New Update Harmony Endpoint Release Notes and Roadmaps

Xeno1234

Level 14
Jun 12, 2023
684
Harmony Endpoint 88.00 released 22 Jan 2024

List of New Features and Enhancements in E88.00 for Windows​

IDDescription
Installation
EPS-53476,
EPS-52966,
EPS-53474,
EPS-53475
Enhancement: Endpoint Client now supports Windows 11 with Smart App Control on also when the machine is offline.
General
EPS-53326Enhancement: Harmony Endpoint now sends hardware info to the Server.
EPS-52855Enhancement: Harmony Endpoint now supports Azure Active Directory Domain Services.
EPS-53824Enhancement: Harmony Endpoint now supports uninstalling Trellix (as part of McAfee product). It can be done using the "REMOVEPRODUCTS" parameter.
EPS-53568Enhancement: Harmony Endpoint now supports Quarantine Management with the external Server API.
EPS-54298Enhancement: Date format now consists of three letters of the month, followed by the day, year and time. For example, Oct 5, 2023 2:47 PM.
Anti-Malware E1
EPS-52360,
EPS-52427
Enhancement: Anti-Malware E1 license is now updated automatically also on VDI and in Super Node environments.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-28464Enhancement: The Anti-Malware E2 Blade now supports critical area scans.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-28985Enhancement: Expanded Windows component monitoring, which translates to enhanced protection.
AHTP-28394Enhancement: When detection occurs, the reports to Threat Hunting are now sent faster.
AHTP-29022,
AHTP-29212
Enhancement: Performances improvements for advanced signatures.
AHTP-29511Enhancement: Improved injections logic for better detections of malicious operations.
AHTP-28670Enhancement: Improved the protections against advanced malware.
AHTP-29063Enhancement: Silent signatures for leads are no longer forwarded to Threat Hunting to minimize the risk of the user confusing them with actual attacks.
EPS-51193Enhancement: Improved the AMSI exclusion mechanism.
AHTP-29002Enhancement: Improved the AMSI performance on Exchange Servers.
AHTP-29125Enhancement: Behavioral Guard and Forensic Blade now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process.
EPS-53174,
AHTP-29535
Enhancement: Improved Behavioral analysis by scanning of event related data blocks.
Compliance and Posture
EPS-54676Enhancement: Improvement in the Posture Management Installation rate.
Firewall and Application Control
EPS-52605Enhancement: Application Control Custom Rules evaluation is optimized for performance.
Full Disk Encryption
EPS-53212Enhancement: Updated the Full Disk Encryption Smart Pre-boot Wi-Fi drivers.
EPS-53782Enhancement: The Full Disk Encryption Blade now supports users from Microsoft Entra ID, previously known as Azure Active Directory. Some limitations regarding FDE Preboot password synchronization apply.
EPS-52436Enhancement: Full Disk Encryption Preboot now supports longer user names (up to 64 symbols) and passwords (up to 256 symbols), removing the previous 31-symbol limit. This change applies to user credential fields in both FDE Preboot and the FDE Recovery Tool.
Browser Extension
AHTP-29380Enhancement: Added browser-based Data Leak Prevention (DLP) capability for Early Availability (EA) customers. In the initial phase, when the browser extension is activated, security is enhanced through the scanning of both uploaded and downloaded files.
Remote Access VPN
ESVPN-3888Enhancement: VPN blade of Endpoint Security now shows Office Mode IP as Client IP address in main client window for clients that support Office Mode.

