New Update Harmony Endpoint Release Notes and Roadmaps

simmerskool

Level 41
Verified
Top Poster
Well-known
Apr 16, 2017
3,098
EDIT: Looks like lithify uk lost their rights to resale and their account got suspended.
What! I've been busy doing something else and not running my Harmony VM for the past week, was unaware of this, no email message from Lithify...

EDIT: I now see updated input from Trident re Lithify, at least for the time being.
 
Last edited:
  • Like
Reactions: Trident

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,364
well I do have DeepInstinct on hardware and Harmony on VM, all good so far :D
Theoretically they could work together on one host, if DI processes are excluded under Infinity Portal and Check Point processes are excluded under DI console. Also, do not Integrate DI to security centre. Or Integrate DI there and do not install anti-malware engine under Harmony. But it is not necessary really.
 
  • +Reputation
Reactions: simmerskool

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,364
Harmony Endpoint Windows Client v 88.50 released 5th of Aug 2024.

List of New Features and Enhancements in E88.50 for Windows​

IDDescription
General
AHTP-30360Enhancement: Added Data Loss Prevention (DLP) capability which detects and prevents unauthorized transmission of confidential information, such as social security numbers, credit card numbers, bank account numbers and so on. Refer to Harmony Endpoint EPMaaS Administration Guide > Configuring the Endpoint Policy > Data Loss Prevention.
AHTP-30649Enhancement: The system now automatically blocks vulnerable drivers upon their creation on the device. This includes drivers that are downloaded, extracted, copied, or otherwise introduced to the system.
EPS-56912Enhancement: Installing any of the Anti-Malware, Anti-Bot, Forensics, or Threat Emulation blades requires Microsoft .NET Framework version 4.7.2 or higher.
For all other configurations, the minimum required Microsoft .NET Framework version is 4.6.1. Refer to sk182480.
EPS-57300Enhancement: Enhanced software security through advanced compilation techniques and updated the core libraries, strengthening enterprise protection.
EPS-57548Enhancement: The Harmony Endpoint connectivity tool no longer uses E1 URLs.
EPS-56975Enhancement: Added pagination to the Blade tabs tables in the Clients UI to improve the performance when loading large datasets.
Anti-Bot and URL Filtering
AHTP-30718Enhancement: URL Filtering eliminates User Check popups for blocked connections in supported browsers with the Harmony Extension installed. This reduces interruptions, improving user experience. In Incognito mode, blocked connections are silently dropped.
AHTP-30872Enhancement: URL Filtering logs in the Management Server logs now include additional information:
  • Policy Name
  • Policy Version
  • Policy Installation Time
  • Process Path
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-30787Enhancement:
  • Added ability to recover malware files detected and removed from critical system areas, which was previously restricted.
  • Malware detection alerts now appear on both the client UI and the management console.
AHTP-30618Enhancement: The Critical Scan feature is improved to include boot sector scanning.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-30058Enhancement: Refined the ability to detect network-related security threats.
AHTP-30673Enhancement: Improved the detection of some types of Ransomware and Wipers.
EPS-56879Enhancement: Improved the RDP usage information for advanced signatures.
AHTP-30810Enhancement: When illegitimate login attempts are detected, the account that is targeted will be removed from the list of accounts authorized to access the specific computer.
EPS-56740Enhancement: Data transferred through OS pipes is now reported to the Threat Hunting tool.
EPS-57500Enhancement: Additional folders in ProgramData are now protected against tampering.
EPS-56617Enhancement: Optimized detection algorithm to reduce false positives in generic anti-ransomware signature.
Full Disk Encryption
EPS-56482Enhancement: After a password change, Microsoft Entra ID users are now prompted to lock and unlock the computer to synchronize the Windows password and the FDE Pre-boot password.
EPS-57260Enhancement: The Mobile Enrollment feature in the Endpoint Security Client UI now supports all the available languages.
EPS-55822Enhancement: FDE Pre-boot Remote Help now features a user-friendly wizard interface. This guided flow helps users easily select the type of assistance they need before system boot.
EPS-56840Enhancement: The PS2 keyboard default setting for Dell Latitude 5420 laptops is now changed to "FALSE" (disabled).
Media Encryption and Port Protection
EPS-56627Enhancement: Printers installed as software devices are now controlled by the Media Encryption and Port Protection Blade, allowing administrators to apply access policies and rules to regulate communication with these virtual printer resources, enhancing security oversight.


