Xeno1234
Level 14
- Jun 12, 2023
- 684
What does Anti Malware now supports critical scan areas mean?
Harmony Endpoint Release Notes and Roadmaps
- Thread starter Trident
- Start date
- Apr 16, 2017
- 2,797
Today I am running VM with harmony after not running it for a few weeks (testing something else), & harmony seems to be running fine, I updated win10 and other apps ok. I am having a new issue with harmony, it is blocking vpn connection. see screen snip. Is this because the connection is http: 
I have NOT been playing in checkpoint cloud portal (forget the exact name)
I have NOT been playing in checkpoint cloud portal (forget the exact name)
- Feb 7, 2023
- 2,349
Somebody has activated the anonymiser category in web blocking, it could’ve been Lithify.Today I am running VM with harmony after not running it for a few weeks (testing something else), & harmony seems to be running fine, I updated win10 and other apps ok. I am having a new issue with harmony, it is blocking vpn connection. see screen snip. Is this because the connection is http:
View attachment 281095
- Aug 17, 2013
- 1,905
- Apr 16, 2017
- 2,797
Yes thanks, I assumed as much; however, at the risk of exposing my sometimes_cluelessness, not sure what that means, ie, why they did that... I know what anonymous means, but not in this context. I'll see if @Bot knows... (Lithify initially were sending me emails more than I wanted or needed, later I asked a question & IIRC I did not get a reply) -- I'll see what happens today. When are you up and running with your biz...?
EDIT both @Bot & chatGPT put this into context for me -- I had never heard eg vpn described as an anomymizer before, ok sure that's what it does. But also note, I am NOT fully blocked from using my vpn, ie, I am online via vpn even though harmony initially blocked Proton VPN: Fast, private, and secure VPN service but I was not blocked from making a vpn connection. I think the block was an initial connection from vpn client to check status or my credentials. So still wondering if the block also relates to http rather than https of this URL.
Last edited:
- Apr 16, 2017
- 2,797
Update to Harmony blocking my access to vpn ie anonymizer: is now *fixed* by removing that from its URL filter, although unclear how or exactly when it was enabled, but not fretting about that.
- Apr 16, 2017
- 2,797
minor discrepancy with Harmony Web Protection browser extension... In Edge the icon for this extension is a red thingy with a block dot and when a file is downloaded it shows a down arrow signifying that Harmony is analyzing the incoming file before it gets to my machine (my understanding) BUT in Firefox the icon is a red ball with a continuous graph scrolling from right to left, and when I download I do not see the down arrow. Anyone else seeing this? I find it "odd" that the icon looks different, makes me wonder if it is working correctly in both browsers?
TaoHouZi
New Member
- May 13, 2020
- 3
These days I try checkpoint on MacOS,I found it's anti-malware module can only use sophos engine but not kaspersky(when It detected something,the virus name is from sophos),even though I never change to E2 in my website control center.
And in windows,It use kaspeesky,but I get many bugs.1. I only get notifaction when the TE detected something,but not the anti-malwareall the time(I set show all the message in the control center). 2.after I use the checkpoint for about one day.The Te and Anti-ransomware' policy version disappear on the overview,and the log all disappeared.After that,I can not get the notifaction from te all the time. But I can see the policy version connected from the advanced-policy.
So what happened?I have try to reinstall the checkpoint,the same wrong.it is the bug?
And in windows,It use kaspeesky,but I get many bugs.1. I only get notifaction when the TE detected something,but not the anti-malwareall the time(I set show all the message in the control center). 2.after I use the checkpoint for about one day.The Te and Anti-ransomware' policy version disappear on the overview,and the log all disappeared.After that,I can not get the notifaction from te all the time. But I can see the policy version connected from the advanced-policy.
So what happened?I have try to reinstall the checkpoint,the same wrong.it is the bug?
- Apr 16, 2017
- 2,797
updated to 88.00 here (finally -- after no updates since 87.30). One unnecessary "worry" with the update process, after Harmony updated, the systray icon had a yellow flag, so I opened the client and all it said on main screen was "one security warning was discovered" -- YIKES! but a little digging into it, & all it wanted was to run a scan, so did that, NO detections, 100%
Harmony is performing well on this win10_vm. No slowdowns except the expected "delay" as it analyzes downloads in its cloud. That's fine with me. Also like the phishing protection for sites wanting username & pw.
PS I got an email from checkpoint about requiring everyone to setup a 2fa to access the portal. That'll need some coordination with reseller...
