This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-05-10 03:11 AM
Jump to solution

Low Memory Mode w. Endpoint Security E87.30 Windows Clients

The newest Endpoint Security E87.30 Windows Clients have a new feature:

Behavioral Guard
EPS-50725 NEW: Added Low Memory Mode, which reduces memory consumption. Note that this mode may change the security level because it is based on a smaller amount of signatures.

 

We can enable it here:

Bildschirmfoto 2023-05-10 um 12.16.17.png

We can use this new feature when configuring a package for export:

Min1.png

Now we can enable the Minimize Package size option and select the Anti-Malware Settings signature profile footprint:

Min2.png

I would think that Minimum signatures means only most important signatures, but when selecting none, at least part of Anti-Malware blade gets disabled.

Is there any detailed information available, e.g.:

Which kind of signatures are included ?

Which kind of signatures are not included ?

Is this Behavioral Guard or AV or what ?

@Chris_Atkinson any internal hints 😉

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
2 Solutions

Accepted Solutions
MikeB
Advisor
‎2023-05-12 07:55 AM
In response to G_W_Albrecht
Jump to solution

Hi @G_W_Albrecht.

If I'm not mistaken, the option to include the anti-malware signatures when configuring a package for export has been available for some time and I would understand that it refers to whether or not the installer package includes the signatures at deployment time. This makes the installer more or less large in size. If configured without signatures, at the end of the installation the agent downloads them, while if configured complete, the agent has much less to update.

I'm not sure if this is related to the new "low memory mode" in Behavioral Guard.

 

View solution in original post

0 Kudos
JonnyRabinowitz
Employee Alumnus
Employee Alumnus
‎2024-03-13 03:50 AM
In response to J_B
Jump to solution

Mike B's feedback is correct

Minimal signatures is a temporary state, which allow creating a smaller package.

After 1st update, AM will download the full set of signatures

 

Signatures updates are sent as deltas

View solution in original post

8 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-05-11 07:15 AM
Jump to solution

Any idea, @BarYassure ?

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
MikeB
Advisor
‎2023-05-12 07:55 AM
In response to G_W_Albrecht
Jump to solution

Hi @G_W_Albrecht.

If I'm not mistaken, the option to include the anti-malware signatures when configuring a package for export has been available for some time and I would understand that it refers to whether or not the installer package includes the signatures at deployment time. This makes the installer more or less large in size. If configured without signatures, at the end of the installation the agent downloads them, while if configured complete, the agent has much less to update.

I'm not sure if this is related to the new "low memory mode" in Behavioral Guard.

 

0 Kudos
G_W_Albrecht
MVP Silver
MVP Silver
‎2023-05-12 12:19 PM
In response to MikeB
Jump to solution

I am also not sure - that is the reason of my post 8)

> Note that this mode may change the security level because it is based on a smaller amount of signatures.

Does not sound like all will be downloaded. The TinyClient Package is used to make the installer less large in size and download the rest in parts.

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
anstelios
Collaborator
‎2023-05-15 01:48 AM
In response to G_W_Albrecht
Jump to solution

"Note that this mode may change the security level because it is based on a smaller amount of signatures."

 

This  warning is about "low memory mode" as shown in Behavioral Protection advanced settings and it's not related to export package options.
"Included Signatures" in "Minimize package" has been available for a long time now and it should reduce the the size of the exported package and not the security effectiveness of the client since all signatures would be downloaded after installation.

A verification of the above from a CP representative would be appreciated.

Also we would like to know what kind of signatures are disabled in low memory mode..

0 Kudos
J_B
Collaborator
‎2024-03-07 06:52 AM
Jump to solution

Is there any further information on this?  There seems to be a lack of documentation regarding the newer Dynamic packages.

I have created and exported 2 packages, one with FULL signatures (800mb) and one with MIN signatures (423mb).  The difference in size is huge.

Are the AV signatures really nearly 400mb?  Is that the size of the signature update that clients download every time they get a new daily signature update?  If so, then what would the point of a FULL signature package be as it'll only be up to date on the day that it was created.  If that package was used to install the client on a device a week later then it would then have to pull down newer signatures anyway after installation.

Thanks

 

0 Kudos
JonnyRabinowitz
Employee Alumnus
Employee Alumnus
‎2024-03-13 03:50 AM
In response to J_B
Jump to solution

Mike B's feedback is correct

Minimal signatures is a temporary state, which allow creating a smaller package.

After 1st update, AM will download the full set of signatures

 

Signatures updates are sent as deltas

Pavlo
Participant
‎2024-05-09 02:18 AM
In response to J_B
Jump to solution

Hello everyone!

Is there any idea how to get initial agent on on-prem when using only new Dynamic packages?

it is not a problem in cloud. Have i to use initial msi packet via Smart Endpoint?

Thanks!

0 Kudos
JonnyRabinowitz
Employee Alumnus
Employee Alumnus
‎2024-05-09 03:26 AM
In response to Pavlo
Jump to solution

[ For future would recommend opening a new topic for this to give more visibility since may not clear from thread title ]

The is a known pending item for Web UI on premise

It will be resolved in next MT release (R82) and next R81.20 JHF.

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events