List of Resolved Issues in E88.00 for Windows​


IDDescription
Installation
EPS-53622When running Nano-agent installer with the "/s" flag, the initial client installer UI is shown during the installation.
EPS-54477Full package MSI upgrade from versions below E83.00 is not supported.
General
EPS-54441In some scenarios, AD Scanner cannot enumerate large groups.
EPS-32426Special characters ('<>"&\/) are not supported in AD Scanner passwords.
AHTP-29120The NGAV log may be empty.
EPS-52952Copy button in the Threat Emulation/Anti-Malware incident details table does not respond.
Anti-Malware E1
EPS-54112During uninstallation/upgrade the Anti-Malware Blade E1 may not be registered correctly with Windows Security Center (WSC), so WSC may have several registrations.
EPS-50241The Anti-Malware E1 Blade may be stuck in "Initializing" state, when the Anti-Malware Blade is turned off in the policy.
EPS-52315The Anti-Malware E1 Blade may get stuck on shutdown during an upgrade, which may result in Endpoint upgrade failure and machine freeze.
EPS-52339When Anti-Malware E1 license is expired, the new license may not be updated until the next signatures update.
EPS-52525Anti-Malware E1 may fail to update signatures when the blade is short of free memory.
EPS-53102Anti-Malware E1: Potential denial of service vulnerability on Harmony Endpoint processes.
EPS-53441Anti-Malware E1: "Contextual Scan" is paused, although the computer is not idle.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-28860The Anti-Malware Blade E2 may appear as OFF in the UI while it is actually running.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-29115Sending to Threat Hunting fails with the access error to dispose the object.
EPS-53515QuestaSim compilation fails when the Forensics blade is enabled .
AHTP-28841The EfrService process can frequently exit with dump files.
AHTP-29176The EfrService process may exit with the "CorruptedDB: SQL exception (code 19): SQLITE_CONSTRAINT[19]: FOREIGN KEY constraint failed" error printed in the log.
EPS-53308Corrupt databases may not be deleted which affects the internal storage space.
EPS-54422In rare scenarios, the Forensics Blade may not update the exclusion lists of sensors when applying a new policy.
AHTP-29344Purging Forensic database fails with the "SQL exception (code 19)" error.
AHTP-29219The forensics process may crash cause system instability.
AHTP-29454During the database operations, the EfrService process may frequently exit.
EPS-54741After a OS upgrade from Win 11 22H2 to 23H2, CPU usage of the EfrService may be very high (30-50%) for a few hours.
AHTP-29136The WmiPrvSE.exe process creates a dump during OS startup if Endpoint client is installed (with Harmony Browse and Anti-Malware DHS blades only).
EPS-53266Changing the icon visibility may not be applied.
AHTP-29162Even after reboot, the EfrService process continues to utilize approximately twenty percent of the CPU.
Compliance and Posture
EPS-53647When running the .exe file of a patch in the command line, may not return any output, although a menu should appear.
Full Disk Encryption
EPS-53550Uninstalling Full Disk Encryption fails with "Error 27118. Full Disk Encryption cannot be uninstalled while encryption is active".
Media Encryption and Port protection
EPS-42632The MEPP service may crash after an upgrade.
EPS-53823BSOD may occur when blocking Bluetooth devices with Dell Pair software installed.
Remote Access VPN
ESVPN-3989Machine authentication may fail with the "Internal Error" message if the Data Integrity algorithm is set to SHA-256.
ESVPN-4058During the Secure Domain login, VPN client may not display certificates from Yubikey device when it is installed together with UUIC Reader/eSIM.
ESVPN-4051Potential memory leakage in VPN UI.
ESVPN-4130While selecting the OTP delivery method, it is necessary to enter the digit “1” or “2” with the leading space. Without a leading space, the response is not sent to the RADIUS Server.
What does Anti Malware now supports critical scan areas mean?
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
Today I am running VM with harmony after not running it for a few weeks (testing something else), & harmony seems to be running fine, I updated win10 and other apps ok. I am having a new issue with harmony, it is blocking vpn connection. see screen snip. Is this because the connection is http: :unsure: I have NOT been playing in checkpoint cloud portal (forget the exact name)

1706055121047.png
 

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Today I am running VM with harmony after not running it for a few weeks (testing something else), & harmony seems to be running fine, I updated win10 and other apps ok. I am having a new issue with harmony, it is blocking vpn connection. see screen snip. Is this because the connection is http: :unsure: I have NOT been playing in checkpoint cloud portal (forget the exact name)

View attachment 281095
Somebody has activated the anonymiser category in web blocking, it could’ve been Lithify.
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
Somebody has activated the anonymiser category in web blocking, it could’ve been Lithify.
Yes thanks, I assumed as much; however, at the risk of exposing my sometimes_cluelessness, not sure what that means, ie, why they did that... I know what anonymous means, but not in this context. I'll see if @Bot knows... (Lithify initially were sending me emails more than I wanted or needed, later I asked a question & IIRC I did not get a reply) -- I'll see what happens today. When are you up and running with your biz...?

