We would love to have more endpoint hardware and software inventory, as well as tools to perform troubleshooting directly on the endpoint remotely. 

A further point of improvement would be to be able to optimize the consumption of resources on the device. 

We would also like the application control module to be further developed in future versions to include applications commonly used or maintained by Check Point in order to be able to configure blocking policies more quickly.

View full review »

There are some "weak points" that have to be mentioned, including:

1) If the IT department is used to "cloning" endpoints (making images) you are going to have a hard time trying to install the product and you are going to end up reading a lot of Check Point documents.

2) If you are used to the granularity of roles features in Check Point Quantums products you are going to be a little bit disappointed. You can't set customized roles with customized read/write permissions.

3) You need a mature security team to manage this solution in order to get the most value from it.

View full review »

A robust threat intelligence integration could elevate proactive defense, offering real-time insights to anticipate and thwart emerging threats more effectively. 

Enhanced behavioral analytics would provide a deeper understanding of endpoint activities, fortifying our defenses against sophisticated cyber adversaries. 

Streamlined incident response tools within the platform would empower security teams to react swiftly and decisively in the face of potential breaches. Integration with emerging technologies, such as artificial intelligence and machine learning, could usher in a new era of adaptive and self-learning security protocols. 

Furthermore, a user-friendly interface for custom reporting and analytics would empower organizations to derive actionable insights from security data. In this ongoing narrative of cybersecurity evolution, the inclusion of these features in the next release would undoubtedly fortify Check Point Endpoint Security as an even more comprehensive and dynamic guardian in the ever-expanding digital frontier.

View full review »

With Check Point, you will get your all required value-added features as per your requirements. That said, they need to focus on more scalability (as much as possible) so that the solution can run across all supported OS. 

There are legacy OS concerns. It would be really helpful for them if legacy OS support could be extended up to Windows XP. 

Aside from that, Check Point Harmony will be a suitable option for any type of organization.

View full review »

Check Point offers solutions with only a few features for our company's customers' sites. My company hasn't found any bugs or didn't find the solution to be complex. Features like zero phishing, sandboxing, threat emulation and extractions, malware detection, and EDR solution capabilities need to be included in the product. My company expects more granular EDR functionalities in Check Point Harmony Endpoint.

View full review »

The patch management and upgrades are not timely. It doesn’t require downtime, though. We want to enable continuous email services without any downtime. The product must provide integration with emerging technologies like AI and machine learning. It will help predict and minimize security threats, malware, and phishing attacks.

View full review »

I would like to see them add features where we can use this license for mobile browsers, too - as we had a container kind of product under MDM. This can give us more confidence that when on the go, a user still has full access to our important and crucial data. They should be fearless while accessing this through our VPN tunnel. 

Mobile handsets are now used for 40% of work to send mail or forward any kind of document. Securing users on mobile will give more confidence to users and higher authorities that will sometimes need to have access outside of the office for doing their financial or confidential transactions.

View full review »

After using Harmony for six months, I still don't have a clear vision of the possible improvements that the tool may need. There are still functionalities that I have not been able to fully test and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point. What is very important, in my opinion, is the remediation or recovery capabilities after an attack. From what I have seen so far, this tool aligns with the quality of Check Point products and the evolution it has is correct and logical. Check Point is always ahead of the needs of the market.

View full review »

It needs more documentation and better ease of deployment. For documentation, it needs more information about integrating the endpoints on SandBlast Agent mobile as well as on desktop platforms.

View full review »

We need a higher maximum file size in the sandboxing feature.

Maybe the exceptions could be made much more understandable and easy to use.

There should be an option added to temporarily disable the protection of all or some blades for testing reasons.

The email and Office solution could have some options for exceptions, for example: don't scan e-mails sent to the local PDF scanner e-mail address.

Maybe an option to auto-upgrade the client version to the next stable release of the client software would be nice.

View full review »

A little change in the product's user interface is required since it is one of the areas where the product has certain shortcomings. Sometimes the product's page doesn't load at all, and sometimes it does. The position of the tabs and the other stuff on the product page needs to change a little bit.

I think the product's deployment process is much quicker in Mac devices, and it takes a bit more steps for Windows and the area, which needs a bit of improvement so that some balance is created when it comes to the steps in the deployment phase.

Considering last year, the pace at which the technical support team is progressing is a bit slow, making it an area where improvements are required.

