January 26, 2020 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
|---|
18.0.280 18.1.200 19.0.140 19.1.103 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix.
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Enhancements
Issue |
Area |
Description |
Fix versions |
Required Update |
Sensor OS |
|---|---|---|---|---|---|
CYBR-26357 |
Endpoint Detection |
Recently, the NSA announced vulnerability CVE-2020-0601 which was also then patched by Microsoft in a system update. The best protection against this vulnerability is to update all of the machines in your environment with the most recent updates from Microsoft. In this release, Cybereason detects attempts to exploit this vulnerability. For more information, see https://nest.cybereason.com/knowledgebase/2228325 |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Sensor, Server |
Windows |
CYBR-25288 |
NGAV |
PowerShell protection now detects obfuscation techniques more effectively in download and execute attacks. |
19.1.103 |
Sensor, Server |
Windows |
CYBR-25571 |
NGAV |
PowerShell protection has been updated to reduce identified false positives. |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Server |
Windows |
CYBR-22211 |
Sensor Platform |
Due to a Notarization requirement that was introduced in Mac 10.15 Catalina by Apple, we’ve changed the way we sign our sensor package in order to comply with application permissions hardening required by Notarization. Due to this change, Mac sensor upgrade should be performed via the command line or an IT tool such as Jamf. If upgrade via the UI is required, please consult Technical Support for assistance. |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Sensor, Server |
Mac |
Fixed issues
Issue |
Area |
Description |
Versions |
Required Update |
Sensor OS |
|---|---|---|---|---|---|
CYBR-24670 |
Detection & Response |
Quarantine failed on files whose file name contained non-English characters, on Windows 7 and Windows 2016. This issue occurred when the file’s process was currently running (when the process was previously killed, quarantine worked). This issue has been resolved. |
19.1.103 |
Sensor, Server |
Windows |
CYBR-25189 |
Detection Platform |
Malop alert emails contained a clickable link to the C&C server address, which could pose a security risk for users who could accidentally click it. This issue has been resolved and the link is now text only. |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Server |
N/A |
CYBR-24525 |
Endpoint Detection |
Command lines for short lived processes were sometimes collected with an additional space. This caused Cybereason not to generate a Malop in cases where a Malop should have been generated due to a custom rule. It also prevented users from finding specific command lines during investigation, as the search query did not match the stored information due to the difference in number of spaces. This issue has been resolved. |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Sensor, Server |
Windows |
CYBR-25868 |
Hunt |
For Hunter customers only, there was a delay of up to 30 minutes between Malop creation and sending a Malop email alert to users. This issue has been resolved, and now, email notifications for newly created Malops are sent immediately. |
19.1.103 |
Server |
N/A |
CYBR-25173 |
NGAV |
Mac AV was disabled in the sensor policy on the server, but when the sensor was installed and the machine was restarted, the AV driver was installed and the AV process was running. This issue has been resolved, and in this case AV is not installed. |
19.1.103 |
Sensor, Server |
Mac |
CYBR-26054 |
Sensor Management |
The email notifying users about stale sensors about to be archived contained incorrect information regarding the number and names of sensors to be archived. This issue has been resolved. |
19.0.140, 19.1.103 |
Server |
N/A |
CYBR-26095 |
Sensor Management |
Emails notifying users about archived sensors were not sent in all archive scenarios. This issue has been resolved. |
19.0.140, 19.1.103 |
Server |
N/A |
CYBR-26350 |
Sensor Management |
On some versions of Chrome, it was not possible to scroll in the Policies management screen. This issue has been resolved. |
19.1.103 |
Server |
N/A |
CYBR-26543 |
Sensor Management |
When editing the first rule of lists in the Policy management screen (e.g. exclusions lists), the modifier and time values were also changed for the second rule in the list. This issue has been resolved. |
19.1.103 |
Server |
N/A |
CYBR-25909 |
Sensor Management |
For sensors that are automatically archived, the ‘Archived date’ column in the Sensors screen displayed the wrong date. This issue has been resolved. |
19.0.140, 19.1.103 |
Server |
N/A |
CYBR-18143 |
Sensor Management |
When Mac sensors were updated via the UI and the update failed, the action log on the WebApp server indicated that the update succeeded. This issue has been resolved, and in such cases, the action log displays the correct information. |
19.1.103 |
Sensor, Server |
Mac |
CYBR-25779 |
Sensor Management |
When uploading the Sensor tagging example CSV to the UI, the action failed, as the file contained an empty value which incorrectly caused validation of the file to fail. This issue has been resolved, and the file is validated. |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Server |
N/A |
CYBR-24992 |
Sensor Management |
L3 Analysts did not have the option to isolate machines, due to a permission issue. This issue has been resolved and now L3 Analysts can isolate machines. |
19.1.103 |
Server |
N/A |
CYBR-25464 |
Sensor Management |
Due to a sorting issue, some new server actions were not listed in server action popup on the System screen. This issue has been resolved. |
18.1.200, 19.0.140, 19.1.103 |
Server |
N/A |
CYBR-24747 |
Sensor Management |
Offline sensors were not being marked as stale after the defined period and subsequently not auto archived. This issue has been resolved. |
19.1.103 |
Server |
N/A |
CYBR-24579 |
Sensor Platform |
In some cases, upon a machine shutdown where the sensor did not exit in time, the sensor started in Suspended mode when the machine was restarted. This issue has been resolved. |
18.0.280, 18.1.200, 19.0.140, 19.1.103 |
Sensor, Server |
Windows |