This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Tom_Kendrick
Employee
Employee
‎2019-08-13 02:33 AM

Check Point Endpoint Security versions / release schedules

Hi All,

I had some feedback, saying there’s a lack of understanding of the Endpoint release plans, so let me explain…  (Yes, we’re historically not the best as marketing and communications!)

First a little history lesson:

For those that remember, Endpoint installs were released on the same sort of frequency as Network releases.  You can see all releases documented here: sk117536.

However, around 2017, with the rise of Ransomware, R&D appreciated very much, that the world changed too fast, and to ensure our agent could proactively maintain its ability to prevent, a monthly release was necessary.

This allowed us to add features, and always aim to keep ahead of the bad guys (with new features, like Anti Ransomware, Behavioural Guard, Anti Exploit, PowerShell malware based prevention etc.) – this is our DNA – to give the best security.

This change definitely gave us more features, but, with anything, with a much shorter time to General Availability, and more “moving parts”, the opportunity for bugs to be introduced increased.

As part of an overlay team in CHKP, our team provides feedback, every 6 months to R&D in Tel Aviv, and they do listen!  We said - Customers felt they had to upgrade, and felt there were too many versions to maintain.

What we do now:

Today, we now, where possible, let you upgrade with no reboot, definitely reducing end user impact.  Their aim is to have Endpoint upgrade, just like Chrome does – silently if you want to (no, I have no idea what Chrome version I am running).

We also got R&D to provide 2 “channels” – recommended, and latest – see the info in the SK above.

E80.96 is the current recommended version.

However, there are numerous fixes (but also new features, which always carry the potential for bugs) in E81.10, and E81.20.  Such as the ability to support newer Windows versions.

So, we can see E81.10, and then E81.20 are the latest versions.

R&D release 2 “latest” versions, and then a new recommended version. So, as an example, E81.30 (the next expected recommended version) is just E81.20, with 10+ significant fixes included (the number of fixes can change).

If you prefer to stick to fewer updates, but less features, then the recommended updates channel is the one for you.

I hope this helps!

Tom Kendrick | EMEA Customer Success Manager & Evangelist – Office Of the CTO
Check Point Software Technologies Ltd.

clipboard_image_0.png

 

3 Replies
Alex_Gilis
Advisor
‎2019-08-28 11:08 PM

Given CVE-2019-8461, when will E81.30 become the recommended version instead of E80.9x?

0 Kudos
Tom_Kendrick
Employee
Employee
‎2019-08-29 08:59 AM
In response to Alex_Gilis

Hi Alex, I think the potential impact of this is lower than you may think, from reading the SafeBreach article alone - I've had a chat with R&D so let me explain (and then I can explain the process to make E81.30 the recommended version)...

Firstly, the issue is that Check Point End Point Security Initial Client/DA was patched due to a local privilege escalation vulnerability in the initial installation time on a system already had access to which SafeBreach researchers responsibly informed us about.
Installed agents and the Exported packages that are not the initial client are not vulnerable.
Customers who are using the Exported packages that are not the initial client can keep using it, customers deploying the Initial Client/DA should use the latest version E81.30. So, this should greatly reduce the potentially impacted clients base, but for new installs, yes, use the E81.30 Initial Client / DA or version if you wish.

The E81.30 will be the next recommended version, but, we still need to let it get deployed to many clients, get the right confidence level, and then we can make the switch. The time for this is based upon the number of deployed seats and feedback from TAC to the Management.

Once I do see the change, I'll of course update the list.

Tom
0 Kudos
Tom_Kendrick
Employee
Employee
‎2019-10-07 01:48 PM

I just wanted to update everyone, regarding the E81.30 Endpoint Security version.

We released, last Sunday, E81.30_HF.   This is planned to be marked as the recommended version, I hope, later this week!

Recommended status means the version has had wide deployment, high quality feedback from the field, and in this case, includes a fix to the browser extension. 

You can download this version from here.  E81.30_HF version/download replaces E81.30.  

 

Tom Kendrick.

0 Kudos