New Update Harmony Endpoint Release Notes and Roadmaps

simmerskool

Level 38
Verified
Top Poster
Well-known
Apr 16, 2017
2,797
EDIT: Looks like lithify uk lost their rights to resale and their account got suspended.
What! I've been busy doing something else and not running my Harmony VM for the past week, was unaware of this, no email message from Lithify...

EDIT: I now see updated input from Trident re Lithify, at least for the time being.
 
Last edited:
  • Like
Reactions: Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
well I do have DeepInstinct on hardware and Harmony on VM, all good so far :D
Theoretically they could work together on one host, if DI processes are excluded under Infinity Portal and Check Point processes are excluded under DI console. Also, do not Integrate DI to security centre. Or Integrate DI there and do not install anti-malware engine under Harmony. But it is not necessary really.
 
  • +Reputation
Reactions: simmerskool

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Harmony Endpoint Windows Client v 88.50 released 5th of Aug 2024.

List of New Features and Enhancements in E88.50 for Windows​

IDDescription
General
AHTP-30360Enhancement: Added Data Loss Prevention (DLP) capability which detects and prevents unauthorized transmission of confidential information, such as social security numbers, credit card numbers, bank account numbers and so on. Refer to Harmony Endpoint EPMaaS Administration Guide > Configuring the Endpoint Policy > Data Loss Prevention.
AHTP-30649Enhancement: The system now automatically blocks vulnerable drivers upon their creation on the device. This includes drivers that are downloaded, extracted, copied, or otherwise introduced to the system.
EPS-56912Enhancement: Installing any of the Anti-Malware, Anti-Bot, Forensics, or Threat Emulation blades requires Microsoft .NET Framework version 4.7.2 or higher.
For all other configurations, the minimum required Microsoft .NET Framework version is 4.6.1. Refer to sk182480.
EPS-57300Enhancement: Enhanced software security through advanced compilation techniques and updated the core libraries, strengthening enterprise protection.
EPS-57548Enhancement: The Harmony Endpoint connectivity tool no longer uses E1 URLs.
EPS-56975Enhancement: Added pagination to the Blade tabs tables in the Clients UI to improve the performance when loading large datasets.
Anti-Bot and URL Filtering
AHTP-30718Enhancement: URL Filtering eliminates User Check popups for blocked connections in supported browsers with the Harmony Extension installed. This reduces interruptions, improving user experience. In Incognito mode, blocked connections are silently dropped.
AHTP-30872Enhancement: URL Filtering logs in the Management Server logs now include additional information:
  • Policy Name
  • Policy Version
  • Policy Installation Time
  • Process Path
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-30787Enhancement:
  • Added ability to recover malware files detected and removed from critical system areas, which was previously restricted.
  • Malware detection alerts now appear on both the client UI and the management console.
AHTP-30618Enhancement: The Critical Scan feature is improved to include boot sector scanning.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-30058Enhancement: Refined the ability to detect network-related security threats.
AHTP-30673Enhancement: Improved the detection of some types of Ransomware and Wipers.
EPS-56879Enhancement: Improved the RDP usage information for advanced signatures.
AHTP-30810Enhancement: When illegitimate login attempts are detected, the account that is targeted will be removed from the list of accounts authorized to access the specific computer.
EPS-56740Enhancement: Data transferred through OS pipes is now reported to the Threat Hunting tool.
EPS-57500Enhancement: Additional folders in ProgramData are now protected against tampering.
EPS-56617Enhancement: Optimized detection algorithm to reduce false positives in generic anti-ransomware signature.
Full Disk Encryption
EPS-56482Enhancement: After a password change, Microsoft Entra ID users are now prompted to lock and unlock the computer to synchronize the Windows password and the FDE Pre-boot password.
EPS-57260Enhancement: The Mobile Enrollment feature in the Endpoint Security Client UI now supports all the available languages.
EPS-55822Enhancement: FDE Pre-boot Remote Help now features a user-friendly wizard interface. This guided flow helps users easily select the type of assistance they need before system boot.
EPS-56840Enhancement: The PS2 keyboard default setting for Dell Latitude 5420 laptops is now changed to "FALSE" (disabled).
Media Encryption and Port Protection
EPS-56627Enhancement: Printers installed as software devices are now controlled by the Media Encryption and Port Protection Blade, allowing administrators to apply access policies and rules to regulate communication with these virtual printer resources, enhancing security oversight.


