What's New

New Features

• Anti-Bot

  • CVE-2020-6014: The load of a non-existent DLL can lead to privilege escalation.

• SandBlast Agent Browser Extension now supports the Microsoft Edge (Chromium) browser

  The SandBlast Agent Edge (Chromium) extension supports all the functionality the SandBlast Agent Chrome extension supports:

  • URL Filtering (for Web Management users only).

  • File Download Protection.

  • Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection.

  • The Edge (Chromium) extension installs automatically when you install the SandBlast Agent or upgrade to the Endpoint Security Client E83.20 version.

• Detection of malicious LNK (Windows Shortcut) files

  • Behavioral Guard now analyzes the target of LNK files to determine if the file is malicious.

  • Forensics Analysis now determines if the start of an attack is from an LNK file.

  • Forensics Reports show the targets of all LNK files in an incident.

• Content view in the Forensics report

  • Available from the Incident Details menu.

  • Shows all LNK targets in the incident.

  • Shows all AMSI content in the incident.

• "Pass The Hash" detection

  • Behavioral Guard now recognizes the "Pass The Hash" attempts.

• Full Disk Encryption

  • The Full Disk Encryption pre-boot has a modernized look and feel along with updates to the color-theme and background images.

Enhancements

• Anti-Malware

  • Fixes an issue where Anti-Malware status reports to the Windows Security Center do not work, if there are errors or if the reports are disabled in the policy.

  • Resolves a possible issue where the Anti-Malware process crashes during the Endpoint Security client upgrade.

  • Resolves an Anti-Malware signature update issue from an external server through a proxy.

  • Resolves an issue where no UserCheck message pops up and no log about the detection goes to the Endpoint Server when a JAR file is detected as malicious.

• Anti-Ransomware, Behavioral Guard, and Forensics

  • Behavioral Guard now detects the "Pass The Hash" technique.

  • The Forensics service does not shut down and restart anymore during the Behavioral Guard Signature updates. The update process is faster as a result.

  • Adds new default exclusions to Anti-Ransomware to decrease the number of false positives.

  • Fixes an issue where Forensics can stop its responses if multiple triggers are in the queue and the current analysis takes a long time to complete.

  • If the Forensics database does not contain a detected file or process, it now generates a minimal report with reputation.

  • If a detected URL is not in the Forensics database, Forensics now generates a minimal report with reputation.

  • Fixes a very rare issue of an infinite loop in Forensics.

  • Improves the Forensics performance as the result of decreased number of not necessary registry operations.

  • If the reputation service is not available, the Forensic Analysis no longer treats unsigned processes as trusted processes.

  • Fixes a very rare issue in the termination of trusted processes that are part of a Forensics incident.

  • Fixes a rare issue where Forensics can lock up when it receives a new policy.

  • Fixes an issue where the Forensic Analysis fails when the trigger file has a short name.

  • Enhances Forensics analysis to identify attacks that start with Windows shortcut (LNK) files.

  • Adds a new screen to view all AMSI and LNK target content in an incident.

  • Fixes a Forensics report issue where a terminated process can appear in the "Already Terminated Processes" and "Terminated Processes" sections of the Remediation view.

  • The Remediation section of the Forensics report now mentions failures to access or use the remediation service.

• Compliance

  • Resolves the client non-compliant state when the Windows Server Update Service (WSUS) compliance check configures regardless of the value set in the rule. See sk164060 for policy configuration details.

• Media Encryption & Port Protection

  • Resolves an issue with the 3rd party backup application Veeam that fails to create a recovery media if Media Encryption & Port Protection is installed.

• Full Disk Encryption

  • Resolves the UseRec.exe crash when a recovery file contains users from several domains.

• Installation

  • Resolves an issue after an upgrade when the client UI language switches back to the default system language.

  • Resolves a rare issue where the Endpoint Security upgrade process does not complete because of a crash, but a new version registers.

  • Resolves a possible issue where the Endpoint Security client upgrade fails with the error "Wait for Install Helper process failed".

  • Resolves a possible issue where Endpoint Security client upgrade fails with the error "The paging file is too small for this operation".

  • Resolves a rare issue when Firewall policy is not set after an Endpoint Security client upgrade.

  • Resolves a possible issue when the Endpoint Security client upgrade fails with the error "Changing configuration is not allowed, check the password".

• Infrastructure

  • Endpoint Security clients that are disconnected from the domain and use the same local SID can now connect to the management server as unique machines.

  • Resolves client registration issue when SmartEndpoint detects duplicates when the client computer FQDN does not match the FQDN of its domain.

  • Optimizes the Endpoint Security processes monitor algorithm to decrease CPU consumption when 3rd party Anti-Malware on-access scanners connect.

  • Introduces enhanced deployment capabilities for small fixes or patches with a new package type that installs changed files only.

  • Resolves the CPDA.exe crash when the Windows Management Instrumentation (WMI) service is disabled during a client upgrade.

  • Resolves the URL Filtering "waiting for policy" error after a client upgrade with the exported package when the client is in the disconnected state.