This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
JonnyRabinowitz
Employee
Employee
‎2024-04-22 02:26 AM

Harmony Endpoint Security Client E88.30 for Windows is now available as GA

Happy to share!!

Check Point Harmony Endpoint Security Client E88.30 for Windows is now available as GA (General Availability). This release includes both enhancements and resolved issues.

Enhancements

Enhancements included in this release include the following:

  • Disable Capabilities Enhancements:

Within the “General” section of the “Client Settings” under policy, there is an option that can allow end users, to disable client capabilities from the client UI. There are two enhancements added to this capability:

    • Password: It is possible to define a password, that must be entered on the client UI, before capabilities can be disabled
    • Timeout: Period, defined in minutes, after which any detection capabilities disabled will be automatically restored to operation, if this was not previously done

Can see more information in the relevant section in the Administration Guide: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...

  • DNS Inspection Support:

The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point Threat Cloud engines for the analysis of DNS traffic. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process. Existing Anti-Bot settings apply to the DNS detections as well

  • CPInfo Collection to S3

“Push Operations” allow requests to be sent to specific clients. When selecting “Collect Client Logs” under “Agent Settings”, there is an additional option available to upload the log data (CPInfo) to Amazon Simple Storage Service (S3) where it can be later accessed

  • Ability to change Harmony Endpoint client's language from the management UI

Within the “User Interface” section of the “Client Settings” under policy, there are additional options that allow explicit selection of a language for utilization in the client UI. These options are in addition to the previously supported functionality which can still be enabled by selecting the “Default” option. When ‘Default’ is selected the client attempts to utilize the language as determined by the locale defined on the client. If language display for the locale is not supported on the client, then English will be used as the client language

  • Changes to Threat Emulation Blade

Previously, the Windows client included the “Threat Emulation” blade. This blade allowed for selection of the Detection Mode for “Files Threat Emulation” mode and this setting also implicitly set the Prevent / Detect mode for other capabilities that execute in the same blade, such as File Reputation and Static Analysis detections. The “Threat Emulation” blade was also required to be running when selection of E2 Anti-Malware engine was selected

This has now been changed as follows:

    • The “Threat Emulation” blade is now displayed in the client UI as the “File Protection” blade. This better reflects the broader set of capabilities it includes that are related to detections on files, of which “Threat Emulation” is only one capability
    • Within the “Advanced” policy settings for “Web &Files Protection” in “Threat Prevention Policy Settings” it is possibly to separately configure detection settings for each of the following:
      • Threat Cloud Reputation
      • Offline Reputation
      • Static Analysis
        • Office Files
        • Executable Files
        • DLL Files
  • Other Enhancements:
    • Added ability to update Static Analysis models and Offline Reputation hash lists (OFR)OFR offline. Refer to sk180690 for more details as to perform Offline Update.
    • EPS-56719:  Improved the time it takes to upload events to threat hunting
    • Full Disk Encryption (FDE)
      • PIV Smartcard driver now supports IDEmia Cosmo 8.1 cards and compressed certificates.
      • Both the FDE classic Pre-boot and Smart Pre-boot flows are now refined to a smoother flow for visually impaired users.
  • Security Enhancements:

There are multiple security enhancements in this release including the following:

    • EPS-56439:  The detection of ransomware is now faster. Implemented a new mechanism that can potentially pause and prevent ransomware encryption from occurring in certain scenarios, particularly during the initial stages of an attack.
    • Multiple enhancements to extended scope of behavioral indicators that can be created and improve their accuracy. This increases the coverage of distributed signatures

Please see sk182109 for the complete list of enhancements and resolved issues in this release

Also please feel free to reach out to me directly for any further clarifications and / or information on Early Access (EA) programs. Early Access programs for semi-isolated networks are continuing

Regards

Jonny Rabinowitz | Harmony Endpoint Product Manager
Check Point Software Technologies Ltd. | M +972.54.4970073 | jonnyr@checkpoint.com

6 Replies
cstueckrath
Collaborator
‎2024-04-24 02:28 AM

Hello Jonny,

there are some very good enhancements in this version. However, we observe being unable to register clients to our DNS-Servers when this version is installed. Lookups work fine, though.

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-04-24 02:33 AM
In response to cstueckrath

Thanks for the feedback. Note this release includes analysis of DNS requests. Can you please check whether you have any anti-bit detections related to these DNS messages?

====================================================================================================

The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point Threat Cloud engines for the analysis of DNS traffic. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process. Existing Anti-Bot settings apply to the DNS detections as well

0 Kudos
cstueckrath
Collaborator
‎2024-04-24 02:47 AM
In response to JonnyRabinowitz

nothing in the logs.

If we disable Threat Prevention on the client we can register again, so it might be related to the current change in the Anti-Bot blade.

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-04-24 03:18 AM
In response to cstueckrath

sorry to hear that

if internal to C P can you send coinfo collected during issue

is customer can only recommend to open TAC case. If unicast me SR I will help to get it escalated

0 Kudos
cstueckrath
Collaborator
‎2024-04-25 04:31 AM
In response to JonnyRabinowitz

Issue has resolved itself. All systems can register again. ¯\_(ツ)_/¯

0 Kudos
the_rock
Legend
Legend
‎2024-04-25 04:42 AM

Tested in my windows VM, very good so far.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top