View full review »

I have clients who use very old Windows versions, so I have a few issues when attempting to install Harmony on some of the machines. At times, even with the latest Windows versions, the machines' performance gets slower. We still don't have a clear idea of what has been happening. If you take 100 PCs, two, three, or four are still troublesome when you attempt to install Harmony.

Also, the price could come down slightly, and I am not saying by a huge gap, but slightly. Even Sri Lanka's smaller customers have to buy a minimum quantity, and with Harmony Connect, they have to buy 50 licenses at once. If they could come down to 20, 30, or something like that, I should be able to sell much more. Some customers would like to have Harmony, but they have to buy a minimum quantity of 50. That's a bit troublesome for me as a salesperson.

View full review »

Check Point Harmony Endpoint's agent is a bit heavy.

Check Point Harmony Endpoint should probably support more in Linux as well.

View full review »

Overall, my experience with the product is great, and it's a perfect endpoint solution for multiple purposes. 

The solution can be made lightweight in order to keep the systems more effective during the background operations of the scanning and security checks. 

The user interface of reporting dashboard needs to improve for a better understanding of the end users and the administrators. 

The pricing of Check Point Harmony Endpoint can also be reduced. They are quite expensive at the moment. 

View full review »

I would like to see improvements in Check Point Harmony Endpoint in general because some people use it since it is available at a competitive price. Due to the competitive pricing strategy of Check Point Harmony Endpoint, it is not considered to be a good product, like Fortinet, Palo Alto, or F5. Check Point Harmony Endpoint needs to consider that people should feel that Check Point doesn't compromise on quality even though the price at which Harmony Endpoint is offered is good. People who claim that Check Point Harmony Endpoint is a cheap product don't necessarily mean that it is not a good solution. Fortinet is a very expensive product that offers good value to its customers. If Check Point can work on the value proposition it offers to customers and make them understand that even though the solution is affordable, it is not a bad solution compared to its competitors, then it would be fantastic. The potential customers can opt for Check Point products, considering that they are offered good products at the cheapest price in its categories. It is important for Check Point to ensure that people don't have a wrong perception about the products it has launched in the market.

I don't think there are any features I would like to include, and the tool offers updates when compared with the products from competitors, which I think is a good way to do it. The only challenge is that for many organizations where there is an MDM solution in the environment and an endpoint security tool, my company needs to educate such organizations to convey the message that endpoint and MDM solutions are different products for different purposes, so they are not the same. If Check Point Harmony Endpoint can incorporate MDM into the solution, it can be a fantastic enhancement. Customers need not buy endpoint and MDM solutions if both are made available together in Check Point Harmony Endpoint. My company will have to put extra effort into educating the customers and making them understand the two different solutions. MDM is used to manage your mobile devices, and Check Point Harmony Endpoint is the security for your endpoints.

View full review »

There are a number of features behind paywalls which can be frustrating when you are already paying a premium. 

The support is limited at times and can be quite slow, you are often directed to articles in the support center to read solutions for yourself. As a result, a lot of time has been spent reading Check Point articles on the online platform to increase knowledge around the product and further cyber security awareness in the team. It would be good to have a more direct route to remote support and demonstration.  

View full review »

The current performance of Check Point Harmony Endpoint has impressed all the sectors in the organization.

Configuration with some applications did not take place effectively due to setup complications. 

Interpreting the threat intelligence sensors may lead to poor data tabulation and slow performance. 

The cost of deployment and maintenance is high, and many small enterprises may not be able to afford premium subscriptions. 

The set security enhancement objectives have been achieved, and internet threats have been blocked effectively. I totally recommend this software to other organizations for reliable endpoint protection.

View full review »

I still don't have a clear opinion of the possible improvements that the tool may need. There are still functionalities that I have not been able to try completely and I would like to spend more time using the tool before offering an opinion to the IT Central community on this point. 

Something that is very important to me is the remediation or recovery capabilities after an attack. From what I have seen so far, this tool maintains the quality line of Check Point products and is always ahead of the needs of the market.

View full review »

For the future, I would like to see maybe a content-filtering emulation feature in Harmony Endpoint. It would already be cataloged in the app. It would help filter other types of characteristics that we have in our equipment, and allow us to see the ones that are also very vulnerable. We'd like to have everything integrated into a single solution that communicates with the cloud.

View full review »

Some areas of improvement could be :

1. Making the user interface on the server more intuitive and user-friendly. 

2. Making it easier for the user to do tuning and configuration to the server or the client application. For example, to turn off notifications, the user should be able to do that with some clicks on the user interface instead of searching and reading about how to do it in the knowledge base first and then trying to do it.

