New Update Harmony Endpoint Release Notes and Roadmaps

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,797
Threat Emulation v11.09 released 28th Sep 2023
What’s new?
  • VBS (Visual Basic Script) emulation is now enabled for http traffic.
  • Bug fix for Windows 10 emulation errors.
Actions required to receive update: no.
This is a server-side update.
@Trident quick question, looking for a quick answer :whistle: My Threat Emulation is ON, but can the version be seen from local agent, or do I have to go to online management portal? -- or I don't see the TE version displayed in the agent. Are you getting notification (email or texts) of updates like this, I am not... :unsure: (I always have the intention to dive deeper into Harmony, but then other things come up, and Harmony is just always working for me, so I get somewhat "complacent") PS just checked agent | advanced | logs | and I see references to TE -- generic events, but again no reference to version no. :unsure:
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
@Trident quick question, looking for a quick answer :whistle: My Threat Emulation is ON, but can the version be seen from local agent, or do I have to go to online management portal? -- or I don't see the TE version displayed in the agent. Are you getting notification (email or texts) of updates like this, I am not... :unsure: (I always have the intention to dive deeper into Harmony, but then other things come up, and Harmony is just always working for me, so I get somewhat "complacent") PS just checked agent | advanced | logs | and I see references to TE -- generic events, but again no reference to version no. :unsure:
The only way to see the version of threat emulation is when you have a Check Point physical firewall/gateway in which case emulation is not performed on the cloud but is performed locally on the gateway.

For products that make use of cloud emulation, there is no version to be checked. Emulation is updated automatically on Check Point machines and release notes are here:
You can’t have an outdated emulation.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Harmony Endpoint for Windows Client v87.60
Released 8/11/23

What’s new?
  • Added a Passwordless Pre-boot feature for FDE Smart Pre-boot. Users register their mobile devices for pre-boot login, eliminating the need for entering a password. The feature is available for EA customers (Early Availability).
  • Added ARM platform support for Check Point Mobile and SecuRemote flavors.
  • Security improvements on the process-to-process communication layer.
  • Posture Management now shows a detailed status for each patch entry.
  • Changed the order of columns in Remediation Management UI.
  • Added support for Threat Emulation Blade for these file types: one, esf, XAR.
    Requires additional configuration in Policy > Web & Files Protection > Advanced Settings > Threat Emulation > Edit.
  • Added support Skips scanning of archive file formats (for example, .zip, 7zip, tar.gz, rar, and so on) and non-executable files (files without the execute permission) on Anti-Malware DHS compliant engine.
  • Added ability to run scheduled scans only when the machine is idle. The scheduled scan will be delayed until the device is idle, with a maximum postponement of 24 hours. After this period, the scan will proceed, regardless of the device activity status.
  • Implemented a reputation service for files and integrated cloud technologies to enhance the precision of file scanning and monitoring.
  • The Anti-Malware E1 license will now be automatically updated from the web-based Checkpoint content delivery network (CDN).
  • Anti-Malware E1 engine will now reflect additional statuses.
Actions required to receive update: yes
Click policy-> software deployment and select 87.60.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349

List of New Features and Enhancements in E87.62 for Windows​



IDDescription
General
-NEW: Added support for Endpoint Security on Windows 11 version 23H2 as an EA (Early Availability) version.
Behavioral Guard
EPS-53507Enhancement: Improved the ability to detect and prevent generic reverse shell attacks.


List of Resolved Issues in E87.62 for Windows​



IDDescription
Full Disk Encryption
EPS-53636During version upgrade, the installer now only prepares the system disk for FDE Smart Preboot usage if the current policy settings require it.
 

Faxx

Level 1
Sep 7, 2017
16
ZoneAlarm NextGen runs the same threat emulation and Zero-Phishing engines [threat emulation has a much smaller limit]. All other engines are much older in ZoneAlarm. For example ZoneAlarm does not support Intel TDT for anti-ransomware and many other enhancements/features are not present. Also, products such as ZoneAlarm Anti-Ransomware are not at all similar to Check Point. It’s like comparing fine French wine to a supermarket wine for $2.5. I saw recent videos posted, some sisters should sometimes save themselves the hassle.
I wonder if anyone checked the latest releases of ZoneAlarm Extreme (4.2.510), I see there has been some efforts in bringing the engine version on par (or even more updated 86.72) and need engine for advance thread emulation. Of course it will never be on par with Harmony in terms of granularity of settings and reporting.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
I wonder if anyone checked the latest releases of ZoneAlarm Extreme (4.2.510), I see there has been some efforts in bringing the engine version on par (or even more updated 86.72) and need engine for advance thread emulation. Of course it will never be on par with Harmony in terms of granularity of settings and reporting.
87.62 is the latest recommended by Check Point. They always update ZA to the officially recommended version of the engines. The difference will be quite big.
 