(finally -- after no updates since 87.30). One unnecessary "worry" with the update process, after Harmony updated, the systray icon had a yellow flag, so I opened the client and all it said on main screen was "one security warning was discovered" -- YIKES! but a little digging into it, & all it wanted was to run a scan, so did that, NO detections, 100%Harmony is performing well on this win10_vm. No slowdowns except the expected "delay" as it analyzes downloads in its cloud. That's fine with me. Also like the phishing protection for sites wanting username & pw.
PS I got an email from checkpoint about requiring everyone to setup a 2fa to access the portal. That'll need some coordination with reseller...
- Apr 16, 2017
- 2,797
fwiw, my harmony experience has NOT been buggy at all. (but I'm sharing the load with reseller, and Trident has been very helpful) But interested in your experience as I have 2 macs I could be protecting with harmony, but haven't felt the need to take that plunge, ... yet.
- Feb 7, 2023
- 2,349
Harmony Endpoint for Windows 88.10 released 03/03/24
| General | |
| EPS-54795 | Enhancement: The Client UI now sets the English language as the default if the provided LCID value corresponds to a language that is not officially supported. |
| EPS-55155 | Enhancement: Performance improvements of the anti-tampering mechanism for network drives accessed by users. |
| Installation | |
| EPS-54691 | Enhancement: Endpoint Security Client installer now supports the Czech, Greek, Ukrainian, and Portuguese languages. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-29304, AHTP-29142 | Enhancement: Improved remediation against persistent malware. |
| AHTP-29296, AHTP-29293 | Enhancement: Improved the detection of malware masquerading. |
| AHTP-29486 | Enhancement: Improved evasion techniques detections. |
| AHTP-29404 | Enhancement: Improved the accuracy of wipers detection. |
| AHTP-29550 | Enhancement: Improved the remediation process for detected DLLs. |
| AHTP-29268 | Enhancement: Improved the detection of credentials theft. |
| AHTP-29726 | Enhancement: Added support for advanced signatures. |
| AHTP-29117 | Enhancement: Harmony Endpoint management now enforces a new Global policy if it is changed, and Endpoint Security Client applies URLS changes without a reboot. |
| AHTP-29251 | Enhancement: Improved the detection of shadow copy creation. |
| Firewall and Application Control | |
| EPS-54988 | Enhancement: The VSMON process now speeds up the opening of listen sockets by 20% when dealing with high network loads, like those encountered by DNS servers. |
| Full Disk Encryption | |
| EPS-54700 | Enhancement: Wi-Fi card for the Lenovo L14 Generation 3 is now supported in FDE Smart Pre-boot (EA feature). |
| Threat Emulation and Anti-Exploit | |
| AHTP-28892 | Enhancement: The TESvc service is now renamed to CPFileAnlyz (Check Point Endpoint Security File Analyzer). |
List of Resolved Issues in E88.10 for Windows
| ID | Description |
| General | |
| EPS-54868 | The "Invalid file path" error is displayed when entering non-ASCII characters in the path for the copying/moving file action in Push Operations. |
| EPS-54453 | The remote push operation utilizes PowerShell x86 on 64-bit systems, causing some commands exclusive to the 64-bit version to malfunction. |
| AHTP-29676 | Remediation Management cannot restore files when the restored file path is longer than 260 characters. |
| Installation | |
| EPS-54879 | The Client may request a reboot during active deployment. |
| Anti-Malware E1 | |
| EPS-53603 | Anti-Malware E1 Behavioral Monitor does not start, and the blade status is "Error". |
| Anti-Malware E2 (US-DHS and EU compliant) | |
| AHTP-29656 | The "Reputation Service" feature of Anti-Malware E2 may not work, if there is more than one active network device and each device has a different DNS address. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-29507 | In the EFRService log, there are multiple errors about RemediationConfig.xml, when Registry Remediation detections appear as working. |
| AHTP-29021 | The EFRService process may consume 100% of CPU. |
| AHTP-29724 | There may be wrong incident Status and Remediation in the Forensics report in Detect mode incidents. |
| AHTP-29456 | In NGAV logs, there may be many detections of amsibypass and exceptions related to amsibypass indicator match. |
| AHTP-29457 | The LK_FileOp table may not indicate the "mount" flag for some operations. |
| Firewall and Application Control | |
| EPS-54964 | Developer Protection fails to display alerts when committing sensitive information using x64 bit process. |
| Media Encryption and Port protection | |
| EPS-54943 | When running media encryption authorization scanning on a newly encrypted volume that is empty, the error "Not all files could be scanned" may be displayed. If this occurs, a possible workaround is to either reformat the encrypted volume or access it on another machine. |
| Threat Emulation and Anti-Exploit | |
| AHTP-29492 | When the Threat Emulation Blade is configured as "Off" in policy, the CPFileAnalyzeservice may report an error that the Threat Emulation blade is "Not Available". This is a cosmetic issue. |
- Feb 7, 2023
- 2,349
Threat Emulation Engine updates
New in ThreatCloud: Doc Link Defender.