EDIT both @Bot & chatGPT put this into context for me -- I had never heard eg vpn described as an anomymizer before, ok sure that's what it does. But also note, I am NOT fully blocked from using my vpn, ie, I am online via vpn even though harmony initially blocked Proton VPN: Fast, private, and secure VPN service but I was not blocked from making a vpn connection. I think the block was an initial connection from vpn client to check status or my credentials. So still wondering if the block also relates to http rather than https of this URL. :unsure:
 
Last edited:
  • Like
Reactions: Dave Russo

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
Update to Harmony blocking my access to vpn ie anonymizer: is now *fixed* by removing that from its URL filter, although unclear how or exactly when it was enabled, but not fretting about that.
 
  • Like
Reactions: Dave Russo

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
minor discrepancy with Harmony Web Protection browser extension... In Edge the icon for this extension is a red thingy with a block dot and when a file is downloaded it shows a down arrow signifying that Harmony is analyzing the incoming file before it gets to my machine (my understanding) BUT in Firefox the icon is a red ball with a continuous graph scrolling from right to left, and when I download I do not see the down arrow. Anyone else seeing this? I find it "odd" that the icon looks different, makes me wonder if it is working correctly in both browsers?
 

TaoHouZi

New Member
May 13, 2020
3
These days I try checkpoint on MacOS,I found it's anti-malware module can only use sophos engine but not kaspersky(when It detected something,the virus name is from sophos),even though I never change to E2 in my website control center.
And in windows,It use kaspeesky,but I get many bugs.1. I only get notifaction when the TE detected something,but not the anti-malwareall the time(I set show all the message in the control center). 2.after I use the checkpoint for about one day.The Te and Anti-ransomware' policy version disappear on the overview,and the log all disappeared.After that,I can not get the notifaction from te all the time. But I can see the policy version connected from the advanced-policy.
So what happened?I have try to reinstall the checkpoint,the same wrong.it is the bug?
 

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
updated to 88.00 here :D (finally -- after no updates since 87.30). One unnecessary "worry" with the update process, after Harmony updated, the systray icon had a yellow flag, so I opened the client and all it said on main screen was "one security warning was discovered" -- YIKES! but a little digging into it, & all it wanted was to run a scan, so did that, NO detections, 100%
Harmony is performing well on this win10_vm. No slowdowns except the expected "delay" as it analyzes downloads in its cloud. That's fine with me. Also like the phishing protection for sites wanting username & pw.
PS I got an email from checkpoint about requiring everyone to setup a 2fa to access the portal. That'll need some coordination with reseller...
 
  • Like
Reactions: Trident

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
These days I try checkpoint on MacOS,I found it's anti-malware module can only use sophos engine but not kaspersky(when It detected something,the virus name is from sophos),even though I never change to E2 in my website control center.
And in windows,It use kaspeesky,but I get many bugs.1. I only get notifaction when the TE detected something,but not the anti-malwareall the time(I set show all the message in the control center). 2.after I use the checkpoint for about one day.The Te and Anti-ransomware' policy version disappear on the overview,and the log all disappeared.After that,I can not get the notifaction from te all the time. But I can see the policy version connected from the advanced-policy.
So what happened?I have try to reinstall the checkpoint,the same wrong.it is the bug?
fwiw, my harmony experience has NOT been buggy at all. (but I'm sharing the load with reseller, and Trident has been very helpful) But interested in your experience as I have 2 macs I could be protecting with harmony, but haven't felt the need to take that plunge, ... yet.
 
  • Like
Reactions: Trident

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Harmony Endpoint for Windows 88.10 released 03/03/24
General
EPS-54795Enhancement: The Client UI now sets the English language as the default if the provided LCID value corresponds to a language that is not officially supported.
EPS-55155Enhancement: Performance improvements of the anti-tampering mechanism for network drives accessed by users.
Installation
EPS-54691Enhancement: Endpoint Security Client installer now supports the Czech, Greek, Ukrainian, and Portuguese languages.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-29304,
AHTP-29142
Enhancement: Improved remediation against persistent malware.
AHTP-29296,
AHTP-29293
Enhancement: Improved the detection of malware masquerading.
AHTP-29486Enhancement: Improved evasion techniques detections.
AHTP-29404Enhancement: Improved the accuracy of wipers detection.
AHTP-29550Enhancement: Improved the remediation process for detected DLLs.
AHTP-29268Enhancement: Improved the detection of credentials theft.
AHTP-29726Enhancement: Added support for advanced signatures.
AHTP-29117Enhancement: Harmony Endpoint management now enforces a new Global policy if it is changed, and Endpoint Security Client applies URLS changes without a reboot.
AHTP-29251Enhancement: Improved the detection of shadow copy creation.
Firewall and Application Control
EPS-54988Enhancement: The VSMON process now speeds up the opening of listen sockets by 20% when dealing with high network loads, like those encountered by DNS servers.
Full Disk Encryption
EPS-54700Enhancement: Wi-Fi card for the Lenovo L14 Generation 3 is now supported in FDE Smart Pre-boot (EA feature).
Threat Emulation and Anti-Exploit
AHTP-28892Enhancement: The TESvc service is now renamed to CPFileAnlyz (Check Point Endpoint Security File Analyzer).