List of Resolved Issues in E88.50 for Windows​



IDDescription
General
EPS-57575Launching SmartConsole from Smart-1 Cloud portal fails after Endpoint Security Clients upgrade to E88.41. Refer to sk182532.
Anti-Ransomware, Behavioral Guard and Forensics
EPS-56823Abnormally high memory usage by the EFR service at first login after a PC reboot.
AHTP-30740 There maybe multiple EFRSAL_*.ds files in the DBStore directory.
AHTP-30785Some internal system files, which are not created by users, are listed in the Restoration UI screen.
Threat Emulation
AHTP-30786When the File Reputation feature sends a report to the Management Server and XDR, the Protection Name field sometimes displays as either "File.Rep." or "Unknown" instead of a more specific identifier.
Remote Access VPN
ESVPN-4273When a non-administrator user creates a VPN site from a link, the browser does not prompt the VPN GUI to open.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,364
Threat Emulation Engine Release Updates
15 July 202411.1960.990000825
  • Harmony Email is now inspecting HTML attachments by a new AI model, this adds an additional layer of security to email attachments.
  • SHTML files (HTML files that allow server-side includes - SSI) will now undergo static inspection - currently applies to files transmitted via API only.
  • Dynamic inspection signatures now seamlessly integrate insights from static analysis. This powerful combination ensures even greater accuracy and reliability.
  • Fixed a bug in on-prem appliance configuration: on some cases File Classification misalignment between the requesting Gateway and the remote appliance caused the requests to fail.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,364
when was 88.50 released...?
5th of Aug (just a few days ago). Updated is the core .Net Framework to make the way for a series of performance improvements, which will be made. Anti-Ransomware, Behavioural Guard and Forensics are once again improved. UI and static analysis are GPU optimised. All signatures are now placed in a smarter way to improve HEP loading time.
 

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,976
5th of Aug (just a few days ago). Updated is the core .Net Framework to make the way for a series of performance improvements, which will be made. Anti-Ransomware, Behavioural Guard and Forensics are once again improved. UI and static analysis are GPU optimised. All signatures are now placed in a smarter way to improve HEP loading time.
Checkpoint have some of the best security suites available and seems like their prices are competitive as well
But specifically at Harmony they definitely need to keep improving the performance usage and seems like they are keeping improving on that front
 

Vitali Ortzi

Level 30
Verified
Top Poster
Well-known
Dec 12, 2016
1,976
Checkpoint got good results in some tests it's been gone through
homepage-v4-competitor-sample-chart.png
 

Faxx

Level 1
Sep 7, 2017
16

List of New Features and Enhancements in E88.60 for Windows​





IDDescription
General
EPS-57370Enhancement: Super Node feature now supports environments with restricted network access for local accounts. In setups where local users cannot log into Super Node machines from the network, a special registry key allows the Super Node to run with elevated privileges. This ability enables the NGINX process, which serves files via HTTP protocol, to operate as system instead of a dedicated local user account.
Note, this is not a recommended setup. It should only be used in specific scenarios.
Anti-Malware E2 (US-DHS and EU compliant)
AHTP-31304Enhancement: Anti-Malware signature update source is now added to the Management Server event logs.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31234Enhancement: Improved detection of ransomware in rare scenarios.
AHTP-30632Enhancement: Improved the defense against some behavioral patterns.
AHTP-31232,
AHTP-31167
Enhancement: Improved the usage of advanced signatures.
AHTP-31047,
AHTP-31046
Enhancement: Reduced the size of some internal files.
Browser Extension
AHTP-30541Enhancement: Blocking the browser Incognito mode in Chrome, Edge, Firefox, Brave using Management policy is now supported.


List of Resolved Issues in E88.60 for Windows​



IDDescription
General
EPS-57593The progress of manual CPInfo upload to Check Point FTP gets stuck displaying incorrect percentage after completion, for example, "100%483647%" , leaving the CPInfo terminal window open in that state.
EPS-57517When internal Endpoint Security communication is lost, the Host Isolation feature does not function as expected.
Installation
EPS-57354In rare scenarios, upgrade package installation fails with "Product: Check Point Endpoint Security – Error 27562.Changing configuration of Check Point Endpoint Security is not allowed. Please check that the password you have entered is correct or contact your system administrator".
EPS-57338The CPDA process exits with a dump file after an upgrade of Endpoint Security Clients.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31207The EFR service dump file is created on a multi-role Server.
AHTP-31218Real Time Attack Context can initially lead to increased memory and CPU consumption compared to regular signatures. However, by replacing multiple signatures, it's expected to ultimately reduce overall resource usage.
AHTP-31189False positive matches of advanced signatures are returned for trusted .dll files.
THPTSE-1090,
THPTSE-1071,
THPTSE-1041
Some information may be missing in Threat Hunting logs.
 