| Date | Release | Engine Version | What's New |
| 25 Feb 2024 | 11.14 | 60.990000614 |
|
| 28 Jan 2024 | 11.13 | 60.990000578 |
|
| 26 Dec 2023 | 11.12 | 60.990000536 |
New in ThreatCloud: Doc Link Defender.
Last edited:
- Feb 7, 2023
- 2,349
Harmony Endpoint 88.20 for Windows released 13/03/24
List of New Features and Enhancements in E88.20 for Windows
| ID | Description |
| General | |
| EPS-55122 | Enhancement: Implemented security measures for validation of software components, mitigating risks from unverified code. This enhances the Endpoint Client security posture and promoting reinforced computing environment. |
| AHTP-29126 | Enhancement: The Anti-Bot, URL Filtering, Threat Emulation and Anti-Malware E2 DHS Blades now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process. |
| EPS-54890 | Enhancement: It is now possible to see the installed hotfixes in the Endpoint Security Clients UI. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-29839 | Enhancement: Added support for the "SameFile" rule parameter for matching behavioral indicators. |
| AHTP-29598 | Enhancement: Added sensor to detect attack initiation from emails. |
| EPS-56206 | Enhancement: Modified the ranking algorithm to detect only file wipers. |
| AHTP-29670, AHTP-29763 | Enhancement: Improved stability of Endpoint Security Clients. |
| AHTP-29623 | Enhancement: Remediation now returns a new status - "FileAlreadyQuarantined", if the file is already handled as part of the incident. Previously, Remediation manager showed "File already deleted", when files were quarantined. |
| Compliance and Posture | |
| EPS-54471 | Enhancement: Harmony Endpoint now supports Posture Automatic Deployment configured in policy. |
| Full Disk Encryption | |
| EPS-54599 | Enhancement: The installer no longer switches the FDE Pre-boot type to FDE Smart Pre-boot (EA feature) by default, now it requires applying a specific policy prior to installation. When installed, switching the type of Pre-boot can be done in policy settings during regular operations, eliminating the need for upgrades for switching as it was in previous versions. |
| EPS-54681 | Enhancement: Improved the FDE database maintenance, preventing memory allocation issues during long running installations. |
List of Resolved Issues in E88.20 for Windows
| ID | Description |
| General | |
| EPS-55646 | If there were several failed upgrade attempts, while the tray icon indicates an upgrade is scheduled, the UI may not open when launched from the tray icon. |
| Installation | |
| EPS-55620 | If the client is uninstalled improperly, subsequent reinstallation may fail to copy the required driver to the drivers folder, causing the computer to get stuck in a loading loop. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-29573 | In NGAV.log there may be multiple events for the DCSync sensor. |
| AHTP-29548 | After a computer reboot or Endpoint Security Clients upgrade, the Forensics reports are not displayed in UI (although they exist) until the next detection. The issue is cosmetic only. |
| AHTP-28878, AHTP-28864 | Remediation of some registry types fails. |
| AHTP-29603 | Business Impact data may be incorrect in the Forensics report. |
| Firewall and Application Control | |
| EPS-55969 | The Firewall Blade does not receive the policy after an upgrade from VPN Standalone to Endpoint Security Client. |
| Full Disk Encryption | |
| EPS-55711 | A password change in FDE Pre-boot may not be synchronized to the Server. |
- Feb 7, 2023
- 2,349
Threat Emulation Update
| Date | Release | Engine Version | What's New |
| 14 Mar 2024 | 11.15 | 60.990000664 |
|
- Apr 16, 2017
- 2,797
FYI & fwiw, Lithify waits a week or two before pushing out Harmony updates, eg, it is still holding 88.10 as it checks for "stability" -- seems like 88.20 followed quickly behind 88.10. Still running 88.00 here.