List of Resolved Issues in E88.10 for Windows​



IDDescription
General
EPS-54868The "Invalid file path" error is displayed when entering non-ASCII characters in the path for the copying/moving file action in Push Operations.
EPS-54453The remote push operation utilizes PowerShell x86 on 64-bit systems, causing some commands exclusive to the 64-bit version to malfunction.
AHTP-29676Remediation Management cannot restore files when the restored file path is longer than 260 characters.
Installation
EPS-54879The Client may request a reboot during active deployment.
Anti-Malware E1
EPS-53603Anti-Malware E1 Behavioral Monitor does not start, and the blade status is "Error".
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-29656The "Reputation Service" feature of Anti-Malware E2 may not work, if there is more than one active network device and each device has a different DNS address.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-29507In the EFRService log, there are multiple errors about RemediationConfig.xml, when Registry Remediation detections appear as working.
AHTP-29021The EFRService process may consume 100% of CPU.
AHTP-29724There may be wrong incident Status and Remediation in the Forensics report in Detect mode incidents.
AHTP-29456In NGAV logs, there may be many detections of amsibypass and exceptions related to amsibypass indicator match.
AHTP-29457The LK_FileOp table may not indicate the "mount" flag for some operations.
Firewall and Application Control
EPS-54964Developer Protection fails to display alerts when committing sensitive information using x64 bit process.
Media Encryption and Port protection
EPS-54943When running media encryption authorization scanning on a newly encrypted volume that is empty, the error "Not all files could be scanned" may be displayed. If this occurs, a possible workaround is to either reformat the encrypted volume or access it on another machine.
Threat Emulation and Anti-Exploit
AHTP-29492When the Threat Emulation Blade is configured as "Off" in policy, the CPFileAnalyzeservice may report an error that the Threat Emulation blade is "Not Available". This is a cosmetic issue.
 

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Threat Emulation Engine updates
DateReleaseEngine VersionWhat's New
25 Feb 202411.1460.990000614
  • Threat Emulation now supports static inspection of Active Server Pages Extended (ASPX) files type.
  • Threat Emulation summary(Report) is now points to the XDR summary of the malicious file prevented.
28 Jan 202411.1360.990000578
  • Static inspection is now more stable using resource allocation mechanism – see sk181596.
  • Reduced False Positive rate for DLL emulations.
  • Upgraded Yara engine with better performance and accuracy.
  • Improved password protected archives handling.
26 Dec 202311.1260.990000536
  • Support new geo location restriction – Canada, United Arab Emirates – see sk97877
  • Performance improvement for AV API when both AV and TE are active on the appliance– see sk181596
  • Improve emulation of Office documents with Macro enabled
  • Improve detection of signed EXE files with shellcode injection

New in ThreatCloud: Doc Link Defender.

How DocLink Defender Works: A Closer Look​

At the heart of DocLink Defender is a sophisticated engine designed to scrutinize the structure of commonly used document types, such as Office and PDF files. Its primary focus? To detect and evaluate embedded URLs. Mimicking the actions of a user, the engine “clicks” on each URL to determine if it points to a downloadable file on the internet.

Should a downloadable file be detected, the Defender doesn’t stop there. It takes the file and subjects it to an exhaustive Threat Emulation process. Each file is thoroughly emulated, ensuring that any lurking malicious content is identified before it can wreak havoc.

In the event a file is deemed malicious, the document harboring the questionable URL is immediately blocked, providing real-time defense against potential cyber threats. This proactive approach not only stops malware in its tracks but also ensures that organizations can maintain their operational integrity without the fear of interruption from cyber attacks.

