August 1, 2022 Service Pack

The following Service Pack versions were released:

Versions (Sensor and Server)

21.1.463

21.2.401

The tables below describe the enhancements, fixed issues, and changes included in each version.

  • The Versions column indicates the versions that include the fix. (For more information, see the note above)

  • The Required Update column indicates if the fix requires sensor/server update.

IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.

Version 21.1.463

Issue

Area

Description

Required Update

Supported OS

N/A

Sensor certificates

Sensor binaries are now signed by Sectigo cross certificate to meet MVI (Microsoft’s virus initiative) requirements. Learn more

Sensor and server

Windows

DFND-17002

Sensor upgrade

If you upgrade a sensor that has had proxy settings changed, after the upgrade, the proxy settings are retained. If the sensor upgrade package contains new proxy settings, the updated proxy settings override the sensor’s existing proxy settings.

Sensor and server

All

DFND-16940

Anti-Malware scans

We have updated the configuration used by the Cybereason platform’s Anti-Malware scans to better handle scans of large archives (e.g. .zip files), including:

  • Increasing the timeout period for the scan completion to give the scan time to finish scanning the archive file

  • Increasing the maximum size of file allowed for a scan

The option to increase the file size allowed for a scan is not enabled by default. Open a Technical Support case to enable this option.

Sensor and server

Windows

DFND-10830

Platform license agreement

We have updated the End User License Agreement (EULA) for the Cybereason platform.

The first user to sign in to the Cybereason console after you deploy this version will be required to accept the new agreement, even if you accepted previous versions of the agreement.

Server

N/A

DFND-5100

Sensors screen

We have updated the configuration the Cybereason platform uses to display information about sensors on machines with unsupported OS versions. Now, the Sensors screen will display Other for these sensors to enable you to better filter these machines.

Server

N/A

DFND-17884

Anti-Malware scans

On-demand scans now scan files that contain any Unicode characters in the file name.

Sensor and server

Windows

DFND-18658

Behavioral allowlisting

When previewing the effect of a behavioral allowlisting rule in Japanese, the preview would display an error for invalid query syntax.

This issue has been resolved and the preview of the rules in Japanese displays the rules correctly.

Server

N/A

DFND-19310

Malop remediation

When you have a sensor policy with the option to Quarantine malicious files selected (in the Anti-Malware section of the sensor policy edit screen), if you have a MalOp with a quarantined file that you mark to Exclude, it was not possible to remove the quarantined file from the quarantine file location.

This issue has been resolved and you are now able to remove the file from quarantine.

Server

N/A

DFND-15804

Anti-Malware

In rare cases, the Anti-Malware service had recurring crashes and was not able to recover.

This issue has been resolved as we improved our Windows AV service to recover in a more robust way in during these rare cases.

Sensor and server

Windows

DFND-22221

Anti-Ransomware

In previous versions, the crsdll.dll file required for Anti-Ransomware did not upgrade properly as part of the version upgrade flow.

We have resolved this issue and this DLL file will upgrade correctly in the overall upgrade flow.

Sensor and server

Windows

Version 21.2.401

Issue

Area

Description

Required Update

Supported OS

N/A

Sensor certificates

Sensor binaries are now signed by Sectigo cross certificate to meet MVI (Microsoft’s virus initiative) requirements. Learn more

Sensor and server

Windows

DFND-18847

Variant paylod prevention

To provide a clearer explanation of the protection it provides, we have updated the name of Binary Similarity Analysis (BSA) in-memory protection to Variant payload prevention. As a result, the Binary Similarity Analysis (BSA) in-memory protection section in the Anti-Malware section of the sensor policy is now named Variant payload prevention.

Sensor and server

Windows

DFND-18847

Behavioral execution prevention

To provide a clearer explanation of the protection it provides, we have updated the name of Behavioral execution protection to Behavioral execution prevention. As a result, the Behavioral execution protection section in the Anti-Malware section of the sensor policy is now named Behavioral execution prevention.

Sensor and server

Windows

DFND-17002

Sensor upgrade

If you upgrade a sensor that has had proxy settings changed, after the upgrade, the proxy settings are retained. If the sensor upgrade package contains new proxy settings, the updated proxy settings override the sensor’s existing proxy settings.

Sensor and server

All

DFND-16449

Sensors for Mac

We’ve improved the antivirus initialization flow for sensors running on M1-based Macs. This new flow provides antivirus protection sooner in the installation/upgrade process than in previous Cybereason versions.

Sensor and Server

macOS

DFND-16940

Anti-Malware scans

We have updated the configuration used by the Cybereason platform’s Anti-Malware scans to better handle scans of large archives (e.g. .zip files), including:

  • Increasing the timeout period for the scan completion to give the scan time to finish scanning the archive file

  • Increasing the maximum size of file allowed for a scan

The option to increase the file size allowed for a scan is not enabled by default. Open a Technical Support case to enable this option.

Sensor and server

Windows

DFND-10830

Platform license agreement

We have updated the End User License Agreement (EULA) for the Cybereason platform.

The first user to sign in to the Cybereason console after you deploy this version will be required to accept the new agreement, even if you accepted previous versions of the agreement.

Server

N/A

DFND-5100

Sensors screen

We have updated the configuration the Cybereason platform uses to display information about sensors on machines with unsupported OS versions. Now, the Sensors screen will display Other for these sensors to enable you to better filter these machines.

Server

N/A

DFND-17884

Anti-Malware scans

On-demand scans now scan files that contain any Unicode characters in the file name.

Sensor and server

Windows

DFND-18111

Malops management

In the Malops management screen, only subset of malops were displayed when selecting the preset time filters such as Today, Last week, and so forth due to an incorrect calculation of the time window for these preset filters.

We have resolved this issue and the preset time filters correctly display all relevant Malops for these filters.

Server

N/A

DFND-18658

Behavioral allowlisting

When previewing the effect of a behavioral allowlisting rule in Japanese, the preview would display an error for invalid query syntax.

This issue has been resolved and the preview of the rules in Japanese displays the rules correctly.

Server

N/A

DFND-19310

Malop remediation

When you have a sensor policy with the option to Quarantine malicious files selected (in the Anti-Malware section of the sensor policy edit screen), if you have a MalOp with a quarantined file that you mark to Exclude, it was not possible to remove the quarantined file from the quarantine file location.

This issue has been resolved and you are now able to remove the file from quarantine.

Server

N/A

DFND-15804

Anti-Malware

In rare cases, the Anti-Malware service had recurring crashes and was not able to recover.

This issue has been resolved as we improved our Windows AV service to recover in a more robust way in during these rare cases.

Sensor and server

Windows