It's nice to see frequent updates that are actually significant rather than just minor changes
- Feb 7, 2023
- 2,349
Harmony Endpoint for Windows 88.30 Released 17th of April 2024.
List of New Features and Enhancements in E88.30 for Windows
| ID | Description |
| General | |
| EPS-55958 | Enhancement: Endpoint Security Clients now supports uploading CPInfo to Amazon Simple Storage Service (S3) through push operation and manually using the S3 application. |
| EPS-56017, EPS-56084 | Enhancement: Administrators now have the ability to set a timeout and require a password for the Disable Capabilities feature in the General section of Client Settings. This password prompt, currently available only in English, allows control over who can disable capabilities on any Windows client by requiring password authentication before accessing the Disable Capabilities screen on the Client User Interface. Once capabilities are disabled, the specified timeout interval determines the duration after which the disabled capabilities are automatically restored to operational status. |
| EPS-55626 | Enhancement: The Threat Emulation Blade in Client UI is displayed as File Protection. |
| Anti-Bot and URL Filtering | |
| AHTP-29728 | Enhancement: The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point ThreatCloud. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process. |
| Anti-Malware E1 | |
| EPS-56022 | Enhancement: The Anti-Malware E1 Blade now allows to specify the processes which are spawned from trusted processes (for example, their descendants) that should be excluded from malware scans and monitoring. This minimizes unnecessary resources utilization and potential false positives. |
| Anti-Malware E2 (US-DHS and EU compliant) | |
| AHTP-29459 | NEW: Added ability to update SA and OFR offline. Refer to sk180690 to preform Offline Update. |
| AHTP-29036 | Enhancement: It is now possible to install only the Anti-Malware E2 Blade, independently from installing the Threat Emulation blade. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| EPS-56719 | Enhancement: Improved the time it takes to upload events to threat hunting. |
| EPS-56439 | Enhancement: The detection of ransomware is now faster. Implemented a new mechanism that can potentially pause and prevent ransomware encryption from occurring in certain scenarios, particularly during the initial stages of an attack. |
| AHTP-30039, AHTP-30236, AHTP-30230, AHTP-30209, AHTP-30096, AHTP-30207, AHTP-29600, AHTP-28396, AHTP-30208 | Enhancement: Improved the signature capabilities. |
| AHTP-29652 | Enhancement: Improved the signature accuracy. |
| AHTP-29396 | Enhancement: Improved visibility of sensors into processes. |
| AHTP-28910 | Enhancement: Improvements in remediation. |
| Full Disk Encryption | |
| EPS-54915 | Enhancement: PIV Smartcard driver now supports IDEmia Cosmo 8.1 cards and compressed certificates. |
| EPS-55613, EPS-55187 | Enhancement: Both the FDE classic Pre-boot and Smart Pre-boot flows are now refined to a smoother flow for visually impaired users. |
| Threat Emulation | |
| AHTP-28907 | NEW: In Advanced Capabilities, added Detect/ Prevent/ Off modes for these sensors:
|
List of Resolved Issues in E88.30 for Windows
| ID | Description |
| Installation | |
| EPS-55909 | In a rare scenario, the Firewall and Application Control process becomes unresponsive, resulting in repeated failures during client upgrades. |
| Anti-Malware E1 | |
| EPS-54953 | No data is fetched with the "GetQuarantineFileData" API command. In cpda.log, there is the "Failed to get list [cpda::QuarantineFiles::GetList]" error. |
| EPS-56269 | In a rare scenario, after an upgrade, the Anti-Malware Blade may crash and restart. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-30187 | When Registry Save Block detection is triggered, the Anti-Ransomware detection pop-up may appear instead of the Behavioral Guard detection notification. |
| AHTP-30019 | Processing many large PowerShell scripts leads to increased memory consumption. |
| AHTP-30073 | CPU consumed by the EFR process may be high. |
| Threat Emulation | |
| AHTP-30103 | When reaching the Threat Emulation Quota limit, the Threat Emulation Blade reports to the Management the "Not Connected" status instead of "Quota reached". |
| Remote Access VPN | |
| ESVPN-4257 | In rare scenarios, Watchdog may restart the VPN UI process multiple times. |
| ESVPN-4267 | After an upgrade to E88.00, the "Create site from link" feature may stop functioning as expected. |
- Feb 7, 2023
- 2,349
Threat Emulation Engine Update
| Date | Release | Engine Version | What's New |
| 15 Apr 2024 | 11.16 | 60.990000707 |
|
Buy here:
Buy Check Point Harmony Endpoint Subscription Online - Lithify
Harmony Endpoint subscription available from a team of UK Consultants
You can download before subscribing for a 30 day free trial. Just ask the reseller's support for the trial download link.