3. Our application version is quite old, and Check Point already released a newer version for endpoint protection, which includes a cloud version. After doing some trials, we see that Check Point already made many improvements to the features and user interface.   

View full review »

The Threat Hunting module is not available for on-premises deployment.

The user has to connect using the VPN to take Policy Server updates when the solution is hosted on-premises. This adds overhead, as the user has to connect to the corporate network to get the policy.

In the case of a hybrid setup where the Policy and Management Server is on the cloud, the Sandbox appliance has to be on-premises.

Policy configuration and deployment are complex.

The application control and URL filtering features are not very strong.

Application Control databases are generated locally and it does not provide any visibility to the admin on which applications are installed on the endpoint.

The solution is supported only on Windows and MAC and not any other platform.

View full review »

Customization of UI should be a little better in terms of application UI and messages that are displayed when something is blocked or non-compliant. URL filtering should allow for time-based rules, for example, don't allow media streaming during work hours yet allow it on weekends.

The same applies to application control. When in our headquarters, we can solve this on the Check Point Firewall. However, the Harmony client does not support this type of condition, and we had to find a "middle ground" between policies and usability for our clients.

View full review »

We did have some early compatibility issues, which I hope Check Point has since resolved. 

As each project varies, anything that may be missing, in terms of features, would become obvious during a POC. Check Point has pretty much everything, however, it could be better in terms of working with Mac products. However, this is typical of other solutions and Apple. 

View full review »

As I understand there will be a URL filtering feature included with the browser agent in the future. This will allow URL filtering without the need for a Gateway Device. This is something I am looking forward to and would be a great addition to a list of features.

The best improvement to the product that can be made is to make it less resource-intensive so it may work effortlessly on slower systems.

The ability to push the Endpoint Client over the network without the use of 3rd party solutions would be an asset.

View full review »

The tool is not too intuitive if you want to monitor and see the results to investigate in a layer. It's not easy to investigate an incident that you find in the company. Users often face trouble when downloading files, so it is very slow in terms of how it works. The tool is not very supportive of all the versions when it comes to the part of loading hash codes, so it may support SHA-1 but not SHA-256, meaning it doesn't support all the formats. Calling the support team for the solution doesn't help.

The support team of the solution lacks etiquette. The technical team of the product told our company that we need to get Check Point products through an official vendor only. Technical support for the solution is an area with issues where improvements are needed.

View full review »

Some problems that I have had with this and other Check Point tools in the cloud is when entering the portal since it stops responding or takes a long time to process a query and this causes delays and efficiency.

They should also add new functions such as threat hunting. 

Finally, it should be able to implement with and have a good integration and interaction with Azure in the management of vulnerabilities, and data management that between the two can be integrated 100% with Check Point Harmony Endpoint and thus be able to make good automated management.

View full review »

This is one of the most innovative solutions due to the fact that it includes many real-time content filtering features, management, and assurance of the transactions of what went in or out of our peripherals. That said, it is important to integrate other solutions to continue innovating in the market.  

I would very much like to have the opportunity to see applications access at the web level and have applications from different brands and devices give simplicity to the management that we are going to need in the future.

View full review »

It is one of the best, however, with respect to its support on iOS and Android, it can improve a little more.

Something worth mentioning is the need for support in Spanish and better representation for teams in the Latin American area, where there is a growing demand for these IT services and new technologies.

Its guides are identical to the existing ones. These guides should be updated, and they should improve their design.

Let people try it, and it will quickly remote users. 

View full review »

Mobile users are reluctant to actually use the solution. 

Check Point should focus on providing more compliant solutions, such as compliant for cloud-specific solutions. The digital footprint can be minimized, and then the Legacy VPNs can also be streamlined. As of now, most of the connectivity partners use Legacy VPNs to connect to their DC or their service partners. Legacy VPNs and digital footprints should be minimized.

View full review »

Endpoint vulnerability management is one of the modules I believe is missing and it is something that is required. I recommend adding this feature in an upcoming release as it will provide complete visibility of endpoint vulnerabilities. 

Endpoint Patching is another good feature that could be added and is required to mitigate vulnerabilities. 

Currently, the DLP Module is not available and it is one of the requirements from an endpoint perspective. It would be good to add in an upcoming release.

There needs to be improved integration with the on-premises/Azure AD.  

