Check Point Endpoint Security Versi E83.20

[Evelio Olivo]

Wehave been experiencing a frustrating issue at our company which happens seemingly at random: client computers randomly lose their VPN site configuration information and require a helpdesk technician to re-create the site. Are there any obvious areas we should be checking that could cause this? Note there has been work on our Check Point firewall cluster recently, as well as our core switch (not by Check Point) which may or may not be part of the root cause, however I'm told this has been ongoing for at least four years.

As far as I know, the only way this could happen would be something modifying the trac.config file on the client or a bug is causing that file to get corrupted/deleted.

I'd try upgrading to the latest recommended version (E84.00) first.

If you're still having issues, recommend a TAC case.

Interesting. That at least points me in the direction of a file I should keep an eye on. I've had poor success with Check Point support in the past, so I'm reticent to work with them again. I like the idea of allowing users to re-create the site themselves since it doesn't take much time or expertise, but my director wants a case opened, which from the other replies doesn't seem like it's going to work out very well.

We also have experienced this issue for several years. It has happened with different versions of the gateway software as well as endpoint clients. It is random and intermittent with no obvious cause. We put it down to users not shutting down laptops correctly and/or not logging off from VPN properly. We have an SCCM job that the user can run that copies a default trac.config file from a secure folder on the laptop.

We have integrated a repair function in SCCM which gives the user the possibility to reinstall the whole VPN-Client.

We sometime have the feeling that it has something to do with Windows Updates but cannot prove it.

We also experienced those, and my conclusion was that the configuration is lost when a notebook (laptop) suddenly losses its power supply or better say when the battery completely "dies" and the notebook gets shut off immediately...

Example: CP Client version E84.20 has a Client build number of 84.20.6108. From within Windows 10 Programs and Features, it lists E84.20 as version 98.61.2210. I don't have a Mac to test with, so I can't confirm how it looks from the OS X point of view.

It would be very helpful for those of us with asset tracking systems such as SCCM/PDQ/Etc to find unsupported client versions listed in sk171213. Unsure what CP employee/dept needs to see this ( @tomerli ?) , but if CheckPoint could update sk102150 with the Windows/MacOS version numbers in another column I think that would solve some of the confusion. There was older post I came across which had a similar concern: -Security-Products/Endpoint-E82-00-quot-about-quot-versi...

here's a table that I made, correlating the "E8x.xx" version number with the build number reported by inventory tools.

My guess is that the build number is different, depending whether you install the client in "Checkpoint Mobile" mode, or in "Endpoint Security" mode, for instance.

Numbers below are for the "Mobile" install mode.

Hi, thank you for the reply. In most cases that would be fine, but we have 450 laptops and we are trying to be proactive. The hope is to eliminate 50+ people calling into our Help Desk when they resume work on Jan 4th at 8am. Most staff are still working from home. Our Inventory software, like many others, report back the version listed in Windows' Programs and Features, which appears to be a 98.xx.xxxx format. Is there any documentation as to what Windows version 81.20 is within Programs and Features?

Hi @_Val_, any word on when sk102150 will be updated? I've been referencing back to jgar's post here due to a few of our machines 'disconnecting on lock' as outlined in sk170854. Thank you for your time.

Can this be provided on a public URL and be kept up to date?? We are trying to automate packaging of CheckPoint Windows MSI client and without the version we can detect the application is installed correctly. Adding the Windows build number would be great value to allow that automation.

Hi Val, at least for me, the version number that shows up in Windows' Programs and Features is what I'm looking for and created the post about. e.g. 98.61.2307 for E84.30. The CheckPoint version E84.30 with Client Build Number of 84.30.6614 are not very helpful when it comes to Software Inventory applications such as Microsoft SCCM, PDQ Inventory, Solarwinds, etc. as they only use the version number that's inside of Programs and Features. That is where the big need comes in.

For the exact same reason explained above. We have an automation solution that will check checkpoint releases and when there is a new version available it will download, package and deploy that to many customers (which use checkpoint vpn).

