Create a Post

Product Announcements

cancel
Showing results for 
Search instead for 
Did you mean: 
Product Announcements

When Check Point announces a new version of product or a new jumbo hotfix, we'll announce it here.

Yifat_Chen
Employee Alumnus
Employee Alumnus

A new Ongoing Jumbo Hotfix Accumulator take for R80.20  (#141) was released today and is available for download. Please refer to  sk137592.

This take is an update for Take 138 which should not be in use from now on.

 

Release Content:

  • PRJ-10117 - In some scenarios, when Application Control and HTTPS Inspection are enabled and detailed or extended log is used, applications may not be matched correctly.
  • PRJ-9975 - In a rare cases, non-HTTP traffic on port TCP/80 dropped

Please note the following:

  • The new release is mentioned in the JHF sk137592
  • The new releases will not be published via CPUSE as a recommended version until it will be published as GA.
  • Availability:

o   Will be provided by customer support

o   Available for download via CPUSE by using package identifier.

Thanks, 

Release Managment group 

Read more
2 5 3,325
Yifat_Chen
Employee Alumnus
Employee Alumnus

Hi All

 

A new Ongoing Jumbo Hotfix Accumulator take for R80.30  (#155) was released today and is available for download. Please refer to  sk137592.

 

Release Content:

  • PRJ-10115- In some scenarios, when Application Control and HTTPS Inspection are enabled and detailed or extended log is used, applications may not be matched correctly.
  • PRJ-9968 - In a rare cases, non-HTTP traffic on port TCP/80 dropped

Please note the following:

  • The new release is mentioned in the JHF sk137592
  • The new releases will not be published via CPUSE as a recommended version until it will be published as GA.
  • Availability:

o   Will be provided by customer support

o   Available for download via CPUSE by using package identifier.

 

Yifat Chen

Read more
0 0 703
Itamar-cohen
Employee
Employee

Overview

R80.40 was announced on January 28, 2020.

R80.40 was already released in AWS and GCP.

 

Important: Version R80.40 initially recommended for customers who are interested in implementing the new features described at the formal announcement. Check Point will declare the version as default after a significant adaptation and currently, R80.30 is the recommended version.

 

GitHub Templates and Azure Marketplace

The new R80.40 templates for the Azure marketplace are in the publication process. The publication process can take a few weeks. In the meanwhile, R80.40 templates for easy solutions deployment can be found in our GitHub repository together with instruction for use.

 

Released Azure Templates in GitHub

  • Single GW
  • Management
  • Multi-Domain Server
  • HA (High Availability)
  • Scale Set
  • Standalone (available for deployment from Single GW template)

 

Python3

Python2 is no longer supported (since Jan 1st, 2020) as such we are in the process of updating all of our CloudGuard IaaS products. The newly released R80.40 images in Azure are already updated to Python3.

 

Related SKs/Documentation

Read more
2 0 806
Ami_Barayev1
Employee Alumnus
Employee Alumnus

We are happy to announce the release of Endpoint Security Client E82.40.

E82.40 introduce new functionalities and quality improvements.

The complete list of improvements can be found in the version release’s Secure Knowledge sk164956

Windows CryptoAPI Spoofing Vulnerability – CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.

The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

SandBlast Agent can detect and prevent this vulnerability for un-patched systems.  

1.jpg

 

2.jpg

 

Behavioral Guard enchantments

  • Meterpreter Reverse Shell detections are now active by default.
    • Reverse shell attacks obtain control over a compromised system, an attacker usually aims to gain interactive shell access for arbitrary command execution which is very complex to detect.  
  • New injection detections including Process Hollowing are now active by default.
    • Process Hollowing is a code injection technique in which the executable section of a legitimate process in the memory is replaced with malicious code.
  • Forensics can now identify starting points of attacks originating from lateral movement and Windows Management Instrumentation (WMI). Indirect execution on a single machine through WMI is now detected and followed in the Forensics Analysis.
  • Behavioral Guard now detects Windows-reported CVEs to generate a log and Forensic Analysis.

