February 03, 2022 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
---|
20.2.462 21.1.361 |
Note
These versions of Cybereason are being released to Cybereason customers on a gradual basis. Contact your Customer Success representative to request access to this version.
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
Note
Linux AV is generally available in version 20.2.303 and later. When you upgrade a Linux sensor to this version, and the sensor is assigned a policy with Anti-Malware > Signatures mode enabled, scheduled and on demand scans run automatically according to policy settings. On access scans on Linux machines are enabled by default in version 20.2.462 and later (prior to this version, contact Technical Support to enable on access scans).
Verion 20.2.452
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
CYBR-52280 |
Linux AV |
On Linux machines, the Cybereason platform now supports the option to perform on file access scans by default. You no longer need to contact Technical Support to enable this option. |
Sensor |
Linux |
CYBR-50613 |
Linux AV |
To improve performance of Anti-malware on access scans on Linux machines, the Cybereason platform now excludes network shares by default. In addition, the Cybereason platform excludes the following mount points on local paths by default:
To exclude additional mount points, contact Technical Support. |
Sensor |
Linux |
CYBR-49468 |
Mac AV |
For sensors on machines running macOS with Anti-malware enabled, on the System > Sensors screen, we have improved the reliability of the status displayed in Sensor status column. |
Sensor |
macOS |
CYBR-49322 |
Mac AV |
macOS developer workloads (such as Git and other developer tools) no longer have performance impacts in combination with Anti-malware on access scans. |
Sensor |
macOS |
CYBR-50381 |
Mac AV |
Anti-malware on access scans no longer have a performance impact on upgrading macOS machines to a newer OS version. |
Sensor |
macOS |
CYBR-50550 |
NGAV |
We have made performance improvements to Signature-based analysis on sensors running on Linux and macOS machines. |
Sensor |
Linux and macOS |
CYBR-50570 |
Sensor Management |
We have improved the startup process of the program that runs the Cybereason icon that appears on the end user’s System Tray. |
Sensor |
Windows |
CYBR-52025 |
NGAV |
If the Anti-Malware > Signatures mode had Ignore network paths and Scan archives enabled, network drives were erroneously scanned. In addition, if Anti-Malware > Signatures mode scanned a large file, the scan was aborted. This issue has been resolved. If Ignore network paths is enabled, network paths are not scanned. |
Sensor |
Windows |
CYBR-51701 |
NGAV |
If Anti-Malware > Signatures mode was set to Disinfect, in the Investigation screen and Malware alerts screen, Detection Events data collected from macOS or Linux machines was missing information. This issue has been resolved. |
Sensor |
Linux and macOS |
CYBR-51449 |
NGAV |
On machines running Linux CentOS 6, if Anti-Malware > Signatures mode was enabled and then disabled, the Cybereason platform successfully aborted the Signatures mode update on the sensors but an error message was sent to the CrAv.log. This issue has been resolved. |
Sensor |
Linux |
CYBR-51397 |
NGAV |
On machines running Linux CentOS 6, if the Anti-Malware > Signatures mode was enabled, on the System > Sensors screen, the Signatures mode status remained in Initializing status and Signatures mode was not successfully enabled on the sensor. This issue has been resolved, Signatures mode is successfully enabled and the correct status is displayed on the System > Sensors screen. |
Sensor |
Linux |
CYBR-39647 |
NGAV |
Following a signature database update, sensors on versions 20.2.182 and 20.1.386, contained two duplicate lines in the Anti-Malware signatures log (AmSvc.log on Windows machines and CrAv.log on macOS and Linux machines). This issue has been resolved. |
Sensor |
All |
Version 21.1.361
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
CYBR-50613 |
Linux AV |
To improve performance of Anti-malware on access scans on Linux machines, the Cybereason platform now excludes network shares by default. In addition, the Cybereason platform excludes the following mount points on local paths by default:
To exclude additional mount points, contact Technical Support. |
Sensor |
Linux |
CYBR-49468 |
Mac AV |
For sensors on machines running macOS with Anti-malware enabled, on the System > Sensors screen, we have improved the reliability of the status displayed in Sensor status column. |
Sensor |
macOS |
CYBR-49322 |
Mac AV |
macOS developer workloads (such as Git and other developer tools) no longer have performance impacts in combination with Anti-malware on access scans. |
Sensor |
macOS |
CYBR-50381 |
Mac AV |
Anti-malware on access scans no longer have a performance impact on upgrading macOS machines to a newer OS version. |
Sensor |
macOS |
CYBR-50550 |
NGAV |
We have made performance improvements to Signature-based analysis on sensors running on Linux and macOS machines. |
Sensor |
Linux and macOS |
CYBR-50570 |
Sensor Management |
We have improved the startup process of the program that runs the Cybereason icon that appears on the end user’s System Tray. |
Sensor |
Windows |
CYBR-51421 |
Behavioral Prevention |
Fileless protection (AMSI detections) triggered false positive alerts due to scanning process memory in addition to the attack payload. This issue has been resolved, and false positive alerts are no longer triggered. |
Sensor |
Windows |
CYBR-51279 |
Custom detection rules |
In the Security profile > Custom detection rules screen, if you created a new custom detection rule with the Process root element and Owner machine element, and tried to add a filter to the Owner machine element, no filter was available and the page became unresponsive. This issue has been resolved, filters are now available and the page is responsive. |
Server |
N/A |
CYBR-52025 |
NGAV |
If the Anti-Malware > Signatures mode had Ignore network paths and Scan archives enabled, network drives were erroneously scanned. In addition, if Anti-Malware > Signatures mode scanned a large file, the scan was aborted. This issue has been resolved. If Ignore network paths is enabled, network paths are not scanned. |
Sensor |
Windows |
CYBR-51701 |
NGAV |
If Anti-Malware > Signatures mode was set to Disinfect, in the Investigation screen and Malware alerts screen, Detection Events data collected from macOS or Linux machines was missing information. This issue has been resolved. |
Sensor |
Linux and macOS |
CYBR-51449 |
NGAV |
On machines running Linux CentOS 6, if Anti-Malware > Signatures mode was enabled and then disabled, the Cybereason platform successfully aborted the Signatures mode update on the sensors but an error message was sent to the CrAv.log. This issue has been resolved. |
Sensor |
Linux |
CYBR-51397 |
NGAV |
On machines running Linux CentOS 6, if the Anti-Malware > Signatures mode was enabled, on the System > Sensors screen, the Signatures mode status remained in Initializing status and Signatures mode was not successfully enabled on the sensor. This issue has been resolved, Signatures mode is successfully enabled and the correct status is displayed on the System > Sensors screen. |
Sensor |
Linux |
CYBR-39647 |
NGAV |
Following a signature database update, sensors on versions 20.2.182 and 20.1.386, contained two duplicate lines in the Anti-Malware signatures log (AmSvc.log on Windows machines and CrAv.log on macOS and Linux machines). This issue has been resolved. |
Sensor |
All |
CYBR-51939 |
User Management |
In versions 21.1 and above, on the Settings screen, in the Password policy section, if the WebApp server was restarted, the Complexity option reverted to the default value (Strict). This issue has been resolved. |
Server |
N/A |
Please see our Legal Disclaimer on links to third party web sites.