18.0 Release Fixed Issues
The following is a list of the fixed issues in the 18.0 GA release. Note that many issues below were also fixed in service packs of previous versions.
Item |
Area |
Relevant OS |
Description |
Component |
---|---|---|---|---|
CYBR-14820 |
Behavioral Whitelisting |
All |
After upgrading to the latest version, behavioral whitelisting rules set for Excel and Microsoft office programs did not work due to missing data. After this fix, the configuration is updated to ensure that the necessary data is sent for the behavioral whitelisting rule to be applied correctly. |
Server |
CYBR-13843 |
Detection Rules |
All |
When the LanMan Hash was used as part of the NTLM authentication process, Malops were created but these Malops were false positive results. With this fix, we have modified the rules for the Pass the Hash detection logic to decrease false positive results. |
Server |
CYBR-14715 |
Detection Rules |
All |
After upgrading to the latest version, on Windows 7 machines domain information was not collected and the Domain Generation Algorithm (DGA) Malop was not detected. After this fix, domain information is collected correctly and the DGA Malop is also detected correctly. |
|
CYBR-15681 |
Detection Rules |
All |
False positive Malops of Pass the Hash attacks occurred in cases where the behavior was legitimately caused by a domain controller. After the fix, such behavior does not generate a Malop. |
Server |
CYBR-16027 |
Detection Rules |
All |
Credential theft Malops were reporting a high number of false positive results and therefore causing many MDS requests to the server. After this fix and detection rule update, the false positive rate is dropped. |
Server |
CYBR-13198 |
Detection Servers |
All |
In rare cases, Detection servers were found to hold the wrong versions of custom reputations. If you have issues with this situation, contact Technical Support for assistance in aligning the versions across Detection servers. |
Server |
CYBR-14812 |
Display Settings |
Mac |
In the latest version, the right side of the header in the Cybereason UI was distorted and did not display correctly. After this fix, the header is displaying without errors. |
Server |
CYBR-15760 |
Investigation |
All |
In the Investigation screen of the Cybereason UI, when viewing Elements to connect to the Logon Session Element, it was not possible to connect the Source IP Element in a query. After this fix, it is possible to use both Elements in a query. |
Server |
CYBR-14256 |
Malop Inbox |
Windows |
When investigating Malops in the Malop details screen, files with an empty path were displayed. Therefore, when you tried to download these files from the Malop details screen, the download would fail due because there was no path. In addition, because of the missing path, you could not investigate these Elements in the Investigation screen. After this fix, file paths are reported correctly and you are able to download these files correctly as needed. Note that this fix does not apply to executable files, only non-executable files. |
Sensor |
CYBR-14286 |
Malop Inbox |
All |
When a Detection Server had to compare incoming threat intel data from the Global Threat Intel server against behavioral whitelisting rules on the Private Threat Intel Server, Malops were sometimes not being raised correctly due to server timeout issues. After this fix, the server configuration has been updated to allow for a longer timeout period and give the Detection Server adequate time to compare Global Threat Intel information with behavioral whitelisting rules in the Private Threat Intel server. |
Server |
CYBR-16471 |
Malop Inbox |
All |
Malops on the same machine that were related to PowerShell processes were not grouped into one Malop. After the fix, such Malops are grouped correctly. |
Server |
CYBR-11689 |
NGAV |
Windows |
When updating any of the NGAV settings, the Sensor asked you to restart the machine unnecessarily. After this fix, the request for a restart no longer occurs. |
Sensor |
CYBR-14981 |
NGAV |
Windows |
When running updates of the signature database on virtualization environments, machines with Sensors and their networks experienced heavy network load due to the fact that many Sensors were trying to check for updates at the same time. After this fix, we have changed the configuration of signature update checks for machines with Sensor to mitigate the effect upon the machines and their networks:
|
Sensor |
CYBR-15130 |
NGAV |
Windows |