With DocLink Defender, Check Point reaffirms its commitment to pioneering cybersecurity solutions that meet the challenges of today’s complex digital environment.
 
Last edited:

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Harmony Endpoint 88.20 for Windows released 13/03/24

List of New Features and Enhancements in E88.20 for Windows​


IDDescription
General
EPS-55122Enhancement: Implemented security measures for validation of software components, mitigating risks from unverified code. This enhances the Endpoint Client security posture and promoting reinforced computing environment.
AHTP-29126Enhancement: The Anti-Bot, URL Filtering, Threat Emulation and Anti-Malware E2 DHS Blades now better exclude specific processes and their associated subprocesses, improving analysis focus and streamlining the monitoring process.
EPS-54890Enhancement: It is now possible to see the installed hotfixes in the Endpoint Security Clients UI.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-29839Enhancement: Added support for the "SameFile" rule parameter for matching behavioral indicators.
AHTP-29598Enhancement: Added sensor to detect attack initiation from emails.
EPS-56206Enhancement: Modified the ranking algorithm to detect only file wipers.
AHTP-29670,
AHTP-29763
Enhancement: Improved stability of Endpoint Security Clients.
AHTP-29623Enhancement: Remediation now returns a new status - "FileAlreadyQuarantined", if the file is already handled as part of the incident. Previously, Remediation manager showed "File already deleted", when files were quarantined.
Compliance and Posture
EPS-54471Enhancement: Harmony Endpoint now supports Posture Automatic Deployment configured in policy.
Full Disk Encryption
EPS-54599Enhancement: The installer no longer switches the FDE Pre-boot type to FDE Smart Pre-boot (EA feature) by default, now it requires applying a specific policy prior to installation. When installed, switching the type of Pre-boot can be done in policy settings during regular operations, eliminating the need for upgrades for switching as it was in previous versions.
EPS-54681Enhancement: Improved the FDE database maintenance, preventing memory allocation issues during long running installations.

List of Resolved Issues in E88.20 for Windows​



IDDescription
General
EPS-55646If there were several failed upgrade attempts, while the tray icon indicates an upgrade is scheduled, the UI may not open when launched from the tray icon.
Installation
EPS-55620If the client is uninstalled improperly, subsequent reinstallation may fail to copy the required driver to the drivers folder, causing the computer to get stuck in a loading loop.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-29573In NGAV.log there may be multiple events for the DCSync sensor.
AHTP-29548After a computer reboot or Endpoint Security Clients upgrade, the Forensics reports are not displayed in UI (although they exist) until the next detection. The issue is cosmetic only.
AHTP-28878,
AHTP-28864
Remediation of some registry types fails.
AHTP-29603Business Impact data may be incorrect in the Forensics report.
Firewall and Application Control
EPS-55969The Firewall Blade does not receive the policy after an upgrade from VPN Standalone to Endpoint Security Client.
Full Disk Encryption
EPS-55711A password change in FDE Pre-boot may not be synchronized to the Server.
 

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Threat Emulation Update
DateReleaseEngine VersionWhat's New
14 Mar 202411.1560.990000664
  • Threat Emulation introduces DocLink Defender – a new approach evaluating files linked by URLs in documents.
  • Extended mechanism to verify EXE/DLL certificates
  • Performance improvements have been made to handle PDF files more efficiently. Fewer PDF files will undergo full emulation based on internal decision-making processes.
 
  • Like
Reactions: harlan4096

simmerskool

Level 31
Verified
Top Poster
Well-known
Apr 16, 2017
2,082
Harmony Endpoint 88.20 for Windows released 13/03/24
FYI & fwiw, Lithify waits a week or two before pushing out Harmony updates, eg, it is still holding 88.10 as it checks for "stability" -- seems like 88.20 followed quickly behind 88.10. Still running 88.00 here.
 
  • Like
Reactions: Trident

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Harmony Endpoint for Windows 88.30 Released 17th of April 2024.

