February 03, 2022 Service Pack

The following Service Pack versions were released:

Versions (Sensor and Server)

20.2.462

21.1.361

Note

These versions of Cybereason are being released to Cybereason customers on a gradual basis. Contact your Customer Success representative to request access to this version.

The tables below describe the enhancements, fixed issues, and changes included in each version.

  • The Versions column indicates the versions that include the fix. (For more information, see the note above)

  • The Required Update column indicates if the fix requires sensor/server update.

Note

Linux AV is generally available in version 20.2.303 and later. When you upgrade a Linux sensor to this version, and the sensor is assigned a policy with Anti-Malware > Signatures mode enabled, scheduled and on demand scans run automatically according to policy settings. On access scans on Linux machines are enabled by default in version 20.2.462 and later (prior to this version, contact Technical Support to enable on access scans).

Verion 20.2.452

Issue

Area

Description

Required Update

Supported OS

CYBR-52280

Linux AV

On Linux machines, the Cybereason platform now supports the option to perform on file access scans by default. You no longer need to contact Technical Support to enable this option.

Sensor

Linux

CYBR-50613

Linux AV

To improve performance of Anti-malware on access scans on Linux machines, the Cybereason platform now excludes network shares by default. In addition, the Cybereason platform excludes the following mount points on local paths by default:

  • /sys

  • /proc

To exclude additional mount points, contact Technical Support.

Sensor

Linux

CYBR-49468

Mac AV

For sensors on machines running macOS with Anti-malware enabled, on the System > Sensors screen, we have improved the reliability of the status displayed in Sensor status column.

Sensor

macOS

CYBR-49322

Mac AV

macOS developer workloads (such as Git and other developer tools) no longer have performance impacts in combination with Anti-malware on access scans.

Sensor

macOS

CYBR-50381

Mac AV

Anti-malware on access scans no longer have a performance impact on upgrading macOS machines to a newer OS version.

Sensor

macOS

CYBR-50550

NGAV

We have made performance improvements to Signature-based analysis on sensors running on Linux and macOS machines.

Sensor

Linux and macOS

CYBR-50570

Sensor Management

We have improved the startup process of the program that runs the Cybereason icon that appears on the end user’s System Tray.

Sensor

Windows

CYBR-52025

NGAV

If the Anti-Malware > Signatures mode had Ignore network paths and Scan archives enabled, network drives were erroneously scanned. In addition, if Anti-Malware > Signatures mode scanned a large file, the scan was aborted. This issue has been resolved. If Ignore network paths is enabled, network paths are not scanned.

Sensor

Windows

CYBR-51701

NGAV

If Anti-Malware > Signatures mode was set to Disinfect, in the Investigation screen and Malware alerts screen, Detection Events data collected from macOS or Linux machines was missing information. This issue has been resolved.

Sensor

Linux and macOS

CYBR-51449

NGAV

On machines running Linux CentOS 6, if Anti-Malware > Signatures mode was enabled and then disabled, the Cybereason platform successfully aborted the Signatures mode update on the sensors but an error message was sent to the CrAv.log. This issue has been resolved.

Sensor

Linux

CYBR-51397

NGAV

On machines running Linux CentOS 6, if the Anti-Malware > Signatures mode was enabled, on the System > Sensors screen, the Signatures mode status remained in Initializing status and Signatures mode was not successfully enabled on the sensor. This issue has been resolved, Signatures mode is successfully enabled and the correct status is displayed on the System > Sensors screen.

Sensor

Linux

CYBR-39647

NGAV

Following a signature database update, sensors on versions 20.2.182 and 20.1.386, contained two duplicate lines in the Anti-Malware signatures log (AmSvc.log on Windows machines and CrAv.log on macOS and Linux machines). This issue has been resolved.

Sensor

All

Version 21.1.361

Issue

Area

Description

Required Update

Supported OS

CYBR-50613

Linux AV

To improve performance of Anti-malware on access scans on Linux machines, the Cybereason platform now excludes network shares by default. In addition, the Cybereason platform excludes the following mount points on local paths by default:

  • /sys

  • /proc

To exclude additional mount points, contact Technical Support.

Sensor

Linux

CYBR-49468

Mac AV

For sensors on machines running macOS with Anti-malware enabled, on the System > Sensors screen, we have improved the reliability of the status displayed in Sensor status column.

Sensor

macOS

CYBR-49322

Mac AV

macOS developer workloads (such as Git and other developer tools) no longer have performance impacts in combination with Anti-malware on access scans.

Sensor

macOS

CYBR-50381

Mac AV

Anti-malware on access scans no longer have a performance impact on upgrading macOS machines to a newer OS version.

Sensor

macOS

CYBR-50550

NGAV

We have made performance improvements to Signature-based analysis on sensors running on Linux and macOS machines.

Sensor

Linux and macOS

CYBR-50570

Sensor Management

We have improved the startup process of the program that runs the Cybereason icon that appears on the end user’s System Tray.

Sensor

Windows

CYBR-51421

Behavioral Prevention

Fileless protection (AMSI detections) triggered false positive alerts due to scanning process memory in addition to the attack payload. This issue has been resolved, and false positive alerts are no longer triggered.

Sensor

Windows

CYBR-51279

Custom detection rules

In the Security profile > Custom detection rules screen, if you created a new custom detection rule with the Process root element and Owner machine element, and tried to add a filter to the Owner machine element, no filter was available and the page became unresponsive. This issue has been resolved, filters are now available and the page is responsive.

Server

N/A

CYBR-52025

NGAV

If the Anti-Malware > Signatures mode had Ignore network paths and Scan archives enabled, network drives were erroneously scanned. In addition, if Anti-Malware > Signatures mode scanned a large file, the scan was aborted. This issue has been resolved. If Ignore network paths is enabled, network paths are not scanned.

Sensor

Windows

CYBR-51701

NGAV

If Anti-Malware > Signatures mode was set to Disinfect, in the Investigation screen and Malware alerts screen, Detection Events data collected from macOS or Linux machines was missing information. This issue has been resolved.

Sensor

Linux and macOS

CYBR-51449

NGAV

On machines running Linux CentOS 6, if Anti-Malware > Signatures mode was enabled and then disabled, the Cybereason platform successfully aborted the Signatures mode update on the sensors but an error message was sent to the CrAv.log. This issue has been resolved.

Sensor

Linux

CYBR-51397

NGAV

On machines running Linux CentOS 6, if the Anti-Malware > Signatures mode was enabled, on the System > Sensors screen, the Signatures mode status remained in Initializing status and Signatures mode was not successfully enabled on the sensor. This issue has been resolved, Signatures mode is successfully enabled and the correct status is displayed on the System > Sensors screen.

Sensor

Linux

CYBR-39647

NGAV

Following a signature database update, sensors on versions 20.2.182 and 20.1.386, contained two duplicate lines in the Anti-Malware signatures log (AmSvc.log on Windows machines and CrAv.log on macOS and Linux machines). This issue has been resolved.

Sensor

All

CYBR-51939

User Management

In versions 21.1 and above, on the Settings screen, in the Password policy section, if the WebApp server was restarted, the Complexity option reverted to the default value (Strict). This issue has been resolved.

Server

N/A

Please see our Legal Disclaimer on links to third party web sites.