- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Slides are posted below the Q&A, which is below the video.
Refer to: https://support.checkpoint.com/results/sk/sk170198
Planned for Q4 2024
Not at present, please contact your local Check Point office.
Currently we support as far back as Windows 7 and Windows Server 2008 R82. Refer to the release notes for a complete list: https://sc1.checkpoint.com/documents/E88.x/EN/Endpoint_Security_Clients_for_Windows_RN/Content/Topic...
Yes, the encryption is based on our FDE solution. On Windows, you can also integrate with Bitlocker. On the Mac, we use FileVault.
Not planned because we know that during attack the CPU will spike. We don't want to take a security risk. Having said that, in the upcoming E88.70 release, we will introduced major improvements in CPU consumption.
All engines are installed as configured in the “software deployment” rules. You can start with any and add later the other engines. Detect mode will tigger alert logs but will not stop the the files/operations.
We don't currently have integration plans, but you can export the data and to use it on QRadar.
For some products, yes. See: https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...
No, you can choose RBAC based on the different roles we have on the Infinity Portal.
Yes, you can deploy HEP on Cloud / On-Prem / Hybrid / Semi-Isolated environments.
In addition to what's been presented here, there are some other tricks for MSSPs, as we have introduced our new MSSP Platform, which includes a policy templates you can use.
No additional cost is needed. We also have a migration tool to make the transition as easy as possible.
You can uninstall the agent directly from the management console using a Push operation.
Yes, 3 months after Cloud for most features.
Yes, it is part of our Roadmap
Yes, as long as you don’t deploy AM blade and configure mutual exclusions (e.g. by AV vendor software certificate). However, 3rd party AV replacement is recommended to unify endpoint clients and security operations.
The recommend version has significant customer adoption. The latest version may have newer features/functionality and/or support additional operating system versions. Choose what is best for your needs.
But it is important to say, all other versions are completely safe and we release them only after a comprehensive QA cycle.
90 days by default. Additional log retention can be purchased.
No, a clean upgrade without changing the blades/features will not cause a reboot. If you are switching between E1 and E2 versions, a reboot is required to ensure all E1 components are removed.
It is based on the software deployment policy the admin implemented.
We have many options - Tiny agent, links, etc
Please review: https://support.checkpoint.com/results/sk/sk178307
This is only required when adding Media Encryption / Full Disk Encryption.
Yes, it is part of our roadmap. Current expected timeline is Q1 2025, but this is subject to change.
Yes, they can delay the installation and reboot based on the policy that the admin choose to implement.
You can install remotely with a push operation based on active directory ( using a source machine to spread the installation): https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Harmony-Endpoint-Admin-Guide/...
For isolation only: keep the policy as is. A migration tool is not currently on the roadmap. You cannot have both firewalls enabled at the same time.
The new engine is much better, this is why we decided to announce it as our default engine a few weeks ago.
Yes, it is ideal to separate servers & workstations groups and to set the relevant policy for each one.
Yes, we are working on a new "Exclusions Catalog" which targeted for Q1 2025.
Behavioral Guard & Forensics already have predefined certificate-based exclusions for some AV vendors. You can add more. Don’t deploy AM blade. Exclude HEP agent from AV as well (e.g. relevant folders in Program Files, Program Data, and HarmonyBackup folders in root of each volume).
Yes, you can.
Yes, it is part of our roadmap
Currently it is not supported to have more than one domain controller as a target for a specific domain. We are checking it at the moment, hopefully the answer will be "YES" soon.
Yes, it is already supported, you will soon see it as part of the management console
You can actually set the AD Scanner to refresh every 5 minutes. And we will allow usage of AzureAD/EntraID in the near future.
Yes, you can 🙂
In most cases, this is not required.
Depends on your use cases and AD/Entra-ID structure (user/machine groups/OUs): e.g. URLF policies make sense for users while EPP+EDR features should protect all users from cyberattacks equally.
Yes, we are working on a new "Exclusions Catalog" 🙂
Yes, see https://support.checkpoint.com/results/sk/sk178064 (This applies to Endpoint Management also)
You can use the "Low memory mode" to reduce it. You can also use our "Run Diagnostics" tool. The upcoming E88.70 release will include dramatic improvements in RAM and CPU usage.
