February 14, 2023 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
|---|
21.2.541 22.1.248 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Version 21.2.541
Issue |
Area |
Description |
Required Update |
Supported OS |
|---|---|---|---|---|
DFND-23077 |
MalOps management |
When loading MalOps created based on a Logon Session Element (MalopLogonSession), the Malops management screen unexpected reported an error and was unable to load the MalOp. We have resolved this error to ensure all the data related to the MalOp can load and MalOps based on Logon Sessions load without issue. |
Server |
N/A |
DFND-30783 |
MalOps management |
In environments with the new Data Platform, in the Malops management screen, Endpoint Protection MalOps and MalOps created from custom detection rules did not display the detection description in the MalOp details. We have resolved this issue and the detection description displays for all MalOps. |
Server |
N/A |
DFND-36377 |
Sensor management |
At times, the System > Sensors screen did not load due to a request to view a large number of sensors (tens of thousands) We have resolved this issue and updated the server configuration to limit the number of sensors retrieved in a single request to help manage the performance of this page to load properly. In particular, the /rest/sensors/query API endpoint now has a maximum limit of 30,000 sensors in a single request. |
Server |
N/A |
DFND-37901 |
Sensor upgrade |
On some supported Linux operating systems (such as RHEL 6 or CentOS 6), upgrades failed due to the sensor upgrade installer not being able to find the correct services. We have resolved this error and upgrades on all supported Linux operating systems work properly. |
Sensor and server |
Linux |
Version 22.1.248
Issue |
Area |
Description |
Required Update |
Supported OS |
|---|---|---|---|---|
DFND-34311 |
Reputations |
We have added the ability to specify sensor groups for item reputations in your environment. When you add or update an item’s reputation, you can specify if the reputation should apply to a single group or all groups in your environment. This feature is disabled by default. Open a Technical Support case to get access to this feature. |
Server |
N/A |
N/A |
Malop remediation history |
To help you better understand and analyze all remediation actions in your environment, we have added the Response History screen. This screen shows all response actions, on all machines, taken by all users. This feature is not generally available. Contact your Customer Success Manager to gain access to this feature. |
Server |
N/A |
DFND-23077 |
MalOps management |
When loading MalOps created based on a Logon Session Element (MalopLogonSession), the Malops management screen unexpected reported an error and was unable to load the MalOp. We have resolved this error to ensure all the data related to the MalOp can load and MalOps based on Logon Sessions load without issue. |
Server |
N/A |
DFND-30783 |
MalOps management |
In environments with the new Data Platform, in the Malops management screen, Endpoint Protection MalOps and MalOps created from custom detection rules did not display the detection description in the MalOp details. We have resolved this issue and the detection description displays for all MalOps. |
Server |
N/A |
DFND-34499 |
MalOps management |
In the Malops management screen, if your environment uses the newer Data Platform, if the Malop had a state of Reopened, the Investigation status displayed an incorrect value. We have resolved the issue and the correct Investigation status displays for Malops with the Reopened state. |
Server |
N/A |
DFND-35383 |
MalOps management |
In the Malops management screen, if your environment uses the newer Data Platform, you could not filter by MalOps with a state of Reopened,. We have resolved the issue and the filter for Reopened works as expected. |
Server |
N/A |
DFND-36377 |
Sensor management |
At times, the System > Sensors screen did not load due to a request to view a large number of sensors (tens of thousands) We have resolved this issue and updated the server configuration to limit the number of sensors retrieved in a single request to help manage the performance of this page to load properly. In particular, the /rest/sensors/query API endpoint now has a maximum limit of 30,000 sensors in a single request. |
Server |
N/A |
DFND-37901 |
Sensor upgrade |
On some supported Linux operating systems (such as RHEL 6 or CentOS 6), upgrades failed due to the sensor upgrade installer not being able to find the correct services. We have resolved this error and upgrades on all supported Linux operating systems work properly. |
Sensor and server |
Linux |
DFND-38121 |
Sensor upgrade |
When upgrading sensors from older versions that used the cybereason-av service, the service was not removed from the machine with the upgrade version installation, causing sensor performance issues. We have resolved this issue and the upgrade removes old versions of the sensor services on upgrade. |
Sensor and server |
Windows |
DFND-39136 |
Sensor performance |
In some cases, when Sensor Tampering protection was enabled on sensors, users had delays in performing network operations remotely from the machine. We have resolved this issue and network operations should not be affected when Sensor Tampering protection is enabled. |
Sensor and server |
Windows |
DFND-40466 |
Machine isolation |
In rare cases in environments that use DHCP connections, when isolating an endpoint machine, the endpoint machine staye offline permanently and was unable to communicate with Cybereason servers or rejoin the network in any way. We have resolved this issue to address the issue of DHCP connections on isolated machines so that the machines do not stay offline permanently. |
Sensor and server |
Windows |
DFND-40641 |
Sensor upgrade |
When upgrading multiple sensors through the Sensors screen, the Action log would report a upgrade failure for some of the machines even though the sensors were successfully upgraded (as seen in the sensor information in the sensor grid). We have resolved this issue and the Action log report matches the actual sensor upgrade status. |
Server |
All |
DFND-41517 |
Sensor installation/upgrade |
In the latest Cybereason version, on Windows machines, you were unable to install or upgrade sensors due to a certificate error warning from Microsoft for a specific Microsoft policy configuration. We have resolved this issue and you can now install or upgrade sensors as expected on Windows machines. |
Sensor and server |
Windows |