August 1, 2022 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
---|
21.1.463 21.2.401 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Version 21.1.463
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
N/A |
Sensor certificates |
Sensor binaries are now signed by Sectigo cross certificate to meet MVI (Microsoft’s virus initiative) requirements. Learn more |
Sensor and server |
Windows |
DFND-17002 |
Sensor upgrade |
If you upgrade a sensor that has had proxy settings changed, after the upgrade, the proxy settings are retained. If the sensor upgrade package contains new proxy settings, the updated proxy settings override the sensor’s existing proxy settings. |
Sensor and server |
All |
DFND-16940 |
Anti-Malware scans |
We have updated the configuration used by the Cybereason platform’s Anti-Malware scans to better handle scans of large archives (e.g. .zip files), including:
The option to increase the file size allowed for a scan is not enabled by default. Open a Technical Support case to enable this option. |
Sensor and server |
Windows |
DFND-10830 |
Platform license agreement |
We have updated the End User License Agreement (EULA) for the Cybereason platform. The first user to sign in to the Cybereason console after you deploy this version will be required to accept the new agreement, even if you accepted previous versions of the agreement. |
Server |
N/A |
DFND-5100 |
Sensors screen |
We have updated the configuration the Cybereason platform uses to display information about sensors on machines with unsupported OS versions. Now, the Sensors screen will display Other for these sensors to enable you to better filter these machines. |
Server |
N/A |
DFND-17884 |
Anti-Malware scans |
On-demand scans now scan files that contain any Unicode characters in the file name. |
Sensor and server |
Windows |
DFND-18658 |
Behavioral allowlisting |
When previewing the effect of a behavioral allowlisting rule in Japanese, the preview would display an error for invalid query syntax. This issue has been resolved and the preview of the rules in Japanese displays the rules correctly. |
Server |
N/A |
DFND-19310 |
Malop remediation |
When you have a sensor policy with the option to Quarantine malicious files selected (in the Anti-Malware section of the sensor policy edit screen), if you have a MalOp with a quarantined file that you mark to Exclude, it was not possible to remove the quarantined file from the quarantine file location. This issue has been resolved and you are now able to remove the file from quarantine. |
Server |
N/A |
DFND-15804 |
Anti-Malware |
In rare cases, the Anti-Malware service had recurring crashes and was not able to recover. This issue has been resolved as we improved our Windows AV service to recover in a more robust way in during these rare cases. |
Sensor and server |
Windows |
DFND-22221 |
Anti-Ransomware |
In previous versions, the crsdll.dll file required for Anti-Ransomware did not upgrade properly as part of the version upgrade flow. We have resolved this issue and this DLL file will upgrade correctly in the overall upgrade flow. |
Sensor and server |
Windows |
Version 21.2.401
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
N/A |
Sensor certificates |
Sensor binaries are now signed by Sectigo cross certificate to meet MVI (Microsoft’s virus initiative) requirements. Learn more |
Sensor and server |
Windows |
DFND-18847 |
Variant paylod prevention |
To provide a clearer explanation of the protection it provides, we have updated the name of Binary Similarity Analysis (BSA) in-memory protection to Variant payload prevention. As a result, the Binary Similarity Analysis (BSA) in-memory protection section in the Anti-Malware section of the sensor policy is now named Variant payload prevention. |
Sensor and server |
Windows |
DFND-18847 |
Behavioral execution prevention |
To provide a clearer explanation of the protection it provides, we have updated the name of Behavioral execution protection to Behavioral execution prevention. As a result, the Behavioral execution protection section in the Anti-Malware section of the sensor policy is now named Behavioral execution prevention. |
Sensor and server |
Windows |
DFND-17002 |
Sensor upgrade |
If you upgrade a sensor that has had proxy settings changed, after the upgrade, the proxy settings are retained. If the sensor upgrade package contains new proxy settings, the updated proxy settings override the sensor’s existing proxy settings. |
Sensor and server |
All |
DFND-16449 |
Sensors for Mac |
We’ve improved the antivirus initialization flow for sensors running on M1-based Macs. This new flow provides antivirus protection sooner in the installation/upgrade process than in previous Cybereason versions. |
Sensor and Server |
macOS |
DFND-16940 |
Anti-Malware scans |
We have updated the configuration used by the Cybereason platform’s Anti-Malware scans to better handle scans of large archives (e.g. .zip files), including:
The option to increase the file size allowed for a scan is not enabled by default. Open a Technical Support case to enable this option. |
Sensor and server |
Windows |
DFND-10830 |
Platform license agreement |
We have updated the End User License Agreement (EULA) for the Cybereason platform. The first user to sign in to the Cybereason console after you deploy this version will be required to accept the new agreement, even if you accepted previous versions of the agreement. |
Server |
N/A |
DFND-5100 |
Sensors screen |
We have updated the configuration the Cybereason platform uses to display information about sensors on machines with unsupported OS versions. Now, the Sensors screen will display Other for these sensors to enable you to better filter these machines. |
Server |
N/A |
DFND-17884 |
Anti-Malware scans |
On-demand scans now scan files that contain any Unicode characters in the file name. |
Sensor and server |
Windows |
DFND-18111 |
Malops management |
In the Malops management screen, only subset of malops were displayed when selecting the preset time filters such as Today, Last week, and so forth due to an incorrect calculation of the time window for these preset filters. We have resolved this issue and the preset time filters correctly display all relevant Malops for these filters. |
Server |
N/A |
DFND-18658 |
Behavioral allowlisting |
When previewing the effect of a behavioral allowlisting rule in Japanese, the preview would display an error for invalid query syntax. This issue has been resolved and the preview of the rules in Japanese displays the rules correctly. |
Server |
N/A |
DFND-19310 |
Malop remediation |
When you have a sensor policy with the option to Quarantine malicious files selected (in the Anti-Malware section of the sensor policy edit screen), if you have a MalOp with a quarantined file that you mark to Exclude, it was not possible to remove the quarantined file from the quarantine file location. This issue has been resolved and you are now able to remove the file from quarantine. |
Server |
N/A |
DFND-15804 |
Anti-Malware |
In rare cases, the Anti-Malware service had recurring crashes and was not able to recover. This issue has been resolved as we improved our Windows AV service to recover in a more robust way in during these rare cases. |
Sensor and server |
Windows |