What's New

New Feature

Unified Threat Prevention log structure:

• Covers all Endpoint Threat Prevention products.
• Adds additional incident details for existing Endpoint logs that provide improved abilities to monitor detected events by indicator's hash, name, or latest attack status.
• Forensic attack analysis details are now available through the SmartLog queries.
• New log entries for Anti-Ransomware and Anti-Exploit products.

To support SmartLog or SmartView Tracker reporting for all supported servers (except R80.20), you must update the log schema. Follow instructions in sk106662.

Enhancements

• Resolves a sharing violation issue in Threat Emulation. Resolves scenarios where applications that try to access a file with exclusive access rights fail due to a Threat Emulation inspection of the file. This also resolves the issue to save documents in PDF format.
• Addresses a rare situation where Forensics can stall in analysis.
• Stabilizes serialization issues for the Remediation Service.
• Stabilizes the initialization order of the Remediation Service for Anti-Bot.
• Resolves an issue with Anti-Bot Service crashes on low bandwidth networks.
• Addresses a rare stability issue in Anti-Ransomware in the scenario of policy file collision.
• Resolves an Anti-Ransomware issue that could prevent complete restoration of files on a system restart in the event of a ransomware attack.
• Full Disk Encryption in BIOS-mode now uses less memory than in earlier releases. This allows more boot strapping code from Microsoft Windows and prevents low-memory issues in pre-boot.
• Resolves error in Japanese translation of “left” in the BIOS recovery.
• Resolves a Remote Access issue in a customized package of Endpoint Security Client full suite created with the VPN Configuration Utility. In previous releases, the original trac.defaults remains instead of the customized file.
• Resolves a possible issue when a "no network" message may occur when the client tries to connect to the VPN Security Gateway when there is connectivity.
• Resolves a Threat Emulation performance issue during massive I/O activity including Windows OS upgrades.
• Resolves an Anti-Bot issue that can cause slow performance on web browsers.
• Resolves an Anti-Exploitt compatibility issue with products such as App-V that inject code into protected apps.
• Resolves a rare issue when the Firewall blade does not run on upgrades from Windows 7 to Windows 10 with an older version of Endpoint Security client.