Headline
CVE-2021-30360: Enterprise Endpoint Security E86.20 Windows Clients
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with the Check Point Remote Access Client privileges.
Enterprise Endpoint Security E86.20 Windows Clients
Technical Level
Solution ID
sk176853
Technical Level
Product
Endpoint Security Client, Endpoint Security VPN, Harmony Endpoint, Harmony Disk and Media Encryption
Version
E86.20
OS
Windows
Date Created
2021-12-28 00:00:00.0
Last Modified
2022-01-09 06:00:44.0
Solution
New Features
In a Nutshell
Resolved Issues and Enhancements
Endpoint Security Clients Downloads
Standalone Clients Downloads
Endpoint Security Server Downloads
Management Console Downloads
Utilities/Services Downloads
Documentation and Related SecureKnowledge Articles
Notes:
- See Endpoint Security Homepage.
- To support SmartLog or SmartView Tracker reporting with Endpoint Security Clients for all supported servers (except R80.20 and higher), you must update the log schema. Follow instructions in sk106662.
- Starting from E80.85, anonymized incident related data is sent to Check Point ThreatCloud, by default. See sk129753.
- This release includes all limitations of earlier releases unless explicitly shown as resolved.
Click Here to Show the Entire Article
List of New Features in E86.20
Show / Hide this section
ID
Description
General
ESVPN-2749
The administrator can now exclude traffic to dynamically located SaaS services from a VPN tunnel in Hub Mode. The Security Gateway fetches the locations of excluded services from Internet feeds. When VPN clients connect to a Security Gateway, the gateway sends the locations of excluded services to propagated VPN clients.
This feature requires a Gateway hotfix. Contact Check Point Support for more details.
EPS-38184
Endpoint Protection Solution for Terminal Servers is now open for all customers in Public Early Availability. See sk176939 for setup.
IOC Management
AHTP-23676
The user can now add IOCs to his Management Endpoint by specifying hashes, domains, IPs or URLs that should be blocked by the Endpoint. Adding an IOC causes the Endpoint to block this IOC and protects the Endpoint from it.
**
In a Nutshell**
Item
Description
Download Link
Managed Client
E86.20 Endpoint Security Clients for Windows OS
(ZIP)
E86.20 Endpoint Security Clients for Windows OS - Dynamic package
(EXE)
VPN Standalone Client
E86.20 Remote Access Clients for Windows
(MSI)
Capsule Docs
E86.20 Capsule Docs Standalone Client
(EXE)
Documentation
E86.20 Endpoint Security Client for Windows Release Notes (English)
E86.20 Endpoint Security Client for Windows Release Notes (Japanese)
sk164896 - Video: How to deploy and upgrade Endpoint Security Client?
List of Resolved Issues and Enhancements in E86.20
Show / Hide this section
Enter the string to filter the below table:
ID
Description
General
EPS-37545
CPDA.EXE crashes at telemetry-sending if ProgramData folder is moved out of C: drive.
EPS-37336
When using the “Reconnect Tool” to connect to an already-connected Management Server, the client gets disconnected.
EPS-37550
Endpoint Client disconnects from the Management Server when using the Reconnect Tool and the Self Protection prompt is canceled.
EPS-37445
Clients are disconnected when certificates are switched to external from the Management Server.
EPS-36653
In rare scenarios disconnected Endpoint Clients are mistakenly switched to Connected state (by way of the “Connected” policy) for several minutes.
Anti-Malware
EPS-37711
In the Super Node environment, anti-malware signatures are not distributed correctly.
FDE
EPS-35952
Enhancement: Options for fdectonrol.exe to override the Autologon hardware check are added. If hardware change(s) are expected and there is a temporary need to keep the AutoLogon enabled, the hardware-check can be overriden via the fdecontrol.exe tool.
Threat Emulation
AHTP-23593
Enhancement: The Threat Emulation blade is enhanced to support additional file types. Therefore, it can now protect against many new types of files, thus enhancing the overall Endpoint security.
AHTP-23679
Enhancement: Upon any detection log, the user can now right-click the log and exclude the detection, which adds an exclusion to the Management Endpoint. The exclusion prevents this detection from taking place. It is a simplified way to automatically create exclusions once false detections are identified in the logs.
