a version that includes number of installed devices, time in the field, making sure it didnt introduce any degradation etc., so this will take more time.
Any plans to be compatible with Windows Hello (Fingerprint) in Pre-boot and other blades?
Windows Hello is tied to Bitlocker, which you can use with Check Point FDE. However, you will not have the Check Point pre-boot environment in this case.
Just wondering, for CPU reduction, is that based on specific blade or in general?
We are looking at it in general on an ongoing basis. In E88.70, we focused on a few specific areas (as discussed in the session).
Is the performance improvement focused mainly for Windows OS? Can we expect similar improvements in E89 for macOS in later versions?
E88.70 is for Windows. MacOS and Linux clients get gradual improvements. Next MacOS version is E89.10 - EA to start soon. Next Linux EA version to support Super Nodes in semi-isolated env will be available within several weeks - stay tuned
We have many users complaining about slow computer startups—it takes several minutes. Unfortunately, it hasn’t improved with version 88.70. A similar computer without endpoint starts in about a minute. How can this be improved?
We can investigate the root cause by a TAC SR. In many cases, having the appropriate exclusions significantly improves the performance.
How much additional memory is consumed with all this additional cache? Regardins DNS inspection and BG and Forensics Blade?
Even with these features enabled, the memory footprint for E88.70 should be roughly 50% of what it was in previous versions.
Would the logs from those offlines computers upload into the management server in the cloud?
Yes, Super Nodes proxy client communications, including updates, logs and even Threat Hunting which also allows using XDR
Is it possible to hide the honeypot files? customer does not like all the help desk calls they receive from their users because of the unusual hotpot file names and folders Honeypots are created to attract ransomware.
Customers can disable them via exclusions but may impact catch rate. We recommend to keep them and educate end users
Are you planning to improve the compliance section in the endpoint that says nothing but if I am in compliance or not? It never shows what’s the problem and I found it annoying.
Yes, we are planning to refresh Compliance and combine with Posture Management in a new Risk Dashboard - planned for H2-2025
If you run Defender in Passive mode, please ensure you have adjusted the Defender policy to not also use behavior guard, that will conflict with Harmony Endpoint Forensics blade and cause slow startup on pc etc.
Coexisting with another AV/EDR including Defender is not officially supported and not recommended because of potential conflicts. Defender should be automatically off on Windows workstations when HEP is deployed with Anti-Malware blade. On Windows Servers, it has to be explicitly uninstalled.
Is there any option to monitor which clients are connected to each super node on semi isolated environments?
yes, this was added as part of 88.70. you can see it in the asset mgmt view.
We are using playblocks to trigger auto-host isolation, but the push operations seems to take some time to run on the Endpoint - approx. 5 minutes for the isolation to complete post-infection. Can this duration be reduced?
You can reduce it to ~1 minute by adjusting the
Will the old 77.30-looking endpoint console app no longer be supported with E88.70? Currently on premises endpoint management has components that are missing from the Web UI and vice versa.
SmartEndpoint is still supported with E88.70. We are planning to deprecate this interface in an upcoming version.
Is it correct that Harmony Endpoint will support ARM CPU later this year?
ARM support is planned. Currently, HEP supports ARM for the media encryption blade.
For quarantine management, is there a way to push the file to the sandbox for testing before release?
If it’s quarantined, it’s already inspected. The new Quarantine Mgmt will allow to download quarantined files for SOC analyst review. Infinity XDR Investigate tab allows to emulate customer files on demand.
Users are able to edit the browser extension (Disable or enable and Disable the incognito prevention) is this addressed on 88.70?
All the major browsers provide a mechanism to control what plugins can be installed within their enterprise environment.
Do we have a auto-isolation feature that runs on the client, not triggered based on logs by push operations?
With the use of Playblocks we can create auto-isolation.
Are Linux releases going to keep track with OS releases? Ubuntu for instance.
We’ve invested a lot during the previous Q and plan to continue during this Q to minimze the time it takes to support a new version, and in this Q you will already see a significant improvement in the number of new supported versions that will be released.
When will Harmony Endpoint gain Identity Agent capability? We have to install a separate application for Identity Agent at the moment.
This is being addressed as part of Infinity Identity, which is currently in EA.