List of New Features and Enhancements in E88.30 for Windows​





IDDescription
General
EPS-55958Enhancement: Endpoint Security Clients now supports uploading CPInfo to Amazon Simple Storage Service (S3) through push operation and manually using the S3 application.
EPS-56017,
EPS-56084
Enhancement: Administrators now have the ability to set a timeout and require a password for the Disable Capabilities feature in the General section of Client Settings. This password prompt, currently available only in English, allows control over who can disable capabilities on any Windows client by requiring password authentication before accessing the Disable Capabilities screen on the Client User Interface. Once capabilities are disabled, the specified timeout interval determines the duration after which the disabled capabilities are automatically restored to operational status.
EPS-55626Enhancement: The Threat Emulation Blade in Client UI is displayed as File Protection.
Anti-Bot and URL Filtering
AHTP-29728Enhancement: The Anti-Bot Blade now includes DNS Inspection support, which utilizes Check Point ThreatCloud. This protection allows Anti-Bot to block access to malicious domains during the DNS resolution process.
Anti-Malware E1
EPS-56022Enhancement: The Anti-Malware E1 Blade now allows to specify the processes which are spawned from trusted processes (for example, their descendants) that should be excluded from malware scans and monitoring. This minimizes unnecessary resources utilization and potential false positives.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-29459NEW: Added ability to update SA and OFR offline. Refer to sk180690 to preform Offline Update.
AHTP-29036Enhancement: It is now possible to install only the Anti-Malware E2 Blade, independently from installing the Threat Emulation blade.
Anti-Ransomware, Behavioral Guard and Forensics
EPS-56719Enhancement: Improved the time it takes to upload events to threat hunting.
EPS-56439Enhancement: The detection of ransomware is now faster. Implemented a new mechanism that can potentially pause and prevent ransomware encryption from occurring in certain scenarios, particularly during the initial stages of an attack.
AHTP-30039,
AHTP-30236,
AHTP-30230,
AHTP-30209,
AHTP-30096,
AHTP-30207,
AHTP-29600,
AHTP-28396,
AHTP-30208
Enhancement: Improved the signature capabilities.
AHTP-29652Enhancement: Improved the signature accuracy.
AHTP-29396Enhancement: Improved visibility of sensors into processes.
AHTP-28910Enhancement: Improvements in remediation.
Full Disk Encryption
EPS-54915Enhancement: PIV Smartcard driver now supports IDEmia Cosmo 8.1 cards and compressed certificates.
EPS-55613,
EPS-55187
Enhancement: Both the FDE classic Pre-boot and Smart Pre-boot flows are now refined to a smoother flow for visually impaired users.
Threat Emulation
AHTP-28907NEW: In Advanced Capabilities, added Detect/ Prevent/ Off modes for these sensors:
  • ThreatCloud Reputation
  • Offline Reputation
  • Static Analysis of Office Files
  • Static Analysis of Executable files
  • Static Analysis of DDL Files
For more information about configuring these modes, see Harmony Endpoint EPMaaS Administration Guide > Configuring the Endpoint Policy > Configuring the Threat Prevention Policy > Web & Files Protection.


List of Resolved Issues in E88.30 for Windows​



IDDescription
Installation
EPS-55909In a rare scenario, the Firewall and Application Control process becomes unresponsive, resulting in repeated failures during client upgrades.
Anti-Malware E1
EPS-54953No data is fetched with the "GetQuarantineFileData" API command. In cpda.log, there is the "Failed to get list [cpda::QuarantineFiles::GetList]" error.
EPS-56269In a rare scenario, after an upgrade, the Anti-Malware Blade may crash and restart.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-30187When Registry Save Block detection is triggered, the Anti-Ransomware detection pop-up may appear instead of the Behavioral Guard detection notification.
AHTP-30019Processing many large PowerShell scripts leads to increased memory consumption.
AHTP-30073CPU consumed by the EFR process may be high.
Threat Emulation
AHTP-30103When reaching the Threat Emulation Quota limit, the Threat Emulation Blade reports to the Management the "Not Connected" status instead of "Quota reached".
Remote Access VPN
ESVPN-4257In rare scenarios, Watchdog may restart the VPN UI process multiple times.
ESVPN-4267After an upgrade to E88.00, the "Create site from link" feature may stop functioning as expected.
 

Trident

Level 28
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
1,787
Threat Emulation Engine Update

DateReleaseEngine VersionWhat's New
15 Apr 202411.1660.990000707
  • New engine for detecting side-loading DLLs now prevents archives containing suspicious DLLs by inspecting their relationships. Further information will be published soon.
  • Fix for a rare crash when running an executable.
  • Fix for a bug of processing office files.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top