Happy to share!!
Check Point Harmony Endpoint Security Client E88.30 for Windows is now available as GA (General Availability). This release includes both enhancements and resolved issues.
Enhancements
Enhancements included in this release include the following:
- Disable Capabilities Enhancements:
Within the “General” section of the “Client Settings” under policy, there is an option that can allow end users, to disable client capabilities from the client UI. There are two enhancements added to this capability:
- Password: It is possible to define a password, that must be entered on the client UI, before capabilities can be disabled
- Timeout: Period, defined in minutes, after which any detection capabilities disabled will be automatically restored to operation, if this was not previously done
Can see more information in the relevant section in the Administration Guide: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...
The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point Threat Cloud engines for the analysis of DNS traffic. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process. Existing Anti-Bot settings apply to the DNS detections as well
“Push Operations” allow requests to be sent to specific clients. When selecting “Collect Client Logs” under “Agent Settings”, there is an additional option available to upload the log data (CPInfo) to Amazon Simple Storage Service (S3) where it can be later accessed
- Ability to change Harmony Endpoint client's language from the management UI
Within the “User Interface” section of the “Client Settings” under policy, there are additional options that allow explicit selection of a language for utilization in the client UI. These options are in addition to the previously supported functionality which can still be enabled by selecting the “Default” option. When ‘Default’ is selected the client attempts to utilize the language as determined by the locale defined on the client. If language display for the locale is not supported on the client, then English will be used as the client language
- Changes to Threat Emulation Blade
Previously, the Windows client included the “Threat Emulation” blade. This blade allowed for selection of the Detection Mode for “Files Threat Emulation” mode and this setting also implicitly set the Prevent / Detect mode for other capabilities that execute in the same blade, such as File Reputation and Static Analysis detections. The “Threat Emulation” blade was also required to be running when selection of E2 Anti-Malware engine was selected
This has now been changed as follows:
- The “Threat Emulation” blade is now displayed in the client UI as the “File Protection” blade. This better reflects the broader set of capabilities it includes that are related to detections on files, of which “Threat Emulation” is only one capability
- Within the “Advanced” policy settings for “Web &Files Protection” in “Threat Prevention Policy Settings” it is possibly to separately configure detection settings for each of the following:
- Threat Cloud Reputation
- Offline Reputation
- Static Analysis
- Office Files
- Executable Files
- DLL Files
- Other Enhancements:
- Added ability to update Static Analysis models and Offline Reputation hash lists (OFR)OFR offline. Refer to sk180690 for more details as to perform Offline Update.
- EPS-56719: Improved the time it takes to upload events to threat hunting
- Full Disk Encryption (FDE)
- PIV Smartcard driver now supports IDEmia Cosmo 8.1 cards and compressed certificates.
- Both the FDE classic Pre-boot and Smart Pre-boot flows are now refined to a smoother flow for visually impaired users.
- Security Enhancements:
There are multiple security enhancements in this release including the following:
- EPS-56439: The detection of ransomware is now faster. Implemented a new mechanism that can potentially pause and prevent ransomware encryption from occurring in certain scenarios, particularly during the initial stages of an attack.
- Multiple enhancements to extended scope of behavioral indicators that can be created and improve their accuracy. This increases the coverage of distributed signatures
Please see sk182109 for the complete list of enhancements and resolved issues in this release
Also please feel free to reach out to me directly for any further clarifications and / or information on Early Access (EA) programs. Early Access programs for semi-isolated networks are continuing
Regards
Jonny Rabinowitz | Harmony Endpoint Product Manager
Check Point Software Technologies Ltd. | M +972.54.4970073 | jonnyr@checkpoint.com