May 7, 2023 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
|---|
22.1.285 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Issues included
Issue |
Area |
Description |
Required Update |
Sensor OS |
|---|---|---|---|---|
DFND-35140 |
Sensor installation |
We have updated the various screens used in the sensor installation wizard to ensure that the proper Cybereason logo is used in all screens. |
Sensor and server |
All |
DFND-37373 |
Sensor upgrade |
We have updated the sensor upgrade configuration used by the Cybereason platform to retry a sensor upgrade if the initial upgrade request fails. Previously, if an upgrade request failed, the platform reported an error and you needed to manually resolve the error. |
Sensor and server |
Windows |
DFND-33652 |
Sensor installation/upgrade |
In the latest Cybereason version, after uninstalling a sensor from an endpoint machine with the Uninstall action in the Actions menu in the Sensors screen, the Sensors screen did not update the sensor’s status to reflect a successful uninstallation. We have resolved this issue and the sensor uninstall reports correctly. |
Server |
Windows |
DFND-39356 |
Detections |
In recent versions, the Cybereason platform did not always detected process injections - both injection into processes and processes injecting into other processes) correctly. We have updated the configuration for this detection and related sensor collections to improve the accuracy of these detections. |
Sensor and server |
Windows |
DFND-39625 |
Sensor performance |
In some cases, the sensor was stuck in a loop of repeated crashes of the sensor program (minionhost.exe), possibly from issues with WMI on the endpoint machine. We have updated the sensor program configuration to continue to work in these situations, and the sensor should not continue to have crash loops if there are WMI issues on the machine. |
Sensor and server |
Windows |
DFND-40093 |
Sensor logs |
In the latest Cybereason, after running an on-demand scan on an endpoint machine, log entries for the scan on the endpoint machine contained strange characters that did not help understand the log entry about the scan. We have resolved this issue and strange characters should not be part of the scan logs on the endpoint machine, which will allow you to use the log entries effectively. |
Sensor and server |
Windows |
DFND-39979 |
Sensor tagging |
When adding sensor tags by uploading a CSV files, if the CSV file contained more than 10,000 rows, some sensors did not get sensor tags with an unknown entity id error message. We have updated the sensor tag upload flow to successfully upload CSV files with more than 10,000 rows. |
Server |
N/A |
DFND-40164 |
Device Control |
On endpoint machines, when the setting for the Device control mode was set to Read only in the associated sensor policy for the machine, the machine continued to display a notification on the machine indicating that a USB device was blocked (although the machine user was able to access and read the device properly). We have resolved the issue and this notification is no longer displayed on the machine. |
Sensor and server |
Windows |
DFND-40466 |
Machine isolation |
In rare cases in environments that use DHCP connections, when isolating an endpoint machine, the endpoint machine staye offline permanently and was unable to communicate with Cybereason servers or rejoin the network in any way. We have resolved this issue to address the issue of DHCP connections on isolated machines so that the machines do not stay offline permanently. |
Sensor and server |
Windows |
DFND-40512 |
Data collection |
When viewing details on Services (such as the image file path or the command line arguments), the details for Service Elements were often reported incorrectly or incomplete in the Element Details screen. We have updated the configuration used by the sensor collector and details about Services are collected and reported accurately in the Element Details screen. |
Sensor and server |
Windows |
DFND-40641 |
Sensor upgrade |
When upgrading multiple sensors through the Sensors screen, the Action log would report a upgrade failure for some of the machines even though the sensors were successfully upgraded (as seen in the sensor information in the sensor grid). We have resolved this issue and the Action log report matches the actual sensor upgrade status. |
Server |
N/A |
DFND-40693 |
Reputations |
When viewing reputations in the Reputations screen, if you tried to sort the table of reputations by the Description column, a message was displayed, claiming that there were no reputations in the platform. We have resolved this issue and you can now sort by the Description column without issue. |
Server |
N/A |
DFND-40929 |
Sensor installation |