Software deployment needs to be added.

View full review »

The only two bug bearers of Check Point SandBlast that I have come across are as follows:

Sometimes, the Cloud Management Portal can become unresponsive or take a long time to process a query. This in turn will cause the browser to freeze, which will require closing and reopening of your browser.

The second is that getting useful "administrator" information requires digging into the policy rules via a second management agent installed on your computer. However, once installed, it is easy to navigate and use so is more of a slight inconvenience than a major issue.

View full review »

Check Point is the best in the marketplace. As the EDR [Endpoint Harmony] there is a lot of enhancement in fixing the solution. We have observed some policies are not working as expected. We have observed a few cosmetic issues as well, however, it's fine. 

Minor release should improve the stability and overall performance of the endpoint solution. Consumption of the endpoint solution should have clear visibility on day-to-day operation tasks that are being carried out also we should monitor the malicious IP address and URL for blocking the same.

View full review »

More development in Linux may help, however, the fact that the product could also have some more documentation as suggestions on what to do may also help.

The product may take some time to navigate at first but apart from that the log ingesting and working on getting a client installed may take some time. 

I would like to see more automation. 

Also, encryption management is not made available in all versions but if it could be extended that would be great. Sometimes it may take some slight delay, however, it's nothing too bad. 

View full review »

It is a very complete product but you have to know how to parameterize it well to avoid high CPU consumption.

SandBlast Agent had moments in which it had a high load, we escalated it to the CheckPoint support that helped us to stabilize it. We had a problem with the parameterization of the solution. Once corrected by following the CheckPoint instructions, everything worked normally again.

It is also missed that it does not have a Linux client since some administrators use this type of operating system.

View full review »

The system has comprehensive data management features that have saved us from incurring unplanned losses. 

Timely updates and suitable configurations can block malware attacks and provide effective reports on security situations. 

The setup process was complicated, however, when the customer service team came in, they provided productive guidelines that have kept the system working efficiently. 

The next release should consider a strong threat detection mechanism that can categorize various levels of attacks for faster analysis.

View full review »

The price of the product could be more friendly. 

View full review »

It would be useful if you could also mark blocks as safe from a client. Now users always have to ask an admin to make exclusions.

In addition, it is also very desirable that there is support for Windows Server core machines.

In addition, it would also be useful if administrators could create exclusions directly from logging into the admin portal, instead of only being told where and how to add the exclusion. This will save work.

It would also perhaps be useful if you could connect from one endpoint directly to another tenant. Instead of having to roll out the endpoint again.

View full review »

The solution could improve VPN functionality and the VPN user-interface.

View full review »

The Infinity Portal login is "iffy" at times. I would like to restrict it to only US traffic, however, due to the hosting in the cloud, it sometimes retrieves data from the EU and across seas. 

Also, if there was a way to simplify the SmartConsole login more, there could be an opportunity to take away some clicks to log in. Navigating back to the browser to log in through that portal site just makes for a more extended login transition. Just have the MFA capability right there on the local application and be done with it. 

View full review »

Support's service and the response times can be improved. The triaging of the tickets takes a long time and the tickets are only resolved with escalations. 

With respect to the product, we feel Endpoint vulnerability management is one of the modules that is missing and it is something that is required. Adding this will strengthen the product and help in taking proactive steps towards protecting the environment.

DLP Module & Patching are required from an endpoint perspective. It would be good to add those in an upcoming release/version.

View full review »

As of now, product-wise, we haven't found any major concern that needs to improve, although it does not support full MDM and this is something that should be there.

View full review »

Some of the less tech-savvy users sometimes find it difficult in adjusting and learning how to use the platform.

In some areas, the user-communities that ought to help are not readily available. Perhaps in the future, the vendor ought to send a sales representative or a knowledgeable person to each buyer to assess how they are using the platform. In case of any challenges, they should help them in using the platform efficiently.

View full review »

Improvements are required in two key areas: notifications and setup simplification. Notification integration primarily relies on software, which is not commonly used by most small companies. Additionally, the setup process within the dashboard is overly complex, with numerous checkboxes and options that necessitate at least a week of training to comprehend fully. Simplifying this process through a wizard or a more intuitive interface would greatly benefit smaller companies.

View full review »

Perhaps the software could be made more resource-efficient. While many improvements come to mind, I don't have them readily available. Essentially, I aim to enhance the software's efficiency so that it places fewer demands on computer resources.

View full review »

It has full performance capability to execute the given duties. 

