June 14, 2023 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
---|
21.2.622 22.1.324 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Version 21.2.622
Issue |
Area |
Description |
Required Update |
Sensor OS |
---|---|---|---|---|
DFND-44363 |
Sensor performance |
When performing an installation, upgrade, or uninstallation of a sensor on Windows machines, the Cybereason installer caused applications that use the Powereason.dll file to shutdown or restart due to the installer needing to access shared locker files used by the other programs. We have updated the installer program configuration to resolve this issue, so that other programs will work as expected during installation, upgrade, or uninstallation. |
Sensor and server |
Windows |
DFND-46239 |
Device Control |
In the Endpoint Controls section of a sensor policy, when adding a device to the allowed devices list, if the device name had more than 1 underscore character in the name, the device was not blocked or allowed correctly as set in the sensor policy. We have resolved this issue and updated the configuration for parsing device names and devices should be blocked or allowed as set in the policy even with extra underscore characters. |
Sensor and server |
All |
Version 22.1.324
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
DFND-44095, DFND-43409 |
MalOps |
We have made some adjustments to how the Cybereason platform retains data, especially related to MalOp deatils, to reduce the time for a MalOp to be generated and to ensure that as many details for the MalOp are reported in the MalOp details. |
Server |
N/A |
DFND-38707 |
Mac sensors, NGAV |
In recent Cybereason versions, in some cases, on machines running macOS, scans were not performed correctly (including quick and full scans as well as scheduled scans). We have resolved this error and scans will work as expected on macOS machines. |
Sensor and server |
macOS |
DFND-44363 |
Sensor performance |
When performing an installation, upgrade, or uninstallation of a sensor on Windows machines, the Cybereason installer caused applications that use the Powereason.dll file to shutdown or restart due to the installer needing to access shared locker files used by the other programs. We have updated the installer program configuration to resolve this issue, so that other programs will work as expected during installation, upgrade, or uninstallation. |
Sensor and server |
Windows |
DFND-45952 |
Data collection |
In cases where the sensor collected a process name in a different case than the actual process name on a machine, and the command line for the process contained double quotes, in the various places in the MalOp details and Element details, the process name was reported incorrectly or had characters removed from the process name. We have resolved these errors to ensure that the process name is reported consistently. |
Server |
N/A |
DFND-46239 |
Device Control |
In the Endpoint Controls section of a sensor policy, when adding a device to the allowed devices list, if the device name had more than 1 underscore character in the name, the device was not blocked or allowed correctly as set in the sensor policy. We have resolved this issue and updated the configuration for parsing device names and devices should be blocked or allowed as set in the policy even with extra underscore characters. |
Sensor and server |
All |
DFND-46765 |
NGAV |
When using NGAV on an endpoint machine, as a non-admin user on the machine, if you clicked the prompt from Windows Security Center to update the Cybereason signatures database, command window continued to display on the machine (while the update ran in the background), disrupting the work of the endpoint machine user. We have resolved this issue to ensure that the signature database update does not interfere with normal machine usage. |
Sensor and server |
Windows |