In the latest Cybereason version, if you downloaded the sensor installation package to a location where the file path contained Unicode characters (such as Japanese characters), the sensor installation/upgrade failed. We have resolved this issue and the installation should work with Unicode characters in the installation path. |
Sensor and server |
Windows |
DFND-40981 |
Personal Firewall Control |
When creating a custom firewall rules for inbound and outbound communication in the Endpoint Controls section of your sensor policy, the communication was not blocked on the specified ports on Linux machines. We have resolved this issue and the communication on Linux machines is now blocked according to the custom firewall rules. |
Sensor and server |
Linux |
DFND-41099 |
Sensors for Linux |
When trying to connect to the Global Update server through a proxy connection (configured in the installed sensor package through sensor personalization), sensors on Linux machines were not able to access the Global Update server successfully. We have resolved this issue and you can now connect Linux machines to the Global Update server through a proxy connection. |
Sensor and server |
Linux |
DFND-41102 |
Sensor performance |
On some machines, a number of empty Cybereason processes were created due to crashes in sensor-related processes. These extra processes caused performance issues on the machine. We have resolved this issue and these extra processes should not appear even when sensor processes crash or have other issues. |
Sensor and server |
Linux |
DFND-41183 |
Behavioral allowlisting |
When building a Behavioral allowlisting rule, you can click the Preview to see how many existing malops be allowed by this rule. Previously, when you clicked Preview, the Cybereason platform retrieved all Malops with the matching root cause to check the impact of the rule. If you had a large number (such as thousands) of MalOps, the Cybereason UI would not be able to load due to a timeout issue. We have updated the platform configuration for the Behavioral allowlisting screen to limit the total number of previewed MalOps to 500 MalOps. |
Server |
N/A |
DFND-41517 |
Sensor installation/upgrade |
We have resolved this issue and you can now install or upgrade sensors as expected on Windows machines. |
Sensor and server |
Windows |
DFND-41637 |
Sensor installation |
When performing sensor installation on machines running supported versions of Ubuntu or Debian Linux, there were a number of errors reported during the installation process. We have resolved these issues and installation on these operating systems run without error. |
Sensor and server |
Ubuntu/Debian Linux |
DFND-40989, DFND-41723 |
NGAV |
If you added a local update server URL to the Anti-Malware settings in a sensor policy, and then updated the policy settings or assigned a sensor to a different policy, the local update server settings on the endpoint machine retained the previous URL from the first policy instead of updating the new URL settings. We have resolved this issue and changes in the local update server URL from the policy are propagated to endpoint machines correctly. |
Sensor and server |
Windows |
DFND-41871 |
Sensor performance |
When performing an installation, upgrade, or uninstallation of a sensor on Windows machines, the Cybereason installer caused applications that use the Powereason.dll file to shutdown or restart due to the installer needing to access shared locker files used by the other programs. We have updated the installer program configuration to resolve this issue, so that other programs will work as expected during installation, upgrade, or uninstallation. |
Sensor and server |
Windows |
DFND-42287 |
Sensor installation |
On the latest versions, when installing or upgrading a Linux sensor, the endpoint machine experienced decreased performance with above-average CPU usage on the machine. We have resolved this issue and the performance on Linux machines falls within expected performance guidelines. |
Sensor and server |
Linux |
DFND-42414 |
MalOps management |
In environments with sensor grouping enabled, at the top of the Malops management screen, when you view the graphs for total MalOps and the graph for total machines, the graph reported incorrect numbers that did not filter out machines and MalOps not related the selected group. We have resolved this issue and the graphs should display correct totals when a group is selected in the the Malops management screen. |
Server |
N/A |
DFND-42766 |
NGAV |
When adding domain exclusions for Fileless Protection (in the Fileless Protection > Domain exclusions section of the sensor policy), if a machine had a slower network connection or performance, the exclusion details did not propagate to the endpoint machine before the timeout period and domains were blocked when they should have been allowed. We have resolved this and Domain exclusions will propagate correctly for all endpoint machines. |
Sensor and server |
Windows |