After an Anti-Malware update, memory usage on machines was increasing collectively. Over time this meant that the amount of memory consumed grew with each update. After this fix, the configuration of the update process has been updated to address this memory usage growth and the increasing memory use no longer occurs. |
Sensor |
CYBR-15529 |
NGAV |
Windows |
After an update to the Anti-Malware settings in the Cybereason UI, Sensors unexpectedly disabled the Anti-Malware settings on a machine. After this fix, any custom Anti-Malware settings for a Sensor are retained and the Anti-Malware settings are not disabled even when a change is performed in the Cybereason UI. |
Sensor |
CYBR-14478 |
Registration Server |
All |
When assigning Sensors to Registration servers, there were some issues:
After this fix, we have updated the configurations so that Sensors are sent to the Detection servers correctly to match the available load, and the assignment registration details are reported correctly. |
Server |
CYBR-14556 |
Registration Server |
All |
When Sensors were trying to communicate with the Registration server, the communication occurred multiple times. This caused performance problems and prevented some Sensors from communicating with the Registration Server. After this fix, the communication occurs only one time and the performance impact on the Registration server has been reduced. |
Server |
CYBR-13842 |
Sensor Installation |
Windows |
When upgrading only a Sensor to the most recent version (without a console upgrade), the Windows Add and Remove dialog showed both the old and new versions of the Sensor. After this fix, the status of the Sensor is displayed correctly. |
Sensor |
CYBR-14726 |
Sensor Installation |
Windows |
In the latest version, the right side of the header in the Cybereason UI was distorted and did not display correctly. After this fix, the header is displaying without errors. |
Sensor |
CYBR-14512 |
Sensor Management |
All |
When the Actions log in the System > Sensors screen contained a large number of items in the list (usually over 50), the Sensors screen experienced performance problems. After this fix, the number of items in the Actions list is limited to 50 to eliminate performance issues. |
Server |
CYBR-15744 |
Sensor Management |
All |
In the System > Sensors screen, when trying to perform a Sensor action on Sensors filters by sensor tags, the action was performed on all Sensors instead of just the currently filtered Sensors. After this fix, actions are performed only on the Sensors in the filter. |
Server |
CYBR-11823 |
Sensor Performance |
Windows |
When restarting the machine on which the Sensor was located, the minionhost.exe Sensor process failed to start. Therefore we added a fail-safe mechanism that will make sure that the minionhost.exe process runs as scheduled even if it failed to start after restart. |
Sensor |
CYBR-12395 |
Sensor Performance |
Windows |
When the Windows update service startup type was unknown on a machine, the Sensor crashed unexpectedly and no indication of the crash reason was sent to the Sensor logs. After this fix, the Sensor will no longer crash if the startup type was unknown. If the Sensor crashes, the log will display the reason. |
Sensor |
CYBR-12753 |
Sensor Performance |
Windows |
Previously, the Cybereason PowerShell protection had modified existing registry keys, some of which have been used by other system programs, causing problems in these other programs. This happens even if the PowerShell protection was not enabled. After this fix, we have updated the Sensor to ensure that the PowerShell features in Cybereason function do not affect registry values for other programs if the feature is disabled. |
Sensor |
CYBR-13930 |
Sensor Performance |
Windows |
For Sensors installed on Windows machines running Microsoft Support Center products, the machine crashed if the minionhost.exe process was running and collecting information. After this fix, the machine crash no longer occurs. |
Sensor |
CYBR-14947 |
Sensor Performance |
Linux |
After upgrading Sensors for Linux to the latest 17.5 version, Linux machines experienced decreased performance. With this fix, we have updated the configuration for the Sensor for Linux to ensure more optimal performance. |
Sensor |
CYBR-12766 |
Sensor Settings |
Windows |
After the following series of events, stale sensor emails were not sent:
After this fix, the emails are sent correctly. |
Server |
CYBR-15285 |
Sensor Tagging |
All |
When searching in the System > Sensors screen, it was not possible to search Sensors for Sensor tags or machine names if the string contained a single quote character After this fix, the search works as expected. |
Server |