Modfox

SecurePlatform is also supported and recommended for use on a wide range of “Secured by Check Point” appliances. For more information regarding devices specifications published in the site or missing hardware, please ask check point representative to contact Solution Center. Checkpoint driver narrowly misses almost a dozen workers. Duration: 01:42 1 day ago. The dramatic vision of the alleged drink driver's joyride in an allegedly.

Download Details E83.10 Check Point Remote Access VPN Clients for Windows File Name E83.10_CheckPointVPN.msi Product SecuRemote, Check Point Mobile, Endpoint Security VPN Version E83 Minor Version E83.10 OS Windows Build Number MD5 aa0be076bbd951a059045193050b0ebc SHA1 822a1c759470df91cddd9415416af302b48e81c5 SHA256 54ff45d273abb379c19a1ea6ea962a2390b347a4237596094122fd3cc5c5d569 Size 25.82 MB Date Published 2020-06-22 Having problems downloading the file? Click here for help. PLEASE READ THIS AGREEMENT CAREFULLY. BY CLICKING ON THE 'DOWNLOAD' BUTTON, YOU EXPRESSLY AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS DOWNLOAD AGREEMENT. This Software Download Agreement (“Agreement”) is between you (either as an individual or company) and Check Point Software Technologies Ltd. ('Check Point'), for the software and documentation provided by this Agreement (“Software”).Check Point grants to you the ability to download and access the Software and/or any modifications, corrections, and/or updates to the Software (“Software Subscription”) for which you have registered and paid the applicable fees, only if you fully comply with the terms and conditions set forth below. Software Subscription is made available for downloading (i) solely for customers who purchase and register a Check Point Software Subscription Program in matching quantity and SKUs relative to the Check Point Product SKUs, and (ii) only for the duration of such active registered Software Subscription Program.The Software is licensed to you under the applicable Check Point End User License Agreement (“EULA”) which accompanied your product purchase. Any and all use of the Software and Software Subscription is governed exclusively by that EULA, the terms and conditions of which are incorporated by reference herein. See the EULA for the specific language governing permissions and limitations under the EULA. In the event that you do not agree with the terms of the EULA or this Agreement, then you must immediately delete all copies of the Software from your computer system and back-up system(s). Failure to comply with the EULA limitations and this Agreement will result in termination of your right to use of the Software.All title and copyrights in and to the Software and Software Subscription are owned by Check Point and its licensors. Any use, reproduction, or distribution of the components of the Software and Software Subscription to anyone that has not validly registered and purchased such items, or any dissemination not in accordance with the EULA, is expressly prohibited by law and may result in severe civil and criminal penalties. Violators will be prosecuted to the maximum extent possible.If you are downloading a limited availability product, it may not be disseminated in any fashion. Unless you have procured support services from Check Point under the terms of Check Point’s applicable Service Level Agreement, Check Point has no obligation to provide to you any support for this limited availability product.This Software is subject to Israel and United States export control laws. Prior to exporting please inquire as to the Software’s export classification. Under no circumstances may Software be exported to: Cuba, Iran , North Korea, Sudan and Syria.SOFTWARE AND SOFTWARE SUBSCRIPTION IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. IN NO EVENT SHALL CHECK POINT OR ITS SUPPLIERS OR DISTRIBUTORS BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS OR ANY OTHER COMMERCIAL LOSS.

Important: Do not uninstall or upgrade your client before applying the patch below!

Introduction

In August 2019, Check Point released version E81.20 to address the use limitation of older versions of Check Point’s Endpoint, VPN, and SandBlast Agents (sk158912). These out of support versions will cease to operate starting January 1st, 2021. Starting that date, following a reboot of the computer, Remote Access VPN and Endpoint Security Client versions E81.10 (inclusive) and lower may stop functioning, and the upgrade will fail.
Visit our dedicated portal created to provide a quick and clear explanation and mitigation for this issue: Patch Client VPN/Endpoint versions E81.10 or earlier to ensure productivity.

Information about the affected products and versions:
What products and configurations are affected?

• Endpoint Security VPN
• Endpoint Security VPN for ATM
• Endpoint Security Client
• SandBlast Agent

Which Product Versions are affected?

SandBlast Agent:
E80.61 - E81.10
Endpoint Security Client, Endpoint Security VPN and Endpoint Security VPN for ATM:
E80.81 - E81.10
Note - All custom builds for a specific version are included. (Client Hotfix)
Not affected: SecuRemote, Check Point Mobile, and Mobile Access / SNX.
What OS Versions are affected?
Windows 7 and above, Windows Server 2008 R2 and above

Not affected: macOS, Windows XP

VPN connectivity scenarios when PC booted after Jan 1st:

Show / Hide flowchart

Resolving the issue

Check Point issued a small (2MB) and quick-to-install Patch for this issue.
It replaces an existing .SYS file, delivering a fix that is already proved to be safe, and is used by customers widely.
The Patch has no impact on clients the are not listed in the affected version list.