Below is a forensic report for Process Hollowing

3.jpg

 

4.png

 

5.jpg

 

Threat Prevention enhancements and fixes

  • Improves performance slightly by removing unnecessary logs from Behavioral Guard.
  • Fixes an issue in the Forensics Log Card to report a trigger rather than the process of a trigger.
  • Fixes an issue with a Forensic crash in a Virtual Disk Infrastructure (VDI) environment.
  • Anti-Bot detection status now updates to the server User Interface continuously for additions and removals from the client.
  • Fixes an issue that can cause the Anti-Exploit service to crash in x86 systems, after an upgrade.
  • Fixes a rare issue where the machine hangs during an upgrade (related to a driver that Anti-Exploit uses).
  • Fixes an issue where Anti-Exploit may not work immediately after an upgrade.
  • Resolves the issue where an Anti-Malware infection event is not showing in SmartEndpoint Reporting, if special characters are in the path.
  • Resolves an issue where Anti-Malware reporting does not update in SmartEndpoint, after the infections list changes in the Anti-Malware blade.
  • Fixes an Anti-Malware system scan memory issue, when scanning files with alternate data streams.

Data and Access Protection enhancements and fixes

  • Resolves an incorrect report about the Full Disk Encryption blade not running during a Windows shutdown, when the Deployment Agent (CPDA) does not receive a shutdown notification.
  • Sets BCDBOOT as the default on fresh installs.
  • Fixes Unified Extensible Firmware Interface (UEFI) to use the customized image rebrandings of UEFI preboots.
  • No longer forces a reboot when the pre-boot bypass is off, by policy.
  • Resolves a possible issue where the Firewall blade has the Initializing status after an upgrade due to some missing dll files.
  • Resolves a possible issue where registry parsing, while self-protection is active, causes a BSOD.
  • Fixes the vsdatant.sys driver synchronization issue that causes a BSOD on driver unload.
  • Resolves the issue where Long Term Evolution (LTE) and Universal Mobile Telecommunication System (UMTS) devices are not recognized as wireless by the "Disconnect wireless connections when connected to the LAN" feature.
  • Fixes and removes the requirement to install Visual Studio 2017 runtimes when running the Media Encryption offline utility "Access to Business Data". Note: The Mac offline utility now supports macOS Catalina (10.15).
  • Fixes an issue where the location inside the organization is not recognized properly.
  • Adds the detection of McAfee Security Endpoint v10.6 into Secure Configuration Verification (SCV).
  • Fixes an issue where the user is not able to use several question marks in the password.

Installer and general enhancements and fixes

  • Resolves a possible issue where the client upgrade fails, when the Anti-Malware blade cannot reach a database file, after an ungraceful process termination.
  • Resolves a sudden reboot, after a client upgrade finishes, before a custom countdown timer ends.
  • Resolves an issue where Installer terminates on machines with specific locales, if the user has a name with specific localized UTF-8 characters.
  • Resolves a possible issue where the installation fails, by waiting for a process from a previous installation to stop.
  • Increases the timeout value for Windows Installer (MSI) to wait for Full Disk Encryption to finish a deployment in offline mode.
  • Fixes the Full Disk Encryption uninstall, after a Windows 10 upgrade.
  • Fixes an issue with the Deployment Agent (CPDA). Now, it tries to resend the UpdateRegister message, when the machine has network configuration changes, if the message did not go through, during startup.
  • Resolves an issue where the "Disconnected Policy" is not defined, and appears in the display, when the client is connected.
  • Fixes the issue of duplicate user objects for the same user in Other Users / Computers.

 

 

Best

Ami.B

 

 

Read more
2 0 1,459
Yifat_Chen
Employee Alumnus
Employee Alumnus

A new GA SmartConsole (Build #176) for R80.10 (Replacing Build #161)  is available. Please refer to sk119612

Thanks, 

Release Management team  

 
 

Read more
1 0 689
Itamar-cohen
Employee
Employee

Overview

R80.40 was announced on January 28, 2020.

