Create a Post

Product Announcements

cancel
Showing results for 
Search instead for 
Did you mean: 
Product Announcements

When Check Point announces a new version of product or a new jumbo hotfix, we'll announce it here.

Yifat_Chen
Employee Alumnus
Employee Alumnus

Hi All 

R80.30 Jumbo HF Take #191 is now our GA take (replacing take 155) and will be available for download to all via CPUSE (as recommended) and via sk153152

 

  • Blink image (R80.30 Take 200 + R80.30 Jumbo Take 191) is also available as recommended in CPUSE and via   sk153152  (R80.30 Take 200 + R80.30 Jumbo Take 191)

 

Release Highlight (from take 163-191):

  • Added support of Jumbo Hotfix Accumulator on Smart-1 625 appliances
  • Updated CPM Doctor script version was added. Refer to sk117219 for more details.
  • Added support for proxy configuration when downloading CRL from a VSX device. Refer to sk151115
  • Log Exporter feature exports log attachment identifiers and adds the ability to fetch them through the Management API command.
  • PRJ-10897 - In a rare scenario, Security Gateway may crash on cluster fail-over when ISP redundancy is configured.
  • PRJ-9461 - Added ability for R80.30 Security Management or Multi-Domain Server to manage R80.40 Security gateway. Refer to sk164652.
  • PRJ-9813 - Added support for Jumbo Hotfix installation on Check Point 3600, 6200, 6600 and 6900 appliances, Refer to sk110052.
  • PRJ-11542 -  In a rare scenario on a cluster environment, Security gateway may corrupt data or crash during an upgrade.
  • PRJ-11782 -  Web API might be down after uninstalling Takes 163-180 of R80.30 Jumbo Hotfix. Refer to sk166393

 

Please Note:

Customers on cluster environments using R80.30 Jumbo Hotfix Takes 163-168 that would like to install Take 191, should refer to sk166192

 

More details can be found under sk153152

 

Thanks,

Release Management groups

 

Read more
1 0 1,382
MaksimBahunou
Employee
Employee

This below has been released as part of R81.
If you wish to leverage the features of the new Mobile Access portal, you will need to upgrade to R81.

Key features of the new portal:

  • Redesigned scan results
  • Discontinued SNX connection pop-ups
  • User friendly language selector
  • Removed need for extra clicks during sign-out
  • Added ability to launch all applications in separate tabs
  • Settings / favorites are implemented as pop-up windows
  • Non-configured items are not shown
  • Full support of mainstream browsers on all major platforms
Read more...

Read more
12 32 11.9K
shlomip
Employee Alumnus
Employee Alumnus

A new GA SmartConsole (Build #040) for R80.40 is available. Please refer to sk165473

 

A new R80.40 Jumbo hotfix Accumulator (Take #38) is also available, for more information check here and

See also sk165456

 

Thanks, 

Release Management team  

Read more...

Read more
0 2 1,156
shlomip
Employee Alumnus
Employee Alumnus

A new Ongoing Jumbo Hotfix Accumulator take for R80.40 (take 38) is available. Please refer to sk165456

 Release Highlights:

  • LSM support for SMB 1500 series
  • Stability fixes

Please note the following:

  • The new release is mentioned in the JHF sk165456
  • The new release will be published via CPUSE as a recommended version when it becomes GA.
  • Availability:
    • Will be provided by customer support
    •  Available for download via CPUSE by using package identifier.

For more information on Jumbo releases, please refer to this thread “R80.XX Jumbo Hotfix Accumulator - Did You Know?“

 

 

Thanks,

Release Management Group 

Read more
0 0 473
Yifat_Chen
Employee Alumnus
Employee Alumnus

A new GA SmartConsole (Build #076) for R80.30 was released today and is available for download, updating  Build 062. For more info please refer to  sk153153.

 

Release highlight:

  • PRJ-9504 - Added section in SmartConsole.exe.config that allows defining the per-server custom connection ports for FWM and CPM.
  • PRJ-8506 - Added ability to start Anti-Malware scan over a range of hours instead of the same time for all computers to better accommodate with persistent VDI scenario.
  • PRJ-9502 - Added a list item count inside the User Group, Network Group and Service Group editors.
  • PRJ-9778 - Added the ability to search in the Management Server by adding an asterisk before any sequence of characters.  Refer to sk164873

Thanks, 

 

Release Management Group

Read more
3 3 1,571
Yifat_Chen
Employee Alumnus
Employee Alumnus

Hi All

A new Ongoing Jumbo Hotfix Accumulator take for R80.30 (Take 195) was released today and is available for download. Please refer to  sk153152

Release Highlight:

  • LSM support for SMB 1500 series.
  • PRJ-2281 - CloudGuard SaaS report

Please note the following:

  •        The new releases is mentioned in the sk153152
  •        The new releases will be published via CPUSE as a recommended version once it will be published as GA   Availability:

o   Will be provided by customer support

o   Available for download via CPUSE by using package identifier.