Yes, it will close some gaps we have been on-premise and cloud management. This includes features added in the last six months (except for the upcoming DLP).
This currently requires customizing the MSI with VPNTool.
The default log retention for all HEP packages is 90 days 🙂
Yes, we have our HEP MSSP view, where you can see all the data from all of you HEP child tenants. Additionaly, from the Infinity Events you can see the logs from all other Check Point products.
Use Run Diagnostics push operation to get an interactive report and suggested exclusions
It is able to remediate 100% the attack: stop the attack, identity all processes/files that took place and delete/stop them. If files were harmed by ransomeware or wiper they will be restored.
Definitely! And many more security features. Harmony Email prevents threats incorporate email (~80% of attacks), while Harmony Endpoint prevents or blocks the rest. It’s the last line of defense.
Both.
Correct. if you want to see details just for one tenant you should log to the relevant tenant. In the MSSP View, you can also take actions for child accounts - Policy, Exclusions, reports, etc.
Very soon, it will be part of client version E88.60.
Yes, 100% form the portal.
Yes, initial deployment requires reboot. But we recommend deployment of a complete exported package via GPO/SCCM/UEM in the same corporate network to optimize bandwidth consumption.
We expect to be available in the next couple of weeks.
For URL Filtering, you can do an exclusion based on URL. For anti-phishing, domain only.
Yes.
Refer to: https://support.checkpoint.com/results/sk/sk181679
Legacy” exclusions will be converted automatically with a wizard.
XDR is an add-on to Check Point products such as Harmony Endpoint.
Yes, with latest jumbo HF..
You can block specific EXEs (or use a whitelist approach) to ensure UltraSurf and similar apps do not run.
DLP...in the coming weeks 🙂
Mobile - Q3, Email - yes
For various reasons, we only share PDFs of the slides on the community.
Hi @PhoneBoy ,
try to open sk from question:
Yes, see https://support.checkpoint.com/results/sk/sk1780649 (This applies to Endpoont Management also)
page is not available, can you check from your side? 
There were a couple of typos in that answer. the correct link is https://support.checkpoint.com/results/sk/sk178064. Also, fixed above.
@PhoneBoy One question came to my mind, since I was unable to attend webinar...any clue until what date can customers delay upgrading to E2 and IF they choose not to do it, will CP sort of gradually "force" it no matter what?
Best,
Andy
To be on the safe side, I would ensure migrations to E2 clients occur well before the End of Support date of 29 September 2024.
Our official statement on the matter: https://community.checkpoint.com/t5/Endpoint/End-of-Support-for-Non-US-DoC-Compliant-Versions-of-Har... 
Thank you, appreciated, as always!
All the Q&A has now been added to the post.
Love seeing all the questions!
I often hear people say questions are super important...very true.
Thanks for the very informative webinar. I forgot to ask my question about system requirements for different operating systems. e.g Windows 10/11/12 and Windows Server versions. I know there's a prerequisite section for Linux machines given in the Harmony Endpoint guide but I couldn't find system requirements for Windows client and Windows server machines in terms of hardware, CPU processing power and RAM. Can you please answer this query?
Those requirements are listed in the Release Notes here: https://sc1.checkpoint.com/documents/E88.x/EN/Endpoint_Security_Clients_for_Windows_RN/Content/Topic...
Can you please share slides in PPT format as well?
For various reasons, we only share PDFs of the slides on the community.
Hi @PhoneBoy ,
try to open sk from question:
Yes, see https://support.checkpoint.com/results/sk/sk1780649 (This applies to Endpoont Management also)
page is not available, can you check from your side? 
There were a couple of typos in that answer. the correct link is https://support.checkpoint.com/results/sk/sk178064. Also, fixed above.
Hi, where I can run Diagnostic Tools saw on this beautiful webinar at 46:46 minute?
Thank you
HI,
In can it is still open 😉 
Push Operation > Add > Agent Setting > (Scrolled Down) Run Diagnostic 
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 5 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY