Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Endpoint Security / SandBlast Agent Newsletter - Version E83.20

Guy_Avnet
Employee
Employee
1 3 1,169

Hi all,

 

We are happy to announce the release of Endpoint Security Client E83.20.

 

The complete list of improvements can be found in the version release’s Secure Knowledge sk168081.

But here are the most exciting ones…

 

New windows support

E83.20 has full support (all blades and packages) for Windows 10 20H1 (version 2004)

 

Browser Extension support Microsoft Edge (Chromium) & Chrome for Mac

SandBlast Agent Browser Extension now supports Microsoft Edge (Chromium) and Chrome for Mac with the following capabilities:

  • URL Filtering (WebUI only)
  • File Download Protection
  • Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection

The extension is installed automatically together with the new version

Supported & Next To Come:

Guy_Avnet_0-1598542037401.png

 

E83.20 for macOS

Guy_Avnet_1-1598542037404.png

The version supports the following capabilities:

  • Anti-Malware blade is now GA
  • URL Filtering with SandBlast Agent Chrome Browser Extension
  • Advanced VPN features are now also available on Mac:
    • Multiple Factor Authentication
    • Multiple Entry Point
    • Implicit Mode
    • Secondary Connect

 

Follow sk166955 for more information on the E83.20 release for macOS.

 

New advanced protections

  • "Pass The Hash" detection in Behavioral Guard has been enhanced, to recognize more “Pass The Hash” attempts.
    Pass The Hash is used by an attacker to do remote authentication by utilizing the hash of an account password. In other words, the attacker does not need the actual plaintext password.
    This technique in essence allows for lateral movement in an organization.
  • Improved malicious LNK files detection
    Behavioral Guard was enhanced, to detect malicious LNK files (windows shortcut / direct link to a file). It analyzes the target of a LNK file to determine if the LNK file itself is malicious.
    LNK files are mostly though not exclusively utilized maliciously to start LOLBins (Living Off The Land Binaries) like Windows OS executables. Some common targets for malicious LNK files include CMD, powershell, and wscript.

In addition, the Forensics Analysis now can determine whether the attack originated from an LNK file and the Forensics Report shows the targets of all LNK files in an incident.

 

Content view in the Forensics report

The Forensics Report now has been enhanced to show all AMSI content and LNK targets in a new single view called the Content View. This view is accessible under the Incident Details Menu option

Guy_Avnet_2-1598542037412.png

 

Full Disk Encryption – pre-boot screen

The Full Disk Encryption pre–boot has a modernized look and feel along with updates to the color-theme and background images.

Guy_Avnet_3-1598542037416.png

 

Stay safe,

Guy A.

3 Comments
BorisL
Contributor

Hi.

Since a few versions ago, when Check Point Endpoint is installed in Mac, Screen Sharing does not work. Even when disconnected.Even when client is stopped. Firewall is off. in the Mac. The only way it works again is uninstalling Endpoint. Are you aware of this problem?

_Val_
Admin
Admin

AFAIK, there are some limitations related to EPS functionality on Mac. Screen sharing and AirDrop are part of those. 

BorisL
Contributor

Thanks. Hope they fix it soon as it prevents doing remote support, even from the local network.

One other problem I have found is that when authentication is about to expire and after providing credentials, the connection terminates anyway. It does not reset the authentication timeout.

 

Labels