For more information, please refer to   sk153152

Thanks, 

Release Manager Group

Read more
0 4 1,531
Yifat_Chen
Employee Alumnus
Employee Alumnus

A new Ongoing Jumbo Hotfix Accumulator take for R80.30 (take 191), updating take 180 was released today and is available for download. Please refer to  sk153152

Release Content  

PPRJ-11782 -  Web API might be down after uninstalling Takes 163-180 of R80.30 Jumbo Hotfix. Refer to sk166393

 

Please Note:

Customers on cluster environments using R80.30 Jumbo Hotfix Takes 163-168 that would like to install Take 191, should refer to sk166192

Thanks,

Release Management Group.

 

Read more
0 0 564
Anat_Eytan-Davi
Employee Alumnus
Employee Alumnus

Check Point SmartCloud - new Service name for Management as a Service

Read more...

Read more
3 0 837
Yifat_Chen
Employee Alumnus
Employee Alumnus

Hi All

 

A new Ongoing Jumbo Hotfix Accumulator take for R80.30 (take 180), updating take 168 was released today and is available for download. Please refer to  sk153152

 

Release Content  

PRJ-11542 -  In a rare scenario on a cluster environment, Security gateway may corrupt data or crash during an upgrade.

 

Please Note:

Customers on cluster environments using R80.30 Jumbo Hotfix Takes 163-168 that would like to install Take 180, should refer to sk166192

 

 

Please note the following:

  •        The new releases is mentioned in the JHF  sk153152
  •        The new releases will be published via CPUSE as a recommended version once it will be published as GA.
  •        Availability:

o   Will be provided by customer support

  • Available for download via CPUSE by using package identifier.

Thanks

Release Management Group

Read more
0 0 422
Amir_Ayalon
Employee
Employee

Hi All

We have released R80.20.05 for SMB 1500 series appliance.

Full details in the SK

 

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

Highlights - What’s New R80.20.05

 

Networking

  •         Alias IP support - Associate more than one IP address to the same network interface.
  •         Link Aggregation - Aggregating/Bonding multiple network connections, Join two or more interfaces together to improve performance and redundancy by increasing the network throughput and bandwidth.
  •         Networking Support for 100 VLANs  
  •         Dynamic address assignment (DHCP) from internet connection for bridge interface

 

Access rulebase

  •         Domain object - Support for domain objects in access rule base (see sk120633)
  •         Updatable Objects - Support for network object that represents an external service (well known online service providers) for centrally managed appliances

 

Server Name Indications (SNI)

  •         Next Generation Bypass - TLS inspection based on Verified Subject Name
  • ·       Improved TLS implementation for TLS Inspection and categorization

 

Embedded Gaia R77.20 train gap closure

  •         Threat Emulation Private Cloud

 

Management and logs

  •        MaaS - Management as a Service for centrally managed appliances

 

Features in EA Quality

  •         IMAPs threat prevention email inspection
  •         POP3s threat prevention email inspection

 

 

Enhancements

  •         Gateway hostname can now be assigned from DHCP server with DHCP option 12

o   When you edit or add a new internet connection, you can select to get the hostname from your WAN DHCP server.
Gateway name is dynamic, assigned by the external DHCP  server which also provides an IP address upon request

  •         DHCP whitelist

Configure your network so IP addresses are assigned by the internal network DHCP server only for known hosts (defined as network objects and a specific MAC address is assigned to the IP). DHCP requests from other hosts are ignore.

 

 

Read more
4 6 2,247
Ami_Barayev1
Employee Alumnus
Employee Alumnus

Hi all,

 

We are happy to announce the release of Endpoint Security Client E82.50.

E82.50 introduce new functionalities and quality improvements.

The complete list of improvements can be found in the version release’s Secure Knowledge sk165515

 

Dynamic Package Size

Follow up the improvement in agent package size which introduced in E81.10, the threat prevention package was reduced by >60% we are happy to introduce additional enhancement in SandBlast Agent package size optimization.

Dynamic Package enables optimized package size for Agent software updates.

The dynamic package contains only the delta incremental changes from the installed agent version and not the full package size. The result is much smaller package size needed for the agent upgrade which now reduced to ~160MB compared to ~680MB required for a complete package.  

The new dynamic package will reduce network traffic and will enable faster agent upgrades.

This is very important in big organizations with thousands of deployed endpoints and specially today due to the COVID-19 virus where employees are working remotely, the dynamic package will assure safe and fast agent upgrades.

Additional information can be found in the administration guide

 

Credential Dumping Protection

Credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software.

Credentials can then be used to perform Lateral Movement and access restricted information.