Firewall & Application Control
EPS-37192
In rare scenarios, the Endpoint Client hangs for a while during VPN policy installation.
EPS-32786
Adding a Firewall blade after initial client deployment, while using IPV6 only, disconnects the Endpoint Client from the Management Server.
Media Encryption & Port Protection
EPS-37418
When a device is in the middle of the encryption process, it shows a UserCheck message that writing business data is not allowed.
EPS-36579
Enhancement: Added support for Installing Media Encryption & Port protection via the msiexec /norestart switch. However, when done from Software deployment, a restart request is still shown.
User Interface
EPS-34614
The initial client has a new user interface that reflects the current status of the client
EPS-37522
Forensics blade’s name in the overview screen translation is inorrect.
VPN
ESVPN-3084
Enhancement: A certificate from the Windows store can now be automatically selected during the first connection using the trac.exe command line utility. If this option is enabled and only one matching certificate in the Windows store exists, trac.exe selects that certificate and connects to VPN automatically.
Usage: trac.exe connect -a true
ESVPN-3119
Users have access to the directory where the installation repair occurs. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted EXE in the repair folder which runs with Remote Access Client privileges (CVE-2021-30360 resolution)
ESVPN-3044
The Secure Configuration Verification can now recognize Windows 11. See sk176367 for details on how to configure SCV.
**
Endpoint Security Clients Downloads****Standalone Clients Downloads****Endpoint Security Server Downloads ****Management Console Downloads**
Show / Hide this section
Management Console for Endpoint Security Server
The SmartConsole for Endpoint Security Server allows the Administrator to connect to the Endpoint Security Server and to manage the new Endpoint Security Software Blades.
Latest Versions
Endpoint Security Server
Package
Link
R81.10
SmartConsole for Endpoint Security Server R81.10
sk175188
R81
SmartConsole for Endpoint Security Server R81
sk170116
R80.40
SmartConsole for Endpoint Security Server R80.40
sk165473
Previous Versions
Endpoint Security Server
Package
Link
R80.30
SmartConsole for Endpoint Security Server R80.30
sk153153
R80.20
SmartConsole for Endpoint Security Server R80.20
sk137593
R77.30.03
SmartConsole for Endpoint Security Server R77.30.03 / E86.20 and higher
(EXE)
R77.30
SmartConsole for Endpoint Security Server R77.30 / E86.20 and higher
(EXE)
R80.10
SmartConsole for Endpoint Security Server R80.10
sk119612
R77.30 EP6.5
SmartConsole for Endpoint Security Server R77.30 EP6.5 / E86.20 and higher
(EXE)
R77.20 EP6.2
SmartConsole for Endpoint Security Server R77.20 EP6.2 / E86.20 and higher
(EXE)
Note: The above packages include the Recovery Image of version 86.8.62.6
Utilities/Services Downloads
Show / Hide this section
Utilities
Platform
Package
Description
Link
Windows
Harmony Endpoint Remediation Manager for Administrators
The administrator utility contains the capabilities of the end-user utility plus these additional features:
- Quarantine - Send files to quarantine.
- Delete - Use the Harmony Endpoint remediation service to delete a file.
- Import - Import a quarantined file from a different computer or location. Get the administrator utility from the release homepage
(EXE)
Capsule Docs Bulk Protection Services for Windows-based Servers and Workstations
Capsule Docs Bulk Protection lets you manage file protection settings based on file locations and properties.
(EXE)
R77.30 DLP Gateway HF for Content-aware Capsule Docs protection (Mail attachments / Network locations)
(TGZ)
For more information about Capsule Docs Bulk Protection, refer to Capsule Docs Bulk Protection Services Reference Guide.
Full Disk Encryption Offline Management Tool
Platform
Package
Description
Link
Windows
Full Disk Encryption Offline Management Tool
The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery.
(TGZ)
Windows
Full Disk Encryption Offline Management Tool (Japanese)
The Endpoint Offline Management Tool lets administrators manage offline mode users and give them password recovery and disk recovery.
(TGZ)
**
Documentation and Related SecureKnowledge Articles**