Create a Post
Showing results for 
Search instead for 
Did you mean: 

Harmony Endpoint - Policy deployment downgrade


In the organization we have some customers in the agent version E85.10 with some blades enabled, I need to downgrade to version E84.50 by TAC recommendation, we have tried the option of using the deploy policies to perform the downgrade but the agent does not seem to take it. We have used these deploy policies in the past to include new blades or upgrade and it has worked without problem, but for the downgrade it seems to have problems. In the documentation we have not found any limitation in this regard.
Do you know if there is a way to make it work? As there are many users we want to avoid manual uninstallation E85.10 and reinstallation in version E84.50.

3 Replies


According to instructions we received from TAC some time ago, the downgrade with deployment policy is not supported, you will need to send push operations to uninstall the agent, probably delete the machines from your server and install again. In our case, when tried to downgrade, most of the endpoints downloaded the new package but installation failed, in some few cases, downgrade caused very strange problems on the machine and had to re install drivers or even the entire OS, so i would not recommend it at all (with deployment rules). I do not know your scenario/problem, but if you are hitting some kind of bug or error with the agent i would try a newer version, it worked for us several times.



Hi RS_Daniel


Thanks for your reply, I wanted to make sure I wasn't overlooking something.



0 Kudos

I totally agree with @RS_Daniel . I can only speak for myself when I say this, but TAC would be very reluctant to help with any sort of downgrade, not because its not necessarily supported, but simply due to the fact that it could definitely cause corruption, as it involves way more steps than just say regular upgrade. I dont deal with endpoint side of things much, but I can tell you that I had never seen anyone complete successful downgrade even for regular firewalls in all my years dealing with Check Point.