February 23, 2020 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
|---|
18.0.300 18.1.220 19.0.160 19.1.121 19.2.21 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix.
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Enhancements
Issue |
Area |
Description |
Versions |
Required Update |
Sensor OS |
|---|---|---|---|---|---|
CYBR-27455, CYBR-27594 |
Anti-Malware |
The ‘Malicious by loading malicious file’ Malop is now also generated by endpoint classifications, in addition to Threat Intel server classifications. For example, the Malop is generated if the sensor detected an opened document as malicious by Anti-Malware > Signatures or by behavioral document protection. |
19.2.21 |
Sensor, Server |
Windows |
CYBR-26357 |
Detection |
Recently, the NSA announced vulnerability CVE-2020-0601 which was also then patched by Microsoft in a system update. The best protection against this vulnerability is to update all of the machines in your environment with the most recent updates from Microsoft. Cybereason detects attempts to exploit this vulnerability. In this Service Pack, we have added this functionality to version 19.2.21. For more information, see https://nest.cybereason.com/knowledgebase/2228325 |
19.2.21 |
Sensor, Server |
Windows |
CYBR-27573 |
Endpoint Controls |
When uploading Custom Firewall rules, the CSV upload feature supports adding a set of Japanese values to the CSV. Contact Technical Support for more information. |
19.2.21 |
Server |
Windows |
CYBR-24552 |
Endpoint Detection |
We have updated the detection logic for the ‘Malicious by code injection’ Malop to ensure fewer false positive results. We have removed cases of injecting processes of unknown reputation, as this caused most of the false positives. |
18.0.300, 18.1.220, 19.0.160, 19.1.121, 19.2.21 |
Server |
Windows |
CYBR-24834 |
Investigation |
From the Investigation screen’s Timeline filter, you can include only items that were created within the specified time interval by selecting the Created radio button, or items that existed during that interval by selecting the Existed radio button. |
19.1.121, 19.2.21 |
Server |
N/A |
Fixed issues
Issue |
Area |
Description |
Versions |
Required Update |
Sensor OS |
|---|---|---|---|---|---|
CYBR-26823 |
Anti-Malware |
When a malicious file was copied to a machine, Anti-Malware > Signatures was unable to scan the file correctly and remove it. If the file was run, however, it was stopped and removed. After this fix, the file is scanned properly as soon as it is copied to the machine. |
19.1.121 |
Sensor |
Windows |
CYBR-25313 |
Cybereason UI |
We have improved error handling in the UI in cases where server data was missing. |
18.0.300, 18.1.220, 19.0.160, 19.1.121, 19.2.21 |
Server |
N/A |
CYBR-26894 |
Detection |
The Cybereason minionhost process was reported as the root cause of a Phishing Malop. Additional benign processes were reported as well. This issue has been resolved, and minionhost and other benign processes are not reported as the root cause in this case. |
18.0.300, 18.1.220, 19.0.160, 19.1.121, 19.2.21 |
Sensor |
Windows |
CYBR-26016 |
Detection |
When file collection was enabled, behavior related to credential theft was not reported as a Malop. This issue has been resolved in the majority of cases. |
19.1.121, 19.2.21 |
Sensor |
Windows |
CYBR-25198 |
Detection |
On machines with many network interfaces (over 50), sensors installed on RHEL 7 experienced crashes. This issue has been resolved, and now such machines do not experience crashes. |
18.0.300, 18.1.220, 19.0.160, 19.1.121, 19.2.21 |
Sensor |
Linux |
CYBR-27442 |
Investigation |
In the Investigation screen, some DNS filters were missing from the Filters dialog window. This issue has been resolved. |
19.1.121, 19.2.21 |
Server |
N/A |
CYBR-23931 |
Sensor Management |
When upgrading sensors from versions older than 17.5.170/17.6.170/18.0.80/18.1.10 to a newer version, the sensor tags disappeared and needed to be re-uploaded. This issue has been resolved, and after upgrade from the listed versions, sensor tags remain. In addition, duplicate sensors could not be tagged. This issues has been resolved. After this fix, the mapping of tags to sensors is based on pylumID (unique identifier). |
19.1.121, 19.2.21 |
Server |
All |
CYBR-26800 |
Sensor Management |
When sensors were updated via the Cybereason UI > Sensors screen, their ‘Last update state’ remained on ‘In progress’ indefinitely if their update failed due to an unknown reason. This issue has been resolved, and now in this case, the ‘Last update state’ changes to ‘Failed’ if the update did not succeed after 1 hour. |
18.1.220, 19.0.160, 19.1.121, 19.2.21 |
Server |
All |
CYBR-26795 |
Sensor Management |
In the Settings screen > Stale & archived sensors section, in the popup that appears when you edit the settings, the number of offline sensors that will become stale was incorrect and was higher than it should have been. This issue has been resolved. |
19.0.160, 19.1.121, 19.2.21 |
Server |
N/A |
CYBR-26523 |
Sensor Management |
Sensors that were manually un-archived became archived again, when they should have remained un-archived. This issue has been resolved. |
19.0.160, 19.1.121, 19.2.21 |
Server |
N/A |
CYBR-24971 |
Sensor Platform |
On Windows, when installing the sensor from the command line, it was not possible to install the sensor to a different folder than the default folder. Previously, when attempting to install to a different folder, the sensor was installed in the default folder. We have now enabled installing to a different folder from the command line. |
18.0.300, 18.1.220, 19.0.160, 19.1.121, 19.2.21 |
Sensor |
Windows |