It blocks safe URLs sometimes when there are network interruptions. 

The cost of deployment varies with the existing working conditions and the organization's size. 

The cloud networking infrastructure can be attacked if there are limited security features and poor monitoring capacity from the IT team. 

The overall performance impressed my team. Check Point Harmony Endpoint is the sure deal for enterprise security coverage and computing device control.

View full review »

There needs to be compatibility with the most recent versions of the various operating systems. They need to be up-to-date with the signatures of new viruses and the latest ramsonware. With the encompassing of all its solutions in one platform, there should be artificial intelligence for specific analysis to thus be able to anticipate and detect unique risks to the organization. 

To be able to count on the administration console on any device and online cloud would be ideal. We would like there to be no need to install clients as executables.

View full review »

We do like the product, although there are quite a few things that we're asking our Check Point account team to enhance, where we think we probably could get more features from it.

We use a couple of Check Point products, like SmartEvent, and SandBlast Agent is not really integrated into that. We haven't gotten the reports working yet. We are working with the account team and trying. As I said, it's still relatively new in terms of what we're trying to achieve. We probably should have had more Professional Services come and help us. But, from our company's point of view, especially at this time in the market, the finances are just not there. But from what I've seen so far, I don't think there's enough integration into SmartEvent. That's something that I've asked our account team to try to focus on in the next versions or as an enhancement request.

Integration and deployment are probably the weakest points, and maybe service as well, although they are still at the high end. Would we go out to market and buy this on its own? Probably not, is the honest answer. But because it is a Check Point product and the licensing comes as part of it, it gives us this time to go and prove that, when it's together with all the other products that we have from Check Point, it certainly integrates very well. Would I go and buy this just as a standalone service if we didn't have Check Point firewalls? Probably not.

View full review »

From an improvement perspective, the major challenge we've faced with Harmony is the support. While the technical features and xRail-based aspects are good, support still needs to be improved. However, this concern could be addressed effectively if they focus on improving support.

View full review »

In terms of improvement, the ticketing system could be better.

View full review »

The improvements that can be mentioned are few. The solution and its architecture are very well done.    

The Check Point Infinity Portal sometimes has some latency or performance issues that are slightly worse, affecting user management. It cannot be improved by the customer.

We would also like to make the documentation for more modern solutions like the Harmony family easier to find. That way, we can implement these solutions with the best practices recommended by the manufacturer.

View full review »

We have few disadvantages or improvement points. However, the Infinity Portal sometimes requires more performance. It is a small detail. However, it could be improved.

On the other hand, it is also essential that the manufacturer improves the public documentation so that users can better understand how it can be implemented with best practices.

Finally, at the support level, we believe that Check Point can improve. Sometimes the answers are provided at dawn, which makes it more challenging to solve.

View full review »

It would also be great to include DLP capabilities for the endpoint so that we do not have to deploy additional agents on servers or PCs or use additional products. 

It would also be great to include FIM capabilities for the Endpoint so that we do not have to deploy additional agents on servers or PCs or use additional products.

It would be great if we could have additional DLP capabilities to identify personal information or any kind of information to comply with regulations that require information protection. 

View full review »

Check Point users a pattern-based security module, which is something that can be improved. Pattern-based security is not the latest architecture and it is insufficient because every day, there are approximately 380,000 new vulnerabilities and threats. Using patterns is difficult because the threats can hide.

View full review »

The product updates are a manual process for my administrator and can take several hours out of his day. I understand this is partially due to the Windows version limitations. When you do need to update the client version it is pretty easy. Usually, it's a case of the end-user not being online to accept the push of the software. That is where it can take up a few hours of my administrator's time. The administrator has to wait and email for our technicians to go to an internet available area. It is usually not a big deal, however, it can take time.

View full review »

There are improvements required in terms of accuracy. It gives you an alert for malicious sites, which, after searching on the Google database, don't come out to be the same.

There can be scenarios where specific planning will be required before even giving thought to implementing it into an organization - be it small, medium, or large. Everything needs to be organized with respect to each particular organization. There has to be proper requirement gathering and a plan for the SOW to work accordingly. 

I would suggest that the Check Point team always allocates an SME to all the vendors before implementation as it will improve the first impression. In my case, I had pretty much faced disaster after implementation that I would not suggest anybody go with the product.

The product needs to improve the security infra.