Most users do not reboot their PC frequently thus their VPN connectivity still works until they reboot.
Central deployment is the preferred procedure to keep distributing the patch to the end-users that are still connected.
This solution will fix the issue for the end-users in most organizations.

For users with VPN connectivity - distribute the patch through a Central Deployment tool

• Use an aggressive update timing to supply the patch as quickly as possible.
• Use Central Deployment tools such as - Compliance blade (sk171279), GPO (sk171338), SCCM.
  • Verify that the GlobalSign root certificate is installed on your affected devices. For more information see sk171399.

For users with no VPN connectivity

• Send your employees instructions that describe how to download and install this patch - EPPatcher_for_users.
  • Limited to Windows 7, 8.1 and 10, and to these versions: E80.81 - E81.10.
    • Installing the patch on versions E80.81 or E80.82 requires end-users to have administration privileges.
  • Important: If you use Endpoint Security Client or SandBlast Agent, provide the end-user with the uninstall password as well, as it is necessary for the patch installation process. The uninstall password is not required for Endpoint Security VPN users.
    
• If only a low number of users lost VPN connectivity – Use a tool such as Zoom to conduct a remote session to their PC and install the patch.

• If the above tools are not applicable for your scenario, use one of the additional mitigation tools described in the table below.

Important:

• We recommend upgrading to the latest recommended version (E84.00) after the patch completes the installation. For VPN users who plan to upgrade to E84.20 or E84.30 an additional fix is needed. Contact Check Point support to get the fix.

Other mitigation tools:

Checkpoint Driver Test

Tool name	When to use	What it does	Coverage and Limitations
VPN Recovery tool (sk171342)	If the EPPatcher_for_users fix does not fit your scenario, use this option.	If VPN connectivity is lost, you can regain it by using the Capsule VPN plugin for Windows 10. Capsule VPN plugin for Windows 10 reuses your existing client configuration. Use it to get temporarily VPN access required to centrally deploy the patch.	Windows 10 E81.10, E81, E80.97, E80.96, E80.95, E80.94, E80.92, E80.90, E80.89, E80.88, E80.87, E80.86, E80.85, E80.84, E80.83, E80.82, E80.81

How do you check product versions?

For Endpoint Security VPN and Endpoint Security VPN for ATM

Show / Hide this Section

• From Central Management: SmartLog –> query for
  action:'Log In' AND ('Endpoint Security') AND (E80.81 or E80.82 or E80.83 or E80.84 or E80.85 or E80.86 or E80.87 or E80.88 or E80.89 or E80.90 or E80.92 or E80.94 or E80.95 or E80.96 or E80.97 or E81.00 or E81.10)
  
  
• From Client-side: right click on the client icon -> help -> about
  

For Endpoint Security Client and SandBlast Agent
Show / Hide this Section

• From Central Management: Smart Endpoint -> Reporting -> Software Deployments -> Versions in Use -> Endpoint Security Client Versions – “EP Client Version” column
  
• From Client side: right click on client icon UI -> Display Overview
  

More Options

Check Driver Point

Show / Hide this Section

1. To find all E8x.xx clients with the 01.01.2021 bug, execute the following command on the Management Server:

   fw log -n -p |grep 'Endpoint Security VPN' | awk -F';' '{print $7 ,$9}' | grep client_version |sort | uniq

2. Use the following template : Download template

FAQ

• What is the problem with the VPN Client?
  

  The issue occurs because of the internal certificate used by VPN/Endpoint services. One of the certificates expires on January 1st, 2021. Therefore after this date, all services that use this certificate stops working. The fix is in the driver library: epklib. The library fixes an issue with regards to the certificate's expiration validation.

• How is an organization affected if the upgrade/patch to their client is not applied?
  

  Clients that run with the unpatched version stops working starting January 1st, 2021:
  SandBlast Agent - versions E81.10, E81, E80.97, E80.96, E80.95, E80.94, E80.92, E80.90, E80.89, E80.88, E80.87, E80.86, E80.85, E80.84, E80.83, E80.82, E80.81, E80.80, E80.72, E80.71, E80.70, E80.65, E80.64, E80.62, E80.61:

  1. Anti-Bot, Forensics - Stop functioning (only if a reboot occurred)

  
  Endpoint Security Client /SandBlast Agent - versions E80.81-E81.10:

  1. Software deployment rules, upgrade, uninstall stops functioning (only if a reboot occurred)
  2. Anti-Bot, Forensics - Functionality stops (only if a reboot occurred)
  3. Firewall and VPN - Functionality stops (only if a reboot occurred)
     

  Endpoint Security VPN, Endpoint Security VPN for ATM - versions E80.81 - E81.10:

  1. Firewall + VPN – Functionality stops (only if a reboot occurred)
     

• Is this only a VPN issue? Or does it affect other endpoint blades (for example - FDE)?
  

