This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
olowang
Explorer
‎2024-01-17 07:25 AM
Jump to solution

MacOS - Checkpoint Endpoint Security - Domain compliance check

Hello everyone,

 

I would like to know if there's any known limitation (that I could not found) about compliance rule bases on MacOS ?

I configured a System check in order to verify that the device belongs to the "example.com" domain.1.png

 

2.png

Unfortunately, I am getting a warning on my checkpoint client, stating that my computer doesn't belong to the domain that I configured, thus I cannot enable RESTRICTION as the check seems unstable.

This is not an isolated issue (over 75% of my devices return a "Warning" as the compliance status).

For instance, I have a COMPLIANT device running MacOS Sonoma 14.0 with Endpoint 87.41.4164. 

My own device which has the same configuration is running MacOS Sonoma 14.2 with Endpoint 87.41.4164 but is NOT COMPLIANT.

I couldn't find any information about HOW the check is performed. Does it checks if the connected user is a domain user ? Hopefully not, because we are not using mobile accounts.

Thanks a lot.

Regards.

Labels
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-01-26 09:48 AM
In response to olowang
Jump to solution

Looks like this is a known bug that is planned to be addressed as part of E88.20.
E88.20 is expected to be delivered during Q1 2024.

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2024-01-24 02:48 PM
Jump to solution

By domain, I think we mean Active Directory domain, not DNS domain.
Which is the case here?

0 Kudos
olowang
Explorer
‎2024-01-25 08:26 AM
In response to PhoneBoy
Jump to solution

Hello,

Indeed I am talking about an Active Directory Domain.

When I am authenticated on a mobile account, the compliance check succeed. Unfortunately, if a user use a local account, the compliance check fails and thus the client enter in restricted mode.

I just would like to highlight that I tried to upgrade afterward to the recommended version and the issue remains the same.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-01-26 09:48 AM
In response to olowang
Jump to solution

Looks like this is a known bug that is planned to be addressed as part of E88.20.
E88.20 is expected to be delivered during Q1 2024.

0 Kudos
olowang
Explorer
‎2024-02-01 04:50 AM
In response to PhoneBoy
Jump to solution

Hello PhoneBoy,

Thanks a lot for your feedback. Is there any resource that I can find about E88.20 or is it still only available internally ?

Also, do you know if there's any ETA about the Antivirus compliance check ? It is stated that it does not support Microsoft Defender yet so I am curious to know if this is planned for 2024.

Thanks a lot and have a nice day.

 

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-01 07:25 PM
In response to olowang
Jump to solution

E88.20 is not released yet, thus there is no public information about it.

@BarYassure any comment on MS Defender support?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2024-01-24 07:22 PM
Jump to solution

Note also that Sonoma requires a newer client version to be officially supported. 

E87.60 (EA)

E87.70 (GA)

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events