View full review »

The heartbeat interval must be improved. Sometimes, when we change the policy in the console, it does not reflect in the endpoint. Sometimes, we find it difficult to change the policy. The tool lags sometimes.

When we change the user password in the Infinity Portal, the password does not sync on time. There is a one-minute heartbeat interval from the server to the console. We have a graphical UI in threat hunting in which we can see the attacks. If audit logs have a similar graphical UI, it will be easier to analyze the logs.

View full review »

The antivirus is not as friendly as other solutions and can be improved. 

We would like to have the ability to stop and restart the service remotely, which is something that we can do easily with Symantec but have a hard time with when using Check Point.

View full review »

Everything can always be improved. Specifically, there are gaps when it comes to security.

View full review »

The solution has limitations if it's hosted on-premise or as a SaaS. You need to plan accordingly on the model that suits the organization. On-Premise, for example, does not support threat hunting. Hosting on the cloud will have an impact on the user who is connecting to a central location for internet access as it will add infra cost. 

We also need to look over the expertise of the support executives who require more training and focus as well in this service area and if we can think over the cost of the product.

View full review »

The lack of time setting for policy application, for example, from 8 am to 9 am, to have a policy applied and then from 9 am to 10 am for another one.

A more responsive UI would be nice. Sometimes, with a lot of clients (1,000) the UI is a bit sluggish.

The operation of reinstalling a machine also requires a bit of work since we have to delete the object before installing the app on a formatted operating system. It should be able to lock settings and licenses to the machine ID that never changes with an OS installation.

View full review »

Unfortunately, the web (cloud) management system and log search performance are quite bad. Sometimes it takes longer to perform simple tasks and scrolling the results of the log is annoying due to frequent refreshes.

The exception management was always the Achilles' heel of Check Point products. It was a bit improved in Harmony, still, you can't for example exclude a site from anti-phishing form checks (which could take a few secs) while not excluding it from attachment scanning.

The forensics module still doesn't allow for HTTPS URLs entered by users. You are limited to DNS search or IP lookup. This doesn't make sense from a technical standpoint as the URLs are passing Harmony checks so they are known to the solution.

Anti-phishing cannot scan a form located inside an HTML e-mail attachment (which is a common practice in real-life attacks).

View full review »

It would be ideal if they had a migration tool of some sort.

There were some caveats that we encountered on the new Management Station. For example, they had some features that were not supported by older clients. There are the clients that are running on the laptops, and there are the Management Stations, and then we had one on-premise, which was older in terms of the clients that we were running. Then we had the new Management Station in the Cloud that Check Point is administering as it is a SaaS, which is a benefit.

The newer Management Station has features that it enforced on the clients that the clients weren't able to support. For example, Windows Service or Windows Subsystem Linux. Everyone in my company that uses Windows Subsystem Linux, which is about 15 or 20 people, that need it on a daily basis, were running the older clients of course, as they were migrated over the new Management Station and they weren't allowed to use that. It was being blocked automatically due to the fact that that was the new policy being enforced that was literally a tick box in the new Management Station that I didn't set. Even if I enabled WSL, it didn't matter. The older clients couldn't take advantage of the new newer Management Station telling them to use it. That was annoying trying to troubleshoot that and figure it out. tNo one at Check Point really knew that was the problem. It took a while to resolve. We finally figured out upgrading may solve the problem. When we did that, we upgraded those users, however, that created a little bit of an issue in the company, as we upgraded those users. We like to test them with a small group and make sure they're stable and make sure nothing weird happens. We were forced to upgrade them without testing first. 

One thing they still haven't improved on from the old Management Station to the new Management Station, which should totally be an improvement, is when you create a Site List for the VPN clients and you deploy it from the Management Station, you are not able to get that Site List. You have to play around with something called the Track File, which is a miserable process. You have to download the client, decrypt the Track File, edit it, then upload it again to the Management Station and download the client a second time and then test it and make sure the Track File's in the right order of sites as well, due to the fact that it's kind of random how it decides to order the Site List. The Site List is what the clients use to connect to the VPN Gateway, and if you have more than one gateway, for example, for disaster recovery, which we do, then they'll need that list.

It's something they've never improved on, which I was hoping by going to the cloud and having this whole thing recreated. Since it's more advanced I thought they'd have that ability to edit the Site List with the initial download. You should be able to just add the sites and then that's it. That kind of sucks that you can't. 