- Feb 7, 2023
- 2,349
Harmony Endpoint for Windows 88.40 (includes 88.31 as well which was very minor).
Threat Emulation Engine Update
The new DLL Sideloading detection engine:
List of New Features and Enhancements in E88.40 for Windows
| ID | Description |
| General | |
| EPS-56509 | Enhancement: It is now possible to scan Active Directory using custom filters. |
| EPS-56288 | Enhancement: SmartEndpoint is no longer required for configuring Tiny Agent deployment. All configuration can now be done in the Endpoint Web Management Console. |
| EPS-56353 | Enhancement: The system now employs a more accurate language detection mechanism to automatically select the appropriate localized user interface language based on the Operating System default settings, providing a seamless experience without manual selection. |
| Anti-Bot and URL Filtering | |
| AHTP-30168 | Enhancement: Added the URLF Popups Suppression feature, which controls the frequency of URL Filtering popups for the same blocked URL. |
| Anti-Malware E2 (US-DHS and EU compliant) | |
| AHTP-28942 | Enhancement: Added integration with the Media Encryption Blade for scanning connected removable drives. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-30432 | Enhancement: Enhanced the Threat Prevention methods against some types of attacks. |
| AHTP-30177 | Enhancement: Improved visibility into processes attached to a debugger. |
| EPS-56438 | Enhancement: Improved the honeypot files naming algorithm to enhance the security against targeted attacks. |
| AHTP-30575 | Enhancement: Improved the efficiency of executing advanced threat signatures. |
| AHTP-29665 | Enhancement: Improved visibility into files mounted from disc image or CD image. |
| Full Disk Encryption | |
| EPS-55826 | Enhancement: Added support for performing Mobile Enrollment from the Endpoint Security Client UI when using the FDE Smart Pre-boot (EA feature). If Smart Pre-boot features that require Mobile Login are enabled, users are now prompted to enroll their mobile devices for authentication purposes. |
| Media Encryption and Port Protection | |
| EPS-56549 | Enhancement: Added support for the Media Encryption and Port Protection Blade on systems running the ARM architecture. |
| EPS-55477 | Enhancement: In Media Encryption authorization scanning, improved the dialog for Anti-Malware scanning progress. |
| Remote Access VPN | |
| ESVPN-3189 | Enhancement: Added ability to centrally manage the browser for authentication using Identity Provider from the trac_client_1.ttm file. Refer to sk75221. |
List of Resolved Issues in E88.40 for Windows
| ID | Description |
| General | |
| EPS-55056 | There may be many redundant vsdatant*.sys files in the %SystemRoot%\System32\Drivers folder. |
| Installation | |
| EPS-55713 | In a rare scenario, an upgrade fails and the computer loses network connectivity. |
| Anti-Malware E1 | |
| EPS-56727 | The Anti-Malware E1 engine may be still registered in Windows Security Center, although it was disabled using the Edit Capabilities option. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-30461 | Because of a rare race condition, the CPSECHOST process may exit and generate a dump file. |
| AHTP-30510 | Monitored Registry values are not represented correctly in the Forensics database. |
| EPS-54475 | An Excel plugin may not work as expected while the Anti-Ransomware, Behavioral Guard and Forensics Blade is enabled. |
| AHTP-30401, AHTP-29854 | Some Forensics reports/logs may have processes written as "unknown". |
| Firewall and Application Control | |
| EPS-55915 | After an upgrade, the Firewall and Application Control Blade may be displayed as not running because of a vsdatant.sys driver error. |
List of Resolved Issues in E88.31 for Windows
| ID | Description |
| General | |
| EPS-56891 | After an upgrade to E88.10, frequent reboot may occur. |
| Anti-Ransomware, Behavioral Guard and Forensics | |
| AHTP-30620 | PowerShell or .NET related scripts may fail. |
| AHTP-30676 | Some processes specified through the Monitoring and Exclusions action in the Policy are not fully excluded by the Forensics component from analysis as intended. |
| AHTP-30757 | Policy update may be blocked until a signature update or restart of the EFR service. |
Threat Emulation Engine Update
| 15 May 2024 | 11.17 | 60.990000740 |
|
The new DLL Sideloading detection engine:
Similar threads