List of Resolved Issues in E88.50 for Windows​



IDDescription
General
EPS-57575Launching SmartConsole from Smart-1 Cloud portal fails after Endpoint Security Clients upgrade to E88.41. Refer to sk182532.
Anti-Ransomware, Behavioral Guard and Forensics
EPS-56823Abnormally high memory usage by the EFR service at first login after a PC reboot.
AHTP-30740 There maybe multiple EFRSAL_*.ds files in the DBStore directory.
AHTP-30785Some internal system files, which are not created by users, are listed in the Restoration UI screen.
Threat Emulation
AHTP-30786When the File Reputation feature sends a report to the Management Server and XDR, the Protection Name field sometimes displays as either "File.Rep." or "Unknown" instead of a more specific identifier.
Remote Access VPN
ESVPN-4273When a non-administrator user creates a VPN site from a link, the browser does not prompt the VPN GUI to open.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
Threat Emulation Engine Release Updates
15 July 202411.1960.990000825
  • Harmony Email is now inspecting HTML attachments by a new AI model, this adds an additional layer of security to email attachments.
  • SHTML files (HTML files that allow server-side includes - SSI) will now undergo static inspection - currently applies to files transmitted via API only.
  • Dynamic inspection signatures now seamlessly integrate insights from static analysis. This powerful combination ensures even greater accuracy and reliability.
  • Fixed a bug in on-prem appliance configuration: on some cases File Classification misalignment between the requesting Gateway and the remote appliance caused the requests to fail.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
when was 88.50 released...?
5th of Aug (just a few days ago). Updated is the core .Net Framework to make the way for a series of performance improvements, which will be made. Anti-Ransomware, Behavioural Guard and Forensics are once again improved. UI and static analysis are GPU optimised. All signatures are now placed in a smarter way to improve HEP loading time.
 

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,641
5th of Aug (just a few days ago). Updated is the core .Net Framework to make the way for a series of performance improvements, which will be made. Anti-Ransomware, Behavioural Guard and Forensics are once again improved. UI and static analysis are GPU optimised. All signatures are now placed in a smarter way to improve HEP loading time.
Checkpoint have some of the best security suites available and seems like their prices are competitive as well
But specifically at Harmony they definitely need to keep improving the performance usage and seems like they are keeping improving on that front
 

Vitali Ortzi

Level 27
Verified
Top Poster
Well-known
Dec 12, 2016
1,641
Checkpoint got good results in some tests it's been gone through
homepage-v4-competitor-sample-chart.png
 

Faxx

Level 1
Sep 7, 2017
16

List of New Features and Enhancements in E88.60 for Windows​





IDDescription
General
EPS-57370Enhancement: Super Node feature now supports environments with restricted network access for local accounts. In setups where local users cannot log into Super Node machines from the network, a special registry key allows the Super Node to run with elevated privileges. This ability enables the NGINX process, which serves files via HTTP protocol, to operate as system instead of a dedicated local user account.
Note, this is not a recommended setup. It should only be used in specific scenarios.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-31304Enhancement: Anti-Malware signature update source is now added to the Management Server event logs.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31234Enhancement: Improved detection of ransomware in rare scenarios.
AHTP-30632Enhancement: Improved the defense against some behavioral patterns.
AHTP-31232,
AHTP-31167
Enhancement: Improved the usage of advanced signatures.
AHTP-31047,
AHTP-31046
Enhancement: Reduced the size of some internal files.
Browser Extension
AHTP-30541Enhancement: Blocking the browser Incognito mode in Chrome, Edge, Firefox, Brave using Management policy is now supported.


List of Resolved Issues in E88.60 for Windows​



IDDescription
General
EPS-57593The progress of manual CPInfo upload to Check Point FTP gets stuck displaying incorrect percentage after completion, for example, "100%483647%" , leaving the CPInfo terminal window open in that state.
EPS-57517When internal Endpoint Security communication is lost, the Host Isolation feature does not function as expected.
Installation
EPS-57354In rare scenarios, upgrade package installation fails with "Product: Check Point Endpoint Security – Error 27562.Changing configuration of Check Point Endpoint Security is not allowed. Please check that the password you have entered is correct or contact your system administrator".
EPS-57338The CPDA process exits with a dump file after an upgrade of Endpoint Security Clients.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31207The EFR service dump file is created on a multi-role Server.
AHTP-31218Real Time Attack Context can initially lead to increased memory and CPU consumption compared to regular signatures. However, by replacing multiple signatures, it's expected to ultimately reduce overall resource usage.
AHTP-31189False positive matches of advanced signatures are returned for trusted .dll files.
THPTSE-1090,
THPTSE-1071,
THPTSE-1041
Some information may be missing in Threat Hunting logs.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top