Other than that, the only other thing I could complain about was that they did this process where they did some type of certificate update on the backend of all of their staff solutions. That created downtime for our VPN clients and they didn't notify us of the certificate update. We're using the product in their cloud as opposed to their product on-premise, which seemed to be more stable in that regard. They didn't communicate that out. However, when we spoke to support after about a week, they told us there was this thing they did the past week, and that's the reason why we had that problem. Everyone that had that product had that problem. That really wasn't ideal.

View full review »

Personally, I'm looking forward to separating server management policies. They could improve memory consumption. Once we installed a CP agent in our system, we found that it was consuming more memory. Even a normal configuration system can be hung.

Malware detection is an add-on plan that can't be added on. It's the most important part of endpoint security. There's a forensic addon which is very important after threat hunting against attacks.

View full review »

They could be focused on the analysis of USB devices. It has the ability to block the use of USB storage memories until it is completely scanned for any virus or threat. We need to ensure that the USB device will not be available until the scan has been completed, however, this may represent a malfunction when using other tools such as Rufus, as, by blocking access to USB drives, Harmony Endpoint will block access to these drives, thus Rufus will not be properly detecting USB drives and therefore it cannot operate properly.

View full review »

It isn't exactly the cheapest, but then it's Check Point. The price could be improved.

I'd also love to see them add full MDM support, but I appreciate that that's not the product market. If it did come in, I'd be more than happy to look at additional modules. It was probably one of the easiest products I've ever had to deploy it, but if it's not capable of doing MD, then that's going to impact its usefulness to us.

View full review »

The Check Point Harmony Endpoint is a very complete solution. Even in the most basic version, it already includes EDR, which today is very important and something that all endpoint solutions should consider having from the most basic versions. We would like to have one more step and that's to give and have full-disk encryption.

Compared to other brands, we would like a dedicated anti-spam to be included in order to close the full circle. We could have it with Check Point Endpoint, mobile, cloud, or firewall. An all-in-one console would be great.

View full review »

I would suggest that the Check Point team always allocates an SME to all the vendors before implementation. This will help when the endpoint agent cannot integrate with another product or third party. It could expand the functionalities too. In addition to security functionality, they could incorporate Mobile Device Management (MDM) functionalities such as remote device management, administration of installed applications, et cetera. 

The solution needs more alerts to warn of attacks. 

View full review »

Tech Support must be better. Whenever we log a case for any issue it takes too much time to get it sorted. There should be escalation by default. If the case is not being sorted quickly, it must get internally escalated to the team who are experts and they should be empowered to jump in to get the issue fixed. Many times, we have to be on it for weeks to come to a proper resolution. 

Website blocking and endpoint levels are still a challenge and there needs to be a more sophisticated solution. We are looking forward to having this product work more efficiently.

View full review »

Sometimes the portal loads slowly which should be improved. 

There should be an easy option for the administrator to turn off or disable malware protection on a specific asset or computer instead of adding a specific asset in a Disable group as that will make it easy for the admin to disable if and when required for some testing purpose. I would like this feature to be added. 

Logs searching also needs to be more quick and enhanced and more metadata should be stored in the logs for Endpoint for a better view for admins. 

View full review »

The solution is mostly very good. The reason why I'm trying to compare it with FireEye is due to the fact that it's supposed to be a mandate by the State. We are trying to justify the fact that we don't need to change our environment. For example, if the only thing that they want is to provide reports for the State, then that's a different story. We can customize the reports based on what they're asking for. We don't need to change or want to, however, the State may require us to.

Technical support can be a bit slow at times. 

View full review »

The remote deployment with Check Point Endpoint Security requires improvement. We have to depend on some of their deployment tools. 

I would like a dependable system endpoint protection management tool or remote deployment tool. The deployment on the remote client needs some type of tool to implement it.

View full review »

I would like to see this same solution being able to link with the services of different corporate networks as if they were a remote access VPN extension and thus not require additional licenses. We'd like to be able to integrate several products and services into one to be more efficient and user-friendly within the infrastructure. 

View full review »

The web filter service could be improved. It would be great to have a self-service user request for sites. An administrator would still need to approve, however. 

The block screen could have a nicer screen or allow it to be customized.

The list of exceptions for URLs could be improved with a separate screen for a large list of exceptions. Having the same exception list for mobile and endpoints would be great. 

We are hoping to transition to the SOC based service. Think this is still new; we're looking forward to get more information and test.

View full review »

They should provide bandwidth regulation so we can monitor and regulate bandwidth.

