20.2 All Features
The tables in the following sections list all the features included in all minor releases included in version 20.2 LTS, organized by minor versions. All the features listed below are also included in the 20.2 LTS version.
In this topic:
The tables contain the following information about each feature:
The feature area
A description of the changes
Whether you need to update your server or sensor to the version listed
The supported operating system for the machines for the sensor
The sensor and server versions required to utilize the feature
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
SHA-256 support |
The Cybereason platform now supports the collection of SHA-256 file hash values by the sensor, and the detection of malicious activity based on SHA-256 file hash values. |
Sensor and server |
Windows |
OS support |
The Cybereason platform now supports sensors on machines running Ubuntu 20.04 LTS and 20.10. For more information, see Supported OS versions for the sensor. |
N/A |
Linux |
Sensor grouping |
The sensor grouping feature is automaticlly enabled as of version 20.2.241. Learn more |
Server |
N/A |
Anti-Malware |
We have updated the Anti-Malware configuration to address a situation where an error in verifying a known and trusted signer on the file static analysis flow caused false positive alerts for executable files signed by known vendors. |
||
Anti-Malware scans |
We have added an option in the System Tray running on a machine that enables you to start a Quick Scan, Full scan and to Stop scan. In addition, the system tray icon on the machine displays the last time scans were run on that machine. |
Sensor |
Windows |
Version 20.2.222
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
OS support |
The Cybereason platform now supports sensors running on Apple Silicon Macs (ARM-based). Sensors running on Apple Silicon Macs require the Rosetta 2 emulator in order to run. For more information, see the Apple documentation. Apple Silicon Mac native will be supported in future versions. For more details, contact Customer Success. |
Sensor, server |
macOS |
Mac AV |
The Anti-Malware > Signatures mode is now supported for machines running Mac OSX Big Sur. |
Sensor |
macOS Big Sur |
Behavioral Allowlisting |
You can now edit and duplicate behavioral allowlisting rules from the Security profile > Behaviroal allowlisting screen. Learn more |
Server |
N/A |
Version 20.2.181
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
OS Support |
We now support deployment of sensors on Oracle Linux 8 machines. For known issues related to Oracle Linux 8, see Known Issues. |
Sensor |
Linux |
Sensor groups |
User administrators must now explicitly give Sensor admin L1 users access to the ‘Unassigned’ sensor group. Previously, all Sensor admin L1 users were given permissions for the Unassigned group by default. Learn more |
Server |
N/A |
Behavioral document protection |
You can now view Behavioral document protection modes and sensitivity levels in the System > Sensors screen. Learn more |
Server |
N/A |
Custom detection rules |
When creating custom detection rules, analysts can use the Grouping features section of the Create custom detection rule screen to group multiple instances of a defined behavior into separate Malops according to features such as process name or owner machine. Learn more |
Server |
N/A |
Version 20.2.161
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
Malop response |
When excluding a Malop during the response phase, the ‘Malop is benign - Exclude’ option now includes more details and allows you to choose whether to add the root cause to the allowlist, create a behavioral allowlisting rule, or both. Learn more |
Server |
N/A |
Behavioral Documentation Protection settings |
You can now set the Behavioral document protection sensitivity level to Cautious, Moderate, or Aggressive, to suit your organization’s needs. Learn more |
Server |
N/A |
Version 20.2.101
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
Sensor grouping |
System admins can now delete sensor groups. When you delete a sensor group, sensors in the group are reassigned to a specified group. Learn more |
Server |
N/A |
Sensor grouping |
System admins can now assign sensor grouping logic based on Organization, in addition to Organizational unit (OU), Machine name, and Internal/External IP address. System admins can also now use ‘matches pattern’ as an operator for Organizational unit and Machine name. Learn more |
Server |
N/A |
Version 20.2.61
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
Extended data retention |
In the Extended Data Retention UI, you can now use the Match feature to specify whether your initial query should return results that match All filters or Any filter. Learn more. |
Sensor |
Windows, Mac, Linux |
Remote Shell |
We have updated the workflow for using the Remote Shell utility when your user account has SSO sign-on enabled. Now, if you have SSO sign-on enabled, you are not required to enter a two-factor authentication code in the Remote Shell dialog when you open the Remote Shell dialog. In addition, if you select the Secure mode, you no longer need to enter a two-factor authentication code. Learn more |
Server |
N/A |
Sensor grouping |
To better manage your security policies, Cybereason allows you to assign sensor security policies to specific sensor groups. The policy you select will be applied to all sensors in that sensor group. Learn more |
Server |
N/A |
Version 20.2.20
Feature |
Description |
Required Update |
Sensor OS |
|---|---|---|---|
Sensor dashboard |
We have added a new Sensor Dashboard as part of the System screen. In this dashboard, you can get a graphical representation of your sensor status, including sensor status, sensors by OS type, sensor versions, and trends on sensor status. Learn more |
Server |
N/A |
Remote Shell |
We have updated the configurations for the Responder user required to use the Remote Shell utility. Now, if you upgrade from a previous version to the current version and you have users with the Responder role, the option to require two-factor authentication is not automatically enforced. However, if your users with the Responder role need to use the Remote Shell in Unrestricted mode, you must later select the option requiring two-factor authentication. Learn more |
Server |
N/A |
Sensor grouping |
Administrators can specify assignment logic to automatically assign new sensors to a sensor group. You build assignment logic based on sensor characteristics such as organizational unit, machine name, or IP address. Learn more |
Server |
N/A |
Quarantine files |
You can now use the Unquarantine response option for Endpoint Protection Malops. Learn more |
Server and sensor |
All |
Sensor installation |
When installing a sensor, the sensor installer installs the Microsoft C Runtime Environment (CRT) in a shared folder on Windows (the system32 folder). Installing the CRT in this folder affected other applications by causing them to not function properly. This issue is now resolved and the sensor installer installs the needed CRT files in the ActiveProbe folder in the ProgramFiles folder. In addition, as a result of this fix, you do not need to install KB2999226 for operating system versions that previously required this KB. Learn more |
Sensor |
Windows |
Server stability |
To improve stability, we have added additional metrics to increase visibility into sensor to server traffic. |
Server |
N/A |
Server stability |
To improve our how we handle stability issues, server configuration updates are now automatic and do not need a server restart. |
Server |
N/A |