August 29, 2023 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
|---|
22.1.422 23.1.224 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Version 22.1.422
Issue |
Area |
Description |
Required Update |
Supported OS |
|---|---|---|---|---|
DFND-52505 |
Device Control |
In recent Cybereason versions, when you enabled Device Control in a sensor policy, if you set the Device Control mode for devices to Read only, the Device control mode reported in the Sensors screen for sensors assigned to this policy was Disabled instead of Enabled. We have resolved this issue and updated the logic used by the server for the Read only mode for devices to report that Device Control is enabled instead of disabled. |
Server |
N/A |
DFND-51716 |
NGAV |
On sensors using Behavioral Document Protection AI, sensors did not report the behavior ID to the Cybereason Detection server as part of the event details for the detected event. In turn, the Behavior ID associated with the detected event was not included in the MalOp details or Investigation screens for analysts to understand the event. We have resolved this issue and the event behavior ID is now reported by the sensor and included in the MalOp details and Investigation query results for a detected event. |
Sensor and server |
Windows |
DFND-50950 |
Sensor upgrade |
When upgrading from 20.1 versions to the latest Cybereason versions, the sensor did not start due to an issue with upgrade of files required by the sensor and the sensor services. We have resolved this issue and all files will upgrade successfully and allow the sensor and sensor services to start and run as expected. |
Sensor and server |
Windows |
DFND-50501 |
Sensor installation |
If you ran the installer package for the sensor from a network drive (instead of a local drive), the installation failed with an error about the sensor installer being unable to verify the certificate of the bundle. We have resolved this issue and you can run the sensor installer from a network drive also. |
Sensor and server |
Windows |
DFND-50468 |
Data collection, Linux sensors |
On environments with sensors running Linux operating systems, at times the Investigation screen would report strange and unexplained connection and port details that did not match the real connection details (i.e. the IP addresses for the connections). We have resolved this issue and updated the configuration used by the sensor around collecting communication data to ensure that the details reported about communication on Linux machines is collected and reported correctly. |
Sensor and server |
Linux |
DFND-50390 |
NGAV |
When using canary-based Anti-Ransomware, if a command was added to the Anti-Ransomware exclusions, the command continued to be detected and reported as a detection by the Cybereason platform. This is due to the fact that the Anti-Ransomware exclusions only stopped the suspension of the excluded command only (but still detected the performance of the command). We have updated the flow used by the Cybereason platform when adding an Anti-Ransomware exclusion to both not suspend the command and not detect the performance of the command entered in the exclusions. |
Server |
N/A |
DFND-50131 |
Investigation |
In the Investigation screen, when exporting query results, the time for different items in the CSV is now represented in the local time shown in the investigation screen instead of GMT. |
Server |
N/A |
DFND-47231 |
Sensor management |
In the Sensors screen, when you used the search to find sensors that had a group assignment of Dynamic or Manual, the filtering did not work correctly. We have resolved this issue and filtering by sensor groups works as expected. |
Server |
N/A |
Version 23.1.224
Issue |
Area |
Description |
Required Update |
Supported OS |
|---|---|---|---|---|
DFND-52505 |
Device Control |
In recent Cybereason versions, when you enabled Device Control in a sensor policy, if you set the Device Control mode for devices to Read only, the Device control mode reported in the Sensors screen for sensors assigned to this policy was Disabled instead of Enabled. We have resolved this issue and updated the logic used by the server for the Read only mode for devices to report that Device Control is enabled instead of disabled. |
Server |
N/A |
DFND-51716 |
NGAV |
On sensors using Behavioral Document Protection AI, sensors did not report the behavior ID to the Cybereason Detection server as part of the event details for the detected event. In turn, the Behavior ID associated with the detected event was not included in the MalOp details or Investigation screens for analysts to understand the event. We have resolved this issue and the event behavior ID is now reported by the sensor and included in the MalOp details and Investigation query results for a detected event. |
Sensor and server |
Windows |
DFND-50950 |
Sensor upgrade |
When upgrading from 20.1 versions to the latest Cybereason versions, the sensor did not start due to an issue with upgrade of files required by the sensor and the sensor services. We have resolved this issue and all files will upgrade successfully and allow the sensor and sensor services to start and run as expected. |
Sensor and server |
Windows |
DFND-50501 |
Sensor installation |
If you ran the installer package for the sensor from a network drive (instead of a local drive), the installation failed with an error about the sensor installer being unable to verify the certificate of the bundle. We have resolved this issue and you can run the sensor installer from a network drive also. |
Sensor and server |
Windows |
DFND-50468 |
Data collection, Linux sensors |
On environments with sensors running Linux operating systems, at times the Investigation screen would report strange and unexplained connection and port details that did not match the real connection details (i.e. the IP addresses for the connections). We have resolved this issue and updated the configuration used by the sensor around collecting communication data to ensure that the details reported about communication on Linux machines is collected and reported correctly. |
Sensor and server |
Linux |
DFND-50390 |
NGAV |
When using canary-based Anti-Ransomware, if a command was added to the Anti-Ransomware exclusions, the command continued to be detected and reported as a detection by the Cybereason platform. This is due to the fact that the Anti-Ransomware exclusions only stopped the suspension of the excluded command only (but still detected the performance of the command). We have updated the flow used by the Cybereason platform when adding an Anti-Ransomware exclusion to both not suspend the command and not detect the performance of the command entered in the exclusions. |
Server |
N/A |
DFND-50131 |
Investigation |
In the Investigation screen, when exporting query results, the time for different items in the CSV is now represented in the local time shown in the investigation screen instead of GMT. |
Server |
N/A |
DFND-47977 |
Malops management |
In the MalOps management screen, we have added a new filter called Detection type. You can use this filter to display MalOps classified as Potentially Unwanted Programs (PUP). |
Server |
N/A |
DFND-47231 |
Sensor management |
In the Sensors screen, when you used the search to find sensors that had a group assignment of Dynamic or Manual, the filtering did not work correctly. We have resolved this issue and filtering by sensor groups works as expected. |
Server |
N/A |