Create a Post
Showing results for 
Search instead for 
Did you mean: 

Check Point Harmony Endpoint Security Client E88.20 for Windows is now available

Check Point Harmony Endpoint Security Client E88.20 for Windows is now available as GA (General Availability). This release includes both enhancements and resolved issues.


Enhancements included in this release include the following:

Automatic Patch Rules

The Posture Management functionality has been extended to allow definition of automatic patch rules, that can reduce the time spent on patching vulnerabilities. These capabilities include:

  • Definition of an automatic Patching policy for a specific group of devices – Based on CVSS Score, or application name.
  • Definition of Patching exclusions, excluding the application you don’t want to patch automatically

EPS-54471       Harmony Endpoint now supports Posture Automatic Deployment configured in policy.

        Corresponding management capabilities should be available on all cloud based tenants

Enhancement to Clients User Interface: If there are hot fixes installed on the client, it Is possible to see related version information in the client UI

Security Enhancements:

There are multiple security enhancements in this release including the following:

  • Enhanced security measures relating to validation of software components

EPS-55122: Implemented security measures for validation of software components, mitigating risks from unverified code. This enhances the Endpoint Client security posture and promoting reinforced computing environment.

  • Enhancements to scope of behavioral indicators that can be created. This increases the coverage of distributed signatures

AHTP-29839    Added support for the "SameFile" rule parameter for matching behavioral indicator

  • Additional sensors for detection

AHTP-29598    Added sensor to detect attack initiation from emails.

  • Ransomware related enhancements

EPS-56206       Modified the ranking algorithm to detect only file wipers.

Stability Fixes / Enhancements: Fixes that improve the stability of installed clients


Early Availability (EA) Related Items

Early Availability features are included in releases are limited in terms of their availability. These require coordination and activation for the features together with Check Point personnel

This release includes EA related items as follows:

Semi Isolated Networks: This feature expands the scope of the existing Super Node functionality to route additional functionality from the client to external networks. This enables:

  • Support of semi-isolated environments where clients are not directly connected to Internet but can still be managed by cloud-based management
  • Lower Bandwidth consumption

FDE Smart Pre-boot: This is an existing EA program that provides great enhancements that can significantly assist the customer with seamless remote help and improving the operational efficiency of managing a deploying using Full Disk Encryption (FDE)

There is an enhancement related to this functionality as follows:

EPS-54599       The installer no longer switches the FDE Pre-boot type to FDE Smart Pre-boot (EA feature) by default, now it requires applying a specific policy prior to installation. When installed, switching the type of Pre-boot can be done in policy settings during regular operations, eliminating the need for upgrades for switching as it was in previous versions.

Please see sk182044 for the complete list of enhancements and resolved issues in this release. These include several fixes for upgrade related issues

Also please feel free to reach out to me directly for any further clarifications and / or information on EA programs

1 Reply

Installed in the lab, so far, so good!


0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events