@Trident quick question, looking for a quick answer
My Threat Emulation is ON, but can the version be seen from local agent, or do I have to go to online management portal? -- or I don't see the TE version displayed in the agent. Are you getting notification (email or texts) of updates like this, I am not... (I always have the intention to dive deeper into Harmony, but then other things come up, and Harmony is just always working for me, so I get somewhat "complacent") PS just checked agent | advanced | logs | and I see references to TE -- generic events, but again no reference to version no.
The only way to see the version of threat emulation is when you have a Check Point physical firewall/gateway in which case emulation is not performed on the cloud but is performed locally on the gateway.@Trident quick question, looking for a quick answer
| ID | Description |
| General | |
| - | NEW: Added support for Endpoint Security on Windows 11 version 23H2 as an EA (Early Availability) version. |
| Behavioral Guard | |
| EPS-53507 | Enhancement: Improved the ability to detect and prevent generic reverse shell attacks. |
| ID | Description |
| Full Disk Encryption | |
| EPS-53636 | During version upgrade, the installer now only prepares the system disk for FDE Smart Preboot usage if the current policy settings require it. |
I wonder if anyone checked the latest releases of ZoneAlarm Extreme (4.2.510), I see there has been some efforts in bringing the engine version on par (or even more updated 86.72) and need engine for advance thread emulation. Of course it will never be on par with Harmony in terms of granularity of settings and reporting.
87.62 is the latest recommended by Check Point. They always update ZA to the officially recommended version of the engines. The difference will be quite big.
Does harmony have the ability to detect more sophisticated reverse shell attacks, or is that something thats not really in the realm of security solutions?
The effectiveness would be above average due to the fact that there is firewall which you can configure to keep ports closed, there is anti-bot which acts as a light IPS, there is very efficient C&C connections blocking and very efficient behavioural blocking. Admins can still monitor traffic and other logs for anomalies to detect reverse shell attacks.
Cheap. I think it’s cheaper than 50 usd. I’ve used it and it worked fine, how does it “fail”?
I couldn't get a sign in account, seemed necessary at that time(it was me doing something wrong that failed when trying to purchase not the program)
It’s not very cheap cuz this is without VAT and covers one device. It is actually a bit more expensive than many others. As to the Wolf security, it is a rebrand of Deep Instinct. DI is not bad but I’ve kicked it out of all my environments due to a sheer number of false positives, specially scripts. Additional components in Wolf Security provide containment and other functions.
I have Harmony from another UK reseller (before @Trident) opened his shoppe), and IIRC it was $5 a month (could be GBP or Euros). I think it was a few $ more if they set it up and monitor it. All this is from memory, so fwiw...)
| ID | Description |
| Installation | |
| EPS-53476, EPS-52966, EPS-53474, EPS-53475 | Enhancement: Endpoint Client now supports Windows 11 with Smart App Control on also when the machine is offline. |
| General | |
| EPS-53326 | Enhancement: Harmony Endpoint now sends hardware info to the Server. |
| EPS-52855 | Enhancement: Harmony Endpoint now supports Azure Active Directory Domain Services. |
| EPS-53824 | Enhancement: Harmony Endpoint now supports uninstalling Trellix (as part of McAfee product). It can be done using the "REMOVEPRODUCTS" parameter. |
| EPS-53568 | Enhancement: Harmony Endpoint now supports Quarantine Management with the external Server API. |
| EPS-54298 | Enhancement: Date format now consists of three letters of the month, followed by the day, year and time. For example, Oct 5, 2023 2:47 PM. |
| Anti-Malware E1 | |
| EPS-52360, EPS-52427 | Enhancement: Anti-Malware E1 license is now updated automatically also on VDI and in Super Node environments. |
| Anti-Malware E2 (US-DHS and EU compliant) | |
| AHTP-28464 | Enhancement: The Anti-Malware E2 Blade now supports critical area scans. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-28985 | Enhancement: Expanded Windows component monitoring, which translates to enhanced protection. |
| AHTP-28394 | Enhancement: When detection occurs, the reports to Threat Hunting are now sent faster. |
| AHTP-29022, AHTP-29212 | Enhancement: Performances improvements for advanced signatures. |
| AHTP-29511 | Enhancement: Improved injections logic for better detections of malicious operations. |
| AHTP-28670 | Enhancement: Improved the protections against advanced malware. |
| AHTP-29063 | Enhancement: Silent signatures for leads are no longer forwarded to Threat Hunting to minimize the risk of the user confusing them with actual attacks. |
| EPS-51193 | Enhancement: Improved the AMSI exclusion mechanism. |
| AHTP-29002 | Enhancement: Improved the AMSI performance on Exchange Servers. |
| AHTP-29125 | Enhancement: Behavioral Guard and Forensic Blade now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process. |
| EPS-53174, AHTP-29535 | Enhancement: Improved Behavioral analysis by scanning of event related data blocks. |
| Compliance and Posture | |
| EPS-54676 | Enhancement: Improvement in the Posture Management Installation rate. |