Trident

Level 34
Thread author
Verified
Top Poster
Well-known
Feb 7, 2023
2,364
Harmony Endpoint Announcements

15 Nov 202411.2260.990000993
  • Enhanced Office files detection model now provides improved security against the latest campaigns observed in the wild
  • Full emulation is now enabled for wider variety of script files, delivering broader protection against emerging attack vectors
  • Resolved a rare crash that could occur following policy installation
15 Oct 202411.2160.990000925
  • Resolved a rare crash that could occur during Yara rules compilation following a Threat Emulation engine update
  • The title of Threat Emulation report now displays the SHA-256 hash of the file instead of its file name
  • Improved classification of web files previously misidentified as archives, preventing false extraction errors
15 Aug 202411.2060.990000874
  • Threat Emulation local cache was moved to the /var/log partition
  • Triggered custom Yara rules are now visible in Threat Emulation’s Smart Console logs
  • Implemented additional Methods for extracting evasive Hyperlinks in documents

Endpoint Updates are too minimal to be mentioned, with only one hotfix released.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
977
Ok, let me add some latest release notes as Trident seems pretty busy these days. 88.62 Just became the Recommended Version.

List of Resolved Issues in E88.61 for Windows​


IDDescription
General
AHTP-31805In rare scenarios, when process exclusions are configured, BSOD may occur.
AHTP-31806The C:\Windows\cpepmon.mlf log file grows on some Servers.
Anti-Bot and URL Filtering
AHTP-31803In rare scenarios, the epab_svc service repeatedly exits.
AHTP-31817Anti-Bot DNS Inspection does not handle correctly large amounts of messages printed on DC/DNS Servers, leading to Domain resolve timeouts.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31828Some process notifications pop up either in the Endpoint Security Client or in the management logs, although they should appear in both.
AHTP-31839Some developers commands make take longer to complete.
AHTP-31896Stability issues.
Full Disk Encryption
EPS-58470In some scenarios, FDE Smart Pre-boot (EA feature) fails to start.
Threat Emulation
AHTP-31815Non-ASCII characters in exclusions may be incorrectly interpreted.

List of Resolved Issues in E88.62 for Windows​


IDDescription
General
EPS-59270Windows updates fail with the "Error 80070005" because of a permission issue.
EPS-59324Endpoint Security Client upgrade fails because of corrupted registry entries.
Remote Access VPN
ESVPN-4471Remote Access VPN users with Windows 11 24H2 fail to connect to VPN.
 