Xeno1234

Level 14
Jun 12, 2023
684

List of New Features and Enhancements in E87.62 for Windows​



IDDescription
General
-NEW: Added support for Endpoint Security on Windows 11 version 23H2 as an EA (Early Availability) version.
Behavioral Guard
EPS-53507Enhancement: Improved the ability to detect and prevent generic reverse shell attacks.

List of Resolved Issues in E87.62 for Windows​



IDDescription
Full Disk Encryption
EPS-53636During version upgrade, the installer now only prepares the system disk for FDE Smart Preboot usage if the current policy settings require it.
Does harmony have the ability to detect more sophisticated reverse shell attacks, or is that something thats not really in the realm of security solutions?
 
  • Like
Reactions: Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Does harmony have the ability to detect more sophisticated reverse shell attacks, or is that something thats not really in the realm of security solutions?
The effectiveness would be above average due to the fact that there is firewall which you can configure to keep ports closed, there is anti-bot which acts as a light IPS, there is very efficient C&C connections blocking and very efficient behavioural blocking. Admins can still monitor traffic and other logs for anomalies to detect reverse shell attacks.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Cheap. I think it’s cheaper than 50 usd. I’ve used it and it worked fine, how does it “fail”?
It’s not very cheap cuz this is without VAT and covers one device. It is actually a bit more expensive than many others. As to the Wolf security, it is a rebrand of Deep Instinct. DI is not bad but I’ve kicked it out of all my environments due to a sheer number of false positives, specially scripts. Additional components in Wolf Security provide containment and other functions.

@Dave Russo someone back then said Tutanota email works… not sure. Should be not outlook, icloud, yahoo, gmail, etc.
 

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,797
What is the cost for harmony endpoint for a home user and is it a download?, tried a couple months back, and failed .
I have Harmony from another UK reseller (before @Trident) opened his shoppe), and IIRC it was $5 a month (could be GBP or Euros). I think it was a few $ more if they set it up and monitor it. All this is from memory, so fwiw...)
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Harmony Endpoint 88.00 released 22 Jan 2024

List of New Features and Enhancements in E88.00 for Windows​

IDDescription
Installation
EPS-53476,
EPS-52966,
EPS-53474,
EPS-53475
Enhancement: Endpoint Client now supports Windows 11 with Smart App Control on also when the machine is offline.
General
EPS-53326Enhancement: Harmony Endpoint now sends hardware info to the Server.
EPS-52855Enhancement: Harmony Endpoint now supports Azure Active Directory Domain Services.
EPS-53824Enhancement: Harmony Endpoint now supports uninstalling Trellix (as part of McAfee product). It can be done using the "REMOVEPRODUCTS" parameter.
EPS-53568Enhancement: Harmony Endpoint now supports Quarantine Management with the external Server API.
EPS-54298Enhancement: Date format now consists of three letters of the month, followed by the day, year and time. For example, Oct 5, 2023 2:47 PM.
Anti-Malware E1
EPS-52360,
EPS-52427
Enhancement: Anti-Malware E1 license is now updated automatically also on VDI and in Super Node environments.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-28464Enhancement: The Anti-Malware E2 Blade now supports critical area scans.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-28985Enhancement: Expanded Windows component monitoring, which translates to enhanced protection.
AHTP-28394Enhancement: When detection occurs, the reports to Threat Hunting are now sent faster.
AHTP-29022,
AHTP-29212
Enhancement: Performances improvements for advanced signatures.
AHTP-29511Enhancement: Improved injections logic for better detections of malicious operations.
AHTP-28670Enhancement: Improved the protections against advanced malware.
AHTP-29063Enhancement: Silent signatures for leads are no longer forwarded to Threat Hunting to minimize the risk of the user confusing them with actual attacks.
EPS-51193Enhancement: Improved the AMSI exclusion mechanism.
AHTP-29002Enhancement: Improved the AMSI performance on Exchange Servers.
AHTP-29125Enhancement: Behavioral Guard and Forensic Blade now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process.
EPS-53174,
AHTP-29535
Enhancement: Improved Behavioral analysis by scanning of event related data blocks.
Compliance and Posture
EPS-54676Enhancement: Improvement in the Posture Management Installation rate.
Firewall and Application Control
EPS-52605Enhancement: Application Control Custom Rules evaluation is optimized for performance.
Full Disk Encryption
EPS-53212Enhancement: Updated the Full Disk Encryption Smart Pre-boot Wi-Fi drivers.
EPS-53782Enhancement: The Full Disk Encryption Blade now supports users from Microsoft Entra ID, previously known as Azure Active Directory. Some limitations regarding FDE Preboot password synchronization apply.
EPS-52436Enhancement: Full Disk Encryption Preboot now supports longer user names (up to 64 symbols) and passwords (up to 256 symbols), removing the previous 31-symbol limit. This change applies to user credential fields in both FDE Preboot and the FDE Recovery Tool.
Browser Extension
AHTP-29380Enhancement: Added browser-based Data Leak Prevention (DLP) capability for Early Availability (EA) customers. In the initial phase, when the browser extension is activated, security is enhanced through the scanning of both uploaded and downloaded files.
Remote Access VPN
ESVPN-3888Enhancement: VPN blade of Endpoint Security now shows Office Mode IP as Client IP address in main client window for clients that support Office Mode.