  This issue impacts different Endpoint blades such as VPN, Firewall, Anti-Bot, Forensics, and Threat-Emulation.
  The issue indirectly affects the administrator's ability to upgrade the clients that use software deployment rules. For example - FDE continues to work correctly but, if an organization uses VPN for connectivity, updates to the client fail.

• Why Now?
  

  The issue has been fixed on August 2019 and is a part of E81.20. We have recently identified customers that need to upgrade to the recommended versions and continue to use one of the deprecated and/or not supported versions. At this time we are proactively approaching the applicable customers, ensuring they implement the patch on the current version and/or upgrade to a higher version.

• What is the patch doing? Is it safe?
  

  The patch replaces a file on the local computer, fixing the date expiration verification of the certificate.
  It is safe to run and is already a part of E81.20. Customers use it for the last 1.5 years on millions of computers.

• What happens when applying the patch to an un-affected client?
  

  It’s OK to run the patch on a non-affected version – nothing will happen

• What are the required privileges to install the fix?
  

  If deployed through software distribution tools or Check Point's Compliance blade before January 1st, 2021, administrator privileges are not required. If not, administrator privileges are necessary to install the fix.

• How to run the patch as administrator?
  

  1. Open CMD as admin
     1. Start -> write 'cmd' -> right-click on 'command prompt' -> select 'Run as administrator'
        
  2. Navigate to the patch location
     Example: If the patch is located under ‘downloads’:
     cd %USERPROFILE%Downloads
     
  3. Execute the following command:
     1. Endpoint Security / Sandblast Agent:
        msiexec /i EPPatch.msi UNINST_PASSWORD=<client_uninstall_password>
     2. Endpoint Security VPN:
        msiexec /i EPPatch.msi

• A customer fix I recently got from TAC is already installed on my client's computer. Can I use the same patch?
  

  Yes.
  The fix is particular and small. It operates with any CFG or custom fix already installed.

• How to determine if the patch is installed?
  

  There are several recommended options:
  

  • Look at the patch logs for success/failure messages when using the EPPatch.msi – For more information, follow sk171275.
  • Look for the file version of the epklib.sys itself (C:windowssystem32drivers) and validate that the version is the same as or higher than 8.60.5.7253
  • To use Check Point's Compliance blade to examine the outdated driver that needs replacement (by checking the version) – follow sk171279.

• A Customer is trying to activate the Patch after Feb 2nd 2021 and getting an Error. What should they do?
  

  For customers that still didn’t run the Patch (after February 1st 2021) and are getting an Error, should download and used the latest Patch.

Appendix

General information:

• VPN connectivity and Security are affected starting the first time the computer reboots after January 1st, 2021.

Deployment options:

Checkpoint No Driver Found

• To fix the issue and to validate you have a safe or patched version using Compliance - Refer to sk171279.
• To auto-upgrade your Endpoint Security VPN Client to a newer version, refer to Remote Access Clients for Windows Administration Guide E80.72 and Higher, page 29 “Automatic Upgrade from the Gateway”.
  • The patch must be applied before upgrading the VPN Clients using the above method.
  • If Mobile Access is enabled, refer to sk133572.

Troubleshooting:

Checkpoint Drivers

Check Point Virtual Network Adapter Driver

Error / Symptom	Solution
'Error 1401. Could not create key SOFTWARECheckPointEndpoint SecuritySecure Uninstall'	sk171297
'Error 27562/27557. Changing configuration of Check Point Endpoint Security is not allowed'	sk127812
Failed to install the patch. The following error is displayed in C:WindowsInternet LogsEP_CDTDll.log: 'Disabling self protection Failed turning off self protection'.	sk171399 - Cause: Missing Root CA certificate. For a patch that can automatically address the issue, contact Check Point support. sk171418 - Cause: Unsupported characters are used for the uninstall password. Allowed characters: a-z A-Z0-9 , ~ = + - _ () ' $ . @
Error 'Failed to load Virtual Network Adapter' or 'connectivity with the VPN service is lost.' shows after the patch deployment	sk171416
When installing the patch, users receive the error “The Installer has insufficient privileges to modify this file C:WINDOWSSysWOW64vsdata.dll ”	To resolve the issue simply install the patch first and only then upgrade your client.