@00071491 & @jgar fair enough, I understand the inventory argument. I will ask the responsible team internally whether this is something they can do.

However, from my own personal point of view, you the automatic deployment idea is not the best practice. Before you decide to deploy a new version of your VPN clients, there should be a cycle of lab tests. Endpoint version management is a delicate thing, and you may want to ensure 100% functionality after update, especially with combination of your MGMT and GWs, which, I believe, you do not update with every new release Check Point makes available, but just form time to time.

Once more, simple RSS subscription for SecureKnowledge feed and lookup on the mentioned SKs would ensure situation when you do have info about newer EPS version availability, although without build number, at this point.

Is anyone else running into a problem where network connectivity is disabled (LAN/Wireless says connected, has correct IP address, but cannot connect to the internet) and the only way to get it back is by rebooting or ipconfig release/flush/renew, and even then sometimes that doesn't work. I have the following blades below (We do not use Capsule Docs or Endpoint VPN), and its happening on E80.70 and also the HFA1/2 versions of that client running on Windows 7 Enterprise 64bit. We also use a Firewall policy that switches to an offline policy which there might be an issue with switching between policies?

In regards to your question Kim, when the machine encounters this issue on our internal network, it seems that port 80 and 443 get blocked. They lose all Internet connectivity, cannot connect to the Checkpoint Endpoint servers or the Checkpoint Identity agent, and lose connection to our Cisco Jabber app. We can however, still remote into the machine using Landesk. Nothing shows up being blocked in the logs, so this must be either a bug in the product or they need improve on what is being logged.

I'm seeing a bunch of svchost.exe (around 10) but no processes that have duplicates over 10 on the machine having my issue. Also, my problem persists through a reboot/shutdown. I am seeing a bunch of chrome processes (around 4) everytime I boot the machine, I am thinking that is preloaded for the Chrome SBA extension?

I am in dialog with CheckPoint about this problem. Taking windows kernel dumps, and extracting different kernel dumps from running windows program. This can be done for example by running task manager and right clicking on a server or program, and click on create dump file.

Because we use sharepoint via webservice or web as part of office addin, they frezzes because of the 4-5 minutes timeout because we connect to hostname. So when it happens, the user cannot work or do anything.

When windows have been in locked mode, the only option right now is to reboot machine and hope that threat emulation starts. We have also seen if one blade is not running, the system are starting to generate different kind of problems.

After many days and nights of testing, I believe it might be a combination of the Sandblast Blades and Anti-Malware Blade thats causing out issue. I have seen your exact issue only on one of our machines, but our major recurring issue is different. We just rebuilt the machine that locks up and can only be hard shut down so after I figure out a solution for our ongoing recurring problem, I'll take a look at that one.

Would you be able to tell me which files they replaced? Is there any chance you'd be willing to message me your SR #, as well? I'd like to at least bring this to the attention of the team looking at our problem in case it is related and they just aren't making the association.

Not sure if you use Full Disk Encryption but do you know if you had to upgrade your SmartConsole to be able to use FDE Recovery? I am getting this message below that is saying the version of SmartEndpoint is not compatible with the uploaded client. We are on R77.30.03 which as far as I know the latest version.

this issue can occur if the address for the configured preferred DNS server on the client is invalid or unreachable.

You can check the issue by manually assign the DNS address in the Internet Protocol (IP) properties:

Right-click My Network Places, and then click Properties.

Right-click Local Area Connection, and then click Properties.

Click Internet Protocol (TCP/IP), and then click Properties.

Type the correct DNS address in the Preferred DNS server box.

Also, Update device driver for the NIC.

Hi, I have the same Problem. I also lose the Connection to Internet on Win 10 with Fall Creators Update 1709. Before this, all was ok. Now, after disconnection from VPN I lose connection, even if Wifi seems to be ok. I'm on a Win 10 Acer Notebook. The only fix is a Network reset: "netsh winsock reset" with reboot.

3a8082e126