List of Resolved Issues in E88.00 for Windows​


IDDescription
Installation
EPS-53622When running Nano-agent installer with the "/s" flag, the initial client installer UI is shown during the installation.
EPS-54477Full package MSI upgrade from versions below E83.00 is not supported.
General
EPS-54441In some scenarios, AD Scanner cannot enumerate large groups.
EPS-32426Special characters ('<>"&\/) are not supported in AD Scanner passwords.
AHTP-29120The NGAV log may be empty.
EPS-52952Copy button in the Threat Emulation/Anti-Malware incident details table does not respond.
Anti-Malware E1
EPS-54112During uninstallation/upgrade the Anti-Malware Blade E1 may not be registered correctly with Windows Security Center (WSC), so WSC may have several registrations.
EPS-50241The Anti-Malware E1 Blade may be stuck in "Initializing" state, when the Anti-Malware Blade is turned off in the policy.
EPS-52315The Anti-Malware E1 Blade may get stuck on shutdown during an upgrade, which may result in Endpoint upgrade failure and machine freeze.
EPS-52339When Anti-Malware E1 license is expired, the new license may not be updated until the next signatures update.
EPS-52525Anti-Malware E1 may fail to update signatures when the blade is short of free memory.
EPS-53102Anti-Malware E1: Potential denial of service vulnerability on Harmony Endpoint processes.
EPS-53441Anti-Malware E1: "Contextual Scan" is paused, although the computer is not idle.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-28860The Anti-Malware Blade E2 may appear as OFF in the UI while it is actually running.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-29115Sending to Threat Hunting fails with the access error to dispose the object.
EPS-53515QuestaSim compilation fails when the Forensics blade is enabled .
AHTP-28841The EfrService process can frequently exit with dump files.
AHTP-29176The EfrService process may exit with the "CorruptedDB: SQL exception (code 19): SQLITE_CONSTRAINT[19]: FOREIGN KEY constraint failed" error printed in the log.
EPS-53308Corrupt databases may not be deleted which affects the internal storage space.
EPS-54422In rare scenarios, the Forensics Blade may not update the exclusion lists of sensors when applying a new policy.
AHTP-29344Purging Forensic database fails with the "SQL exception (code 19)" error.
AHTP-29219The forensics process may crash cause system instability.
AHTP-29454During the database operations, the EfrService process may frequently exit.
EPS-54741After a OS upgrade from Win 11 22H2 to 23H2, CPU usage of the EfrService may be very high (30-50%) for a few hours.
AHTP-29136The WmiPrvSE.exe process creates a dump during OS startup if Endpoint client is installed (with Harmony Browse and Anti-Malware DHS blades only).
EPS-53266Changing the icon visibility may not be applied.
AHTP-29162Even after reboot, the EfrService process continues to utilize approximately twenty percent of the CPU.
Compliance and Posture
EPS-53647When running the .exe file of a patch in the command line, may not return any output, although a menu should appear.
Full Disk Encryption
EPS-53550Uninstalling Full Disk Encryption fails with "Error 27118. Full Disk Encryption cannot be uninstalled while encryption is active".
Media Encryption and Port protection
EPS-42632The MEPP service may crash after an upgrade.
EPS-53823BSOD may occur when blocking Bluetooth devices with Dell Pair software installed.
Remote Access VPN
ESVPN-3989Machine authentication may fail with the "Internal Error" message if the Data Integrity algorithm is set to SHA-256.
ESVPN-4058During the Secure Domain login, VPN client may not display certificates from Yubikey device when it is installed together with UUIC Reader/eSIM.
ESVPN-4051Potential memory leakage in VPN UI.
ESVPN-4130While selecting the OTP delivery method, it is necessary to enter the digit “1” or “2” with the leading space. Without a leading space, the response is not sent to the RADIUS Server.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top