Checkpoint Vpn For Mac Os X

Solution ID: sk110975: Technical Level: Product: Endpoint Security Client: Version: E80.60, E80.61, E80.62, E80.64, E80.89, E82, E80.71, E82.50: OS: Mac: Platform.

This article lists general limitations for Check Point Endpoint Security Client for macOS.
These limitations are in addition to those listed in the corresponding Known Limitations articles for each release.

Checkpoint Endpoint Security Vpn Mac Os X

Table of Contents

  • Compliance Blade
  • Firewall Blade
  • FileVault Management
  • Compliance Blade
  • URL Filtering Blade
  • SandBlast Agent
Checkpoint Vpn For Mac Os X

The following features are not supported on Check Point Endpoint Security Client for macOS:

Checkpoint Vpn Client Mac Os X

General Limitations
Push Operations are ignored for macOS client
Centralized Client Deployment from Software Deployment Policy is not supported

Endpoint Client User Interface Localization is not supported

The following configurations in Common Client Settings Policy are not supported:
  • Client user interface settings: configurations such as custom preboot and One Check images and appearance of tray icon.
  • Allowing users to disable network protection on their computers.
  • Installation and upgrade settings
  • Uninstall Password
Telemetry data not generated
Compliance Blade
Remediation actions are not triggered on macOS
Environment variables in path of checked files are not supported
Compliance blade on macOS currently supports checks for the following Anti-Virus vendors:
  • Kaspersky
  • Check Point
  • Sophos
  • McAfee
  • Symantec
  • TrendMicro
  • Norton
The following compliance checks are not supported:
  • Latest service packs installed
  • running secure screen saver
VPN Blade
SCV Compliance check ('Use Compliance Blade' state should be defined in order to enforce client compliance prior to VPN connection)
Firewall Blade
Disable Wireless On Lan feature is not supported
Application Control is not supported
Full Disk Encryption (FDE) Blade
(From E80.71 LA, FDE Blade is replaced by FileVault blade)
Password change in FDE pre-boot is not synched to macOS
Smart Card login in FDE pre-boot is not supported
OneCheck is not supported
FileVault Blade
Only system volume is encrypted.
Institutional Recovery Key can only be imported once.
Audit logs are not generated.
Media Encryption Blade
Offline Mode Remote Help (MEPP / macOS Offline Access Tool does not support Remote Help)
Custom Encryption is not supported (Media Encryption does not support configuration of which file(s) should be encrypted)
Port Protection is not supported on macOS
CD/DVDs and storage devices connected to ports other than USB, are not supported
APFS-formatted media is not supported.
Anti-Malware Blade
Anti-Malware Blade is not supported on macOS client. Resolved in sk165573 - Enterprise Endpoint Security E82.50 macOS Clients
Contextual scan - not supported (Finder does not have option for scan)
URL Filtering Blade
URL Filtering Blade is not supported on macOS client
Capsule Docs Blade

For list of Capsule Docs limitations, refer to sk108376

SandBlast Agent

SandBlast Agent is now supported with the following blades:

  • Threat Emulation - Evasion resistant sandbox technology detects malicious behavior and prevents any imminent attack.
    As in Windows, the protection is available in 2 levels:
    • Protection from files written to the file system.
    • Inspection of files downloaded by Chrome using the Chrome browser extension to prevent malicious files from getting to the file system.
  • Anti-Ransomware - Detects and quarantines the most evasive Ransomware variants.
  • Google Chrome Extension with:
    • Threat Extraction - Reconstructs downloaded file, delivering sanitized risk-free files to users in real time.
    • Zero Phishing - Blocks deceptive phishing sites and alerts on password reuse in real-time.
Installation

In macOS 10.13 and later, the gatekeeper requests consent from the end user before allowing to load a third party kernel extension for the first time.
It is possible to avoid this by preparing the installation of Endpoint Security on each machine by deploying a Device Management Kernel Extension Policy Payload containing the Check Point team identifier.

In macOS 10.13 and later, the gatekeeper warns when installing quarantined software: 'Endpoint Security installer can't be opened because the identity of the developer cannot be confirmed. Your security preferences allow installation of only apps from the App Store and identified developers.”
The macOS gatekeeper may quarantine third party software for multiple reasons, but it is possible to avoid this by either (1) Right-clicking the EPS installer in Finder and selecting 'Open'. (2) Removing the com.apple.quarantine attribute before opening the EPS installer.

In macOS 10.15 and later, the gatekeeper blocks the very first launch of third party executables that require access to user's files and folders.
The end user needs to open the macOS System Preferences Privacy-Full Disk Access dialog and accept each executable. Right after completing installation, Endpoint Security guides the end user to complete this process.

In macOS 10.15.4 and later, the gatekeeper regularly informs the end user about running 'legacy third party kernel extensions'.

Checkpoint Vpn Mac Os X

Related solutions:

Uninstall Checkpoint Vpn Mac Os X

Give us Feedback