| Firewall and Application Control | |
| EPS-52605 | Enhancement: Application Control Custom Rules evaluation is optimized for performance. |
| Full Disk Encryption | |
| EPS-53212 | Enhancement: Updated the Full Disk Encryption Smart Pre-boot Wi-Fi drivers. |
| EPS-53782 | Enhancement: The Full Disk Encryption Blade now supports users from Microsoft Entra ID, previously known as Azure Active Directory. Some limitations regarding FDE Preboot password synchronization apply. |
| EPS-52436 | Enhancement: Full Disk Encryption Preboot now supports longer user names (up to 64 symbols) and passwords (up to 256 symbols), removing the previous 31-symbol limit. This change applies to user credential fields in both FDE Preboot and the FDE Recovery Tool. |
| Browser Extension | |
| AHTP-29380 | Enhancement: Added browser-based Data Leak Prevention (DLP) capability for Early Availability (EA) customers. In the initial phase, when the browser extension is activated, security is enhanced through the scanning of both uploaded and downloaded files. |
| Remote Access VPN | |
| ESVPN-3888 | Enhancement: VPN blade of Endpoint Security now shows Office Mode IP as Client IP address in main client window for clients that support Office Mode. |
| ID | Description |
| Installation | |
| EPS-53622 | When running Nano-agent installer with the "/s" flag, the initial client installer UI is shown during the installation. |
| EPS-54477 | Full package MSI upgrade from versions below E83.00 is not supported. |
| General | |
| EPS-54441 | In some scenarios, AD Scanner cannot enumerate large groups. |
| EPS-32426 | Special characters ('<>"&\/) are not supported in AD Scanner passwords. |
| AHTP-29120 | The NGAV log may be empty. |
| EPS-52952 | Copy button in the Threat Emulation/Anti-Malware incident details table does not respond. |
| Anti-Malware E1 | |
| EPS-54112 | During uninstallation/upgrade the Anti-Malware Blade E1 may not be registered correctly with Windows Security Center (WSC), so WSC may have several registrations. |
| EPS-50241 | The Anti-Malware E1 Blade may be stuck in "Initializing" state, when the Anti-Malware Blade is turned off in the policy. |
| EPS-52315 | The Anti-Malware E1 Blade may get stuck on shutdown during an upgrade, which may result in Endpoint upgrade failure and machine freeze. |
| EPS-52339 | When Anti-Malware E1 license is expired, the new license may not be updated until the next signatures update. |
| EPS-52525 | Anti-Malware E1 may fail to update signatures when the blade is short of free memory. |
| EPS-53102 | Anti-Malware E1: Potential denial of service vulnerability on Harmony Endpoint processes. |
| EPS-53441 | Anti-Malware E1: "Contextual Scan" is paused, although the computer is not idle. |
| Anti-Malware E2 (US-DHS and EU compliant) | |
| AHTP-28860 | The Anti-Malware Blade E2 may appear as OFF in the UI while it is actually running. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-29115 | Sending to Threat Hunting fails with the access error to dispose the object. |
| EPS-53515 | QuestaSim compilation fails when the Forensics blade is enabled . |
| AHTP-28841 | The EfrService process can frequently exit with dump files. |
| AHTP-29176 | The EfrService process may exit with the "CorruptedDB: SQL exception (code 19): SQLITE_CONSTRAINT[19]: FOREIGN KEY constraint failed" error printed in the log. |
| EPS-53308 | Corrupt databases may not be deleted which affects the internal storage space. |
| EPS-54422 | In rare scenarios, the Forensics Blade may not update the exclusion lists of sensors when applying a new policy. |
| AHTP-29344 | Purging Forensic database fails with the "SQL exception (code 19)" error. |
| AHTP-29219 | The forensics process may crash cause system instability. |
| AHTP-29454 | During the database operations, the EfrService process may frequently exit. |
| EPS-54741 | After a OS upgrade from Win 11 22H2 to 23H2, CPU usage of the EfrService may be very high (30-50%) for a few hours. |
| AHTP-29136 | The WmiPrvSE.exe process creates a dump during OS startup if Endpoint client is installed (with Harmony Browse and Anti-Malware DHS blades only). |
| EPS-53266 | Changing the icon visibility may not be applied. |
| AHTP-29162 | Even after reboot, the EfrService process continues to utilize approximately twenty percent of the CPU. |
| Compliance and Posture | |
| EPS-53647 | When running the .exe file of a patch in the command line, may not return any output, although a menu should appear. |
| Full Disk Encryption | |
| EPS-53550 | Uninstalling Full Disk Encryption fails with "Error 27118. Full Disk Encryption cannot be uninstalled while encryption is active". |
| Media Encryption and Port protection | |
| EPS-42632 | The MEPP service may crash after an upgrade. |
| EPS-53823 | BSOD may occur when blocking Bluetooth devices with Dell Pair software installed. |
| Remote Access VPN | |
| ESVPN-3989 | Machine authentication may fail with the "Internal Error" message if the Data Integrity algorithm is set to SHA-256. |
| ESVPN-4058 | During the Secure Domain login, VPN client may not display certificates from Yubikey device when it is installed together with UUIC Reader/eSIM. |
| ESVPN-4051 | Potential memory leakage in VPN UI. |
| ESVPN-4130 | While selecting the OTP delivery method, it is necessary to enter the digit “1” or “2” with the leading space. Without a leading space, the response is not sent to the RADIUS Server. |
