What's New

New Features

  • SandBlast Agent now uses ssdeep-computed Fuzzy Hashing to detect and block malicious files. This adds to the standard hash-based reputation check and to similarities through Static Analysis Machine Learning to improve SBA’s ability to catch polymorphic variants of known malware.

Enhancements

  • File Reputation, Static File Analysis and Threat Emulation

    • SandBlast Agent now checks the reputation of files based on their similarity to a known ssdeep hash.

  • Anti-Exploit

    • Fixes an issue where Anti-Exploit may not work immediately after an upgrade.

  • Anti-Ransomware, Behavioral Guard and Forensics

    • Fixes a rare Forensics service crash that can occur when a client disconnects from the Management server.

    • Improves Forensics performance by not monitoring Windows Update operations.

    • Improves Forensics, Behavioral Guard and Threat Hunting performance slightly by filtering out some sensor data from well known processes.

    • Fixes the recreation of certain folders such as the document folder if the admin redirects them.

    • Policy can now disable Forensic Analysis for Anti-Ransomware and Behavioral Guard.

    • Fixes a rare issue where the Anti-Ransomware backup driver may not stop on upgrades.

    • Fixes an issue that can prevent an Anti-Ransomware file backup due to a specific sequence of file modification operations.

    • Improves the time to detection for Behavioral Guard and Anti-Ransomware rules by prioritizing active rules over rules being field-tested.

    • Windows Management Instrumentation (WMI) executions are now supported in Behavioral Guard rules.

  • Full Disk Encryption

    • Suspended BitLocker drives now display as unencrypted.

    • Now shows the Caps Lock notification in the pre-boot password change dialog.

    • Fixes a rare Full Disk Encryption pre-boot loop.

  • Media Encryption and Port Protection

    • Resolves an authorization issue when the scan fails if there are files with long paths on the media.

  • VPN

    • Fixes an issue with privilege escalation vulnerability where a regular user might be able to execute arbitrary code with system privileges.

  • Installation

    • Resolves a possible issue where an Anti-Malware blade addition that uses Dynamic Package results in Anti-Malware in an error state.

    • Resolves an issue where a command line window pops up briefly during the installation of an exported package.

    • Resolves a possible issue where a client upgrade fails if it happens during a signature update.

    • Resolves a possible issue where the client upgrade fails due to the Vsmon shutdown time being longer than expected.

    • Resolves a possible issue where an upgrade that uses Dynamic Package fails when the zip file extraction fails.

  • Infrastructure

    • Fixes an issue where the status of the client stays in "Deployment is in progress" although the deployment finishes successfully.

    • Fixes an issue where the tray icon of the Endpoint Security client is sometimes missing.

    • Resolves a possible issue where the client's failure to retrieve the SID does not show in the client UI.

    • Resolves an issue where the "Instprep.log" log file has no limit in size.

    • Resolves a possible issue where the reconnect tool doesn't restart the Device Agent service because of an incorrect certificate.

    • Resolves a possible issue where the client log viewer crashes.

    • The Anti-Bot blade is now "Anti-Bot and URL Filtering".

    • Resolves an issue where informative popups display although the policy for "Client User Interface Settings" is not set to "Show all notifications".