Nikos751

Level 20
Verified
Malware Tester
Feb 1, 2013
977

List of New Features and Enhancements in E88.70 for Windows​


IDDescription
General
EPS-55641Enhancement: The Super Node Server status is now displayed on the Management Server.
EPS-58573Enhancement: Endpoint Security Clients now supports Super Node functionality in semi-isolated environments.
EPS-57794Enhancement: Improved the flow and user experience for uploading files to FTP when running CPInfo.
EPS-57551Enhancement: Language settings configured in Harmony Management UI now change the Endpoint Security Client language but do not override user-defined language settings.
AHTP-31935 Enhancement: Configuring Data Loss Prevention policy for GenAI applications now provides enforcement granularity per application.
Anti-Bot and URL Filtering
AHTP-31275Enhancement:
  • Performance improvements in the Anti-Bot DNS Inspection feature.
  • Admins can now enable/disable the DNS Inspection feature in the Anti-Bot policy (under Advanced settings).
AHTP-31358Enhancement:
  • Significantly reduced the volume of Forensics reports generated by Anti-Bot DNS Inspection.
  • Updated DNS Inspection-related detections to use "Domain" as the indicator type, replacing the previous "dns://" URL schema prefix.
AHTP-31357Enhancement: Added ability to allow users to dismiss the URL filtering alert and access blocked websites. This option uses the same settings as the Browser Extension in Advanced settings > Web & Files Protection, as follows:
  • Connection attempt from browser without Browser Extension or non-browser process: Allows next connection attempts.
  • Connection attempt from browser with Browser Extension: May require multiple approvals based on security settings before allowing next connection attempts.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31612Enhancement: Improved the sensors for specific attacks.
AHTP-31364Enhancement: Improved Anti-Ransomware remediation for directories.
AHTP-31359,
AHTP-31154
Enhancement: Improved proxy and Super Node compatibility for the Anti-Ransomware, Behavioral Guard and Forensics Blade.
AHTP-30400Enhancement: Behavioral Guard signatures are now loaded faster.
AHTP-30192Enhancement: The Forensics report now provides better visibility into the exact Registry location that triggered the detection.
AHTP-31515,
AHTP-31294,
AHTP-31783
Enhancement: A series of performance optimizations are introduced to improve overall system performance and reduce CPU consumption.
Compliance and Posture
EPS-58832Enhancement: Updated the SDK used for scanning and patching vulnerabilities to version 2024-04 (9.7), enhancing compatibility and performance.
EPS-57949Enhancement: Improved the installation rate in Posture management.
Full Disk Encryption
EPS-55649Enhancement: Installation now halts if multiple ESP (EFI System Partition) or old SA (FDE System Area) partitions are detected, displaying an error message that directs users to remove extra partitions before reinstalling. This ensures a clean installation environment.
EPS-56932Enhancement: TPM (Trusted Platform Module) is now automatically disabled (for FDE use only) during OS upgrades to ensure smooth upgrades without compromising security. TPM is re-enabled upon completion.
Threat Emulation
AHTP-31173Enhancement: Enforcement of Infinity IoC by Endpoint Security Client is now performed faster.
Browser Extension
AHTP-31702Enhancement: The Browser extension icon now displays Data Loss Prevention policy name and number.

List of Resolved Issues in E88.70 for Windows​


IDDescription
General
EPS-59250In some scenarios, memory usage of the CPDA and DAF services is excessively high.
EPS-57684When using the "Kill Process" push operation to end a specific process, the operation seems successful but process is not killed.
EPS-57577The Reconnect tool fails to remove redundant files after successful Server migration.
AHTP-31537A kernel memory leak related to early boot processes.
EPS-57714Revo Uninstaller attempts to remove the Endpoint Security Client may remove the Client registration with Windows Installer, which may interfere with later installations or affect how Windows recognizes or interacts with Endpoint Security software in the future.
EPS-57465Some notifications fail to display due to missing localization support, with the notification text defaulting to English.
AHTP-32364Environments with limited access to the internet (such as semi-isolated environments, or networks where most of the traffic is blocked by firewall) are unsupported and may lead to the malfunction of multiple capabilities.
AHTP-31308The Management Server displays exclusion instructions in the Description field of incident logs sent by Threat Emulation, Anti-Bot and URL Filtering from endpoints.
EPS-57808In the GUI > Menu > Advanced > View Policies, File Protection (Threat Emulation) policy is missing, when Anti-Malware and File Protection are installed.
AHTP-32010The Resource field for DLP events is not displayed.
EPS-59331After Windows updates on HP devices with Full Disk Encryption, the EFI System Partition (ESP) becomes fully occupied with data from multiple sources (FDE, Microsoft, and firmware vendors), resulting in Windows OS failing to load during boot.
Anti-Malware E2 (US-DHS and EU compliant)
EPS-57248Microsoft Defender removal causes incorrect Anti-Malware blade status, it is displayed as "not running".
EPS-58161When the Anti-Malware Blade is disabled through the Edit Capabilities settings and configured time out interval passes, the blade remains inactive instead of restarting.
EPS-58091In Anti-Malware, the "Rescan" option may not trigger the scanning as expected.
AHTP-31282The scheduled scan with randomized scan time does not function on the configured hours.
Anti-Ransomware, Behavioral Guard and Forensics
AHTP-31842There may be multiple Windows Events enabled for logging by Endpoint Security Client.
EPS-58173In rare scenarios, the EFR.db file size may be large.
EPS-57535After an upgrade, the EFR service status is inconsistent.
Compliance and Posture
EPS-58046Automatic deployment of posture management patches fails because the download resources are unavailable.
Firewall and Application Control
AHTP-31007,
EPS-58223
In a rare scenario, BSOD is caused by the Firewall driver during an upgrade.
EPS-57608The Firewall driver routes packets to an incorrect network adapter.
EPS-57417In a rare scenario, during an upgrade, the Firewall driver configuration gets corrupted.
EPS-51944After an upgrade, in a rare scenario, the Firewall Blade does not run.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top