View full review »

The network monitoring features must be improved. If my ISP says that they gave me 300 Mbps, I would like to see where the network is used the most and where we are underutilizing it. I need features to monitor the bandwidth. I want features to monitor the upload and download speeds.

View full review »

Check Point Harmony Endpoint could improve by allowing it to work on older systems by reducing the system requirements. Since our systems are dated we can only use the antivirus module features.

View full review »

I think some work needs to be done to improve the integration with other third-party products, namely SIEM solutions. We found it quite challenging.

We found out the hard way that the configuration was lost when we version upgraded the management console.

View full review »

We'd like it if the solution continued to add new features. For example, what would be specifically useful to us is a feature that allows threat hunting. They may be already working on that or have something available, however, we need something robust and effective.

I'm not sure if they need to improve anything right now. They are already developing new aspects that are quite innovative. 

The only thing that our customers want, is lower prices. 

View full review »

There should be some way of managing this solution outside the organization's network, possibly with some type of remote access. For example, if I'm the admin of Check Point who manages the entire network, I would like to have access on my home device or maybe a mobile app to get reports, etc.

View full review »

The entire industry may move to the cloud, where we don't have to worry.

View full review »

I'm not sure what they are thinking about in terms of additional features at the moment, but I hope that they'll maintain focus on the tool to enhance the solution. 

Areas that have room for improvement are the scope of the product and, while I think the support is good, they can improve support as well.

View full review »

The solution needs better reports and centralized logs. They need to take up fewer resources for consumption.

View full review »

The solutions agent could have better performance, it is a little slow sometimes.

View full review »

Stability.

We know that Check Point has a very good database about threats even Check Point tries to make this EDR stable still there are some issues we were facing after upgrading or taking TAC to help its got resolved but Check Point really needs to work on metadata.

Check Point agent to Server communication many times got interrupted or cloud-managed infinity portal dashboard gives many issues while creating policy or installing uninstalling agent or packages.

Heavy load on the system gives issue which can be in a different manner.

View full review »

I would like to see simple sandboxing for malware analysis. But, they are not the leaders in this market. I would like to see virtual tasking as a feature.

View full review »

There was a learning curve for our general population of employees (the user). 

View full review »

Check Point Harmony Endpoint could improve mobile device management (MDM).

View full review »

Technical support needs to be improved, along with the response time. The technical team or any product team should liaise with us and help to deploy the solution to the first few customers so that we can roll out to the rest of the customers.

They need to improve the licensing process as well so that it is easier for the end user. At present, we have to wait one to two weeks to get a license, which is not productive. The process is not very smooth or convenient for the end user because Check Point Harmony Endpoint provides two login portals. One is for licensing, and the other is for management.

In the future, I would like to the management portal and the licensing portal be integrated or changed to a single sign-on because that will be good for both the panel and the user. If they can make it very convenient for deployment and monitoring, it would be good.

If we could get technical support in Singapore, then it will be helpful for our customers.

View full review »

The solution could be improved in the future with a way to provide online training to customers for free, as other providers do. Ideally, it would be not only for this solution but for all of their systems.

I found that there is no Check Point online training center and I think that is something vital for most of us as customers.

View full review »

Endpoint security programs can be a bit pricey, but you are receiving basically the same type of protection from each software program. To upgrade from one version to the next can get very costly providing what type of equipment you are running the program on. I did not find that endpoint security was very compatible during the upgrade. I ended up spending a lot more money than budgeted due to compatible issues. View full review »

The management in Check Point Harmony Endpoint could be improved.

In a future release, the solution could add more threat intelligence features.

View full review »

An additional feature I would like to see involves the VPN.

View full review »

It needs to include built-in deployment. This will make the job easier rather than having to go and dig up an Active Directory deployment along with policy objects.

View full review »

We cannot integrate this product with other solutions, which is something that should be improved. I believe that it is in the roadmap.

Other vendors have some non-security-related features in their endpoint protection solutions that should be implemented in this one.

View full review »

I would like to see support for a policy in the appliance that will refuse to create a connection if it does not detect an active virus scanner.

Two-factor authentication is missing from this solution.

View full review »

One area of this product that has room for improvement is the disc encryption.

I'd like to see a patch management solution like Kaspersky has. That's the only feature that's missing.

View full review »

It took me time to learn how to configure endpoint security. Getting one for our Unix-based systems was not easy because most programs available in the market are windows-based. Implementing security on the latest endpoint devices was not easy due to compatibility issues. View full review »