Behavioral Guard is now able to detect and prevent credential dumping.

 

dump.png

Virtual Desktop Infrastructure (VDI) Non-Persistent for VMware Horizon – Early Availability

Virtual desktop infrastructure (VDI) is a virtualization technology that hosts a desktop operating system on a centralized server.

Non-persistent VDI creates a generic desktop that always reverts to the same original setup after a user logs out. Additionally a non-persistent desktop does not allow a user to install an application and retain it across logons.

We are looking for customers who would like to participate in the Early Availability version of the VDI non-persistent mode for VMware.

For customers who are interesting please contact E81_EA@checkpoint.com

 

Developer Protection

Developer Protection is a new features in the Application Control blade which prevent leakage of sensitive information (RSA keys, passwords, access tokens) through Git version control system.

It also can warn user when vulnerable external dependencies are used in AWS lambda.

Developer Protection intercepts "git commit" commands issued by user and scan all modified files in a Git repository.

Additional information can be found in sk165615

dlp git.png

Additional Enhancements

 

Threat prevention

  • Forensics can now report the URL for the file source, when the SandBlast Agent Browser Extension is active.
  • Machine type, roles and features now show in the Forensics report.
  • Fixes a rare BSOD, related to Anti-Exploit infrastructure
  • Reduces repeated logs for specific errors to improve Behavioral Guard performance.
  • Adds a default exclusion to prevent a known case of an Anti-Ransomware false positive.
  • Forensics and Anti-Exploit now correctly identify the latest versions of Microsoft Edge (based on Chromium) as a browser.
  • SandBlast Agent browser extensions now report the URLs used to download files to Forensics. This information now displays in the Entry Point view in the Forensics report, when it is present.
  • Fixes an issue where the Behavioral Guard log and the equivalent Forensics log show different levels of confidence.
  • Fixes a rare race condition that can override the current Forensics policy with the default policy.
  • Fixes an issue where Forensics generates "Analysis Failed" reports, when policy disables Forensics Analysis.
  • Fixes an issue that can cause DNS sensor information to be withheld from Forensics.
  • Fixes an issue in the Forensics report, where trigger processes incorrectly show as remotely executed by Windows Management Instrumentation (WMI).
  • The Overview screen Entry Point tool-tip now displays correctly for Windows Management Instrumentation (WMI) executions.
  • Adds the type of the machine to the General View of the Forensics Report. The type can be a desktop, a laptop, a Virtual Machine, or a server.
  • Machines Roles and Features, as defined by Windows, are now available in the General view of the Forensics Report.
  • The Reputation view in the Forensics report now has an option to select and copy Hashes, URLs and IPs.
  • Resolves a possible issue, where the server does not display the latest Anti-Malware signature version of the Endpoint Security clients.
  • Resolves an issue, where the policy state displays as "Unknown" in the client User Interface.

 

Data and Access Control

  • Improves compatibility with 3rd-party VPN software.
  • The firmware logo wallpaper now shows, when Windows loads after the Full Disk Encryption pre-boot.
  • Fixes dual recovery file delivery on fresh installations, on UEFI machines.
  • Resolves an issue, where allowed non-storage devices can show as blocked in SmartEndpoint Media Encryption and Port Protection reports.
  • Resolves an issue, where the user does not see an option to override company encryption policy to copy data from network shared folders.
  • Resolves an issue where the wrong authorization status shows in the Media Encryption UI.
  • Resolves a possible system freeze from corrupted settings of the Media Encryption blade.

 

Installation & Infrastructure

  • Resolves an issue, where the Endpoint Security installation may fail after a miscalculation of the required disk space.
  • No longer displays a redundant user check pop-up on an installation retry.
  • Resolves an issue, where the client may report logs incorrectly, if the username contains non-ANSI symbols.
  • Resolves a rare issue with policy corruption that may put some blades in non-running states.
  • Resolves an issue where the VPN client automatically reappears in Automatic Start, although it is disabled by the Task Manager.
  • Fixes the vulnerability to "RobinHood" (CVE-2018-19320).

 

Best

AmiB

 

 

Read more
2 0 1,024
eranzo
Employee
Employee

Hi All,

A new Ongoing Jumbo Hotfix Accumulator take for R80.20  (#149) was released today and is available for download. Please refer to  sk137592.

Release Highlight:

  • Includes 76 fixes, 14 security issues, 17 crashes and memory leak fixes 
  • R80.20 MGMT manage R80.40 GW support

Please note the following:

  • The new release is mentioned in the JHF sk137592
  • The new releases will not be published via CPUSE as a recommended version until it will be published as GA.
  • Availability:

o   Will be provided by customer support

o   Available for download via CPUSE by using package identifier.

Thanks, 

Release Managment group 

Read more
0 0 845