R80.40 was already released in AWS, and soon Azure will follow.

 

Important: Version R80.40 initially recommended for customers who are interested in implementing the new features described at the formal announcement. Check Point will declare the version as default after a significant adaptation and currently, R80.30 is the recommended version.

 

Released GCP Solution in R80.40

  • Single GW
  • Management
  • HA (High Availability)
  • MIG (Multi-Instance Group)

 

Future Solution

  • Standalone

 

Python3

Python2 is no longer supported (since Jan 1st, 2020) as such we are in the process of updating all of our CloudGuard IaaS products. The newly released R80.40 images in GCP are already updated to Python3.

 

Related SKs/Documentation

Read more
1 0 585
eranzo
Employee
Employee

A new Ongoing Jumbo Hotfix Accumulator take for R80.20 (Take #138) is available. Please refer to sk137592

This take updates take 135 that was released on Jan 23rd.

Thanks, 

Release Management group 

Read more
0 2 1,379
Yifat_Chen
Employee Alumnus
Employee Alumnus

Hi,

R80.30 Jumbo HF Take #140 is now our GA take (replacing take 111) and will be available for download to all via CPUSE (as recommended) and via sk153152.

 

Release Highlight:

  • IPs Geo policy security issue(PRJ-7459)
  • Predictable sequence numbers in CPAS (SA-237, PRJ-8198
  • Management HA synchronization fails with error "Failed to export data" on Multi-Domain Management or Security Management server environment with at least 3 machines (PRJ-8217)
  • In some scenarios, the Smart-1 3150 appliance becomes unresponsive after enabling the optical interface. (PRJ-6219)

Thanks,

Release Management Group

Read more
6 0 1,643
Itamar-cohen
Employee
Employee

Overview

R80.40 was announced on January 28, 2020. CloudGuard customers, for the first time, can enjoy CloudGuard solution in less than a week after an official release.

R80.40 is first released into AWS, GCP and Azure will follow in the upcoming days.

 

Together with this release, we also released a CME (Cloud Management Extension) package for R80.40. It is based on the latest released CME Take 79.

 

Important: Version R80.40 initially recommended for customers who are interested in implementing the new features described at the formal announcement. Check Point will declare the version as default after a significant adaptation and currently, R80.30 is the recommended version.

 

Released CFT (Cloud Formation Template) Solution for R80.40

  • Single GW
  • Management
  • MDS (Multi-Domain Server)
  • ASG (Auto Scaling Group)
  • TGW (Transit Gateway) with ASG

 

Future Solution (not yet released as CFT for R80.40)

  • Standalone (new listing for R80.40)
  • Cluster in Single AZ (Availability Zone)
  • Cluster Across AZ
  • TGW with Cluster Across AZ

 

Python3

Python2 is no longer supported (since Jan 1st, 2020) as such we are in the process of updating all of our CloudGuard IaaS products. The newly released R80.40 images in AWS are already updated to Python3. CME Take 79, still based on Python2 and we are in the process of updating it as well.

 

Related SKs/Documentation

Read more
1 0 778
Yifat_Chen
Employee Alumnus
Employee Alumnus

A new Ongoing Jumbo Hotfix Accumulator take for R80.30 (Take 140) was released today and is available for download. Please refer to  sk153152

This take is updated take 136 (released on Jan 22nd)

Release Content:

  • PRJ-9410 - In some scenarios, Security gateway crashes when the Priority Queue feature is enabled.

 

Please note the following:

  • The new releases is mentioned Jumbo SK: sk153152
  • The new releases will be published via CPUSE as a recommended version once it will be published as GA.
  • Availability:

o   Will be provided by customer support

o   Available for download via CPUSE by using package identifier.

For more information on Jumbo releases, please refer to this thread “R80.XX Jumbo Hotfix Accumulator - Did You Know?“ 

Read more
1 1 1,753