Checkpoint Vpn For Mac Os X

Solution ID: sk110975: Technical Level: Product: Endpoint Security Client: Version: E80.60, E80.61, E80.62, E80.64, E80.89, E82, E80.71, E82.50: OS: Mac: Platform.

This article lists general limitations for Check Point Endpoint Security Client for macOS.
These limitations are in addition to those listed in the corresponding Known Limitations articles for each release.

Checkpoint Endpoint Security Vpn Mac Os X

Table of Contents

Compliance Blade
Firewall Blade
FileVault Management
Compliance Blade
URL Filtering Blade
SandBlast Agent

The following features are not supported on Check Point Endpoint Security Client for macOS:

Checkpoint Vpn Client Mac Os X

General Limitations

Push Operations are ignored for macOS client

Centralized Client Deployment from Software Deployment Policy is not supported

Endpoint Client User Interface Localization is not supported

The following configurations in Common Client Settings Policy are not supported:

Client user interface settings: configurations such as custom preboot and One Check images and appearance of tray icon.
Allowing users to disable network protection on their computers.
Installation and upgrade settings
Uninstall Password

Telemetry data not generated

Compliance Blade

Remediation actions are not triggered on macOS

Environment variables in path of checked files are not supported

Compliance blade on macOS currently supports checks for the following Anti-Virus vendors:

Kaspersky
Check Point
Sophos
McAfee
Symantec
TrendMicro
Norton

The following compliance checks are not supported:

Latest service packs installed
running secure screen saver

VPN Blade

SCV Compliance check ('Use Compliance Blade' state should be defined in order to enforce client compliance prior to VPN connection)

Firewall Blade

Disable Wireless On Lan feature is not supported

Application Control is not supported

Full Disk Encryption (FDE) Blade
(From E80.71 LA, FDE Blade is replaced by FileVault blade)

Password change in FDE pre-boot is not synched to macOS

Smart Card login in FDE pre-boot is not supported

OneCheck is not supported

FileVault Blade

Only system volume is encrypted.

Institutional Recovery Key can only be imported once.

Audit logs are not generated.

Media Encryption Blade

Offline Mode Remote Help (MEPP / macOS Offline Access Tool does not support Remote Help)

Custom Encryption is not supported (Media Encryption does not support configuration of which file(s) should be encrypted)

Port Protection is not supported on macOS

CD/DVDs and storage devices connected to ports other than USB, are not supported

APFS-formatted media is not supported.

Anti-Malware Blade

Anti-Malware Blade is not supported on macOS client. Resolved in sk165573 - Enterprise Endpoint Security E82.50 macOS Clients

Contextual scan - not supported (Finder does not have option for scan)

URL Filtering Blade

URL Filtering Blade is not supported on macOS client

Capsule Docs Blade

For list of Capsule Docs limitations, refer to sk108376

SandBlast Agent

SandBlast Agent is now supported with the following blades:

Threat Emulation - Evasion resistant sandbox technology detects malicious behavior and prevents any imminent attack.
As in Windows, the protection is available in 2 levels:
- Protection from files written to the file system.
- Inspection of files downloaded by Chrome using the Chrome browser extension to prevent malicious files from getting to the file system.
Anti-Ransomware - Detects and quarantines the most evasive Ransomware variants.
Google Chrome Extension with:
- Threat Extraction - Reconstructs downloaded file, delivering sanitized risk-free files to users in real time.
- Zero Phishing - Blocks deceptive phishing sites and alerts on password reuse in real-time.

Installation

In macOS 10.13 and later, the gatekeeper requests consent from the end user before allowing to load a third party kernel extension for the first time.
It is possible to avoid this by preparing the installation of Endpoint Security on each machine by deploying a Device Management Kernel Extension Policy Payload containing the Check Point team identifier.

In macOS 10.13 and later, the gatekeeper warns when installing quarantined software: 'Endpoint Security installer can't be opened because the identity of the developer cannot be confirmed. Your security preferences allow installation of only apps from the App Store and identified developers.”
The macOS gatekeeper may quarantine third party software for multiple reasons, but it is possible to avoid this by either (1) Right-clicking the EPS installer in Finder and selecting 'Open'. (2) Removing the com.apple.quarantine attribute before opening the EPS installer.

In macOS 10.15 and later, the gatekeeper blocks the very first launch of third party executables that require access to user's files and folders.
The end user needs to open the macOS System Preferences Privacy-Full Disk Access dialog and accept each executable. Right after completing installation, Endpoint Security guides the end user to complete this process.

In macOS 10.15.4 and later, the gatekeeper regularly informs the end user about running 'legacy third party kernel extensions'.

Checkpoint Vpn Mac Os X

Related solutions:

Uninstall Checkpoint Vpn Mac Os X

Give us Feedback