November 2, 2023 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
|---|
22.1.466 23.1.263 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Version 22.1.466
Issue |
Area |
Description |
Required Update |
Supported OS |
|---|---|---|---|---|
DFND-23543 |
NGAV |
The sensor can now report file metadata to Cybereason headquarters for analysis that will impact the accuracy rate of our anti-malware engines and help reduce false positives. Open a Technical Support to enable this feature. |
Sensor and server |
Windows |
DFND-41756 |
User notifications |
In environments that use sensor grouping, if a MalOp was triggered on a machine a sensor groups, local analysts for other groups in which the sensor was not assigned also received an email notifying that there were 0 MalOps detected. We have resolved this issue and analysts from other groups not associated with the machine in the MalOp will not receive email notifications for machines not in their assigned groups. |
Server |
N/A |
DFND-53308 |
NGAV, Behavioral Document Protection |
At times, AI-based Behavioral Document Protection triggered false positive MalOps for files that did not have a macro but contained suspicious strings of characters. We have resolved this issue and the Cybereason platform’s AI-based Behavioral Document Protection will not trigger MalOps for files with suspicious strings but no macros. |
Sensor and server |
Windows |
DFND-53805 |
NGAV |
In recent Cybereason versions, on machines using Sensor Tampering Protection, MalOps based on Variant Payload Protection or Threat Intelligence services were not generated as expected. We have resolved this issue and Variant Payload Protection and Threat Intelligence will generate as expected, even with Sensor Tampering protection enabled. |
Sensor and server |
Windows |
DFND-54537 |
Sensor logs |
When retrieving sensor logs from the Sensors screen, the exclusions in the sensor policy will be decrypted as part of the retrieval operation to enable administrators to read clear text in the exclusions entries in the log. |
Sensor and server |
Windows |
DFND-55970 |
User notifications |
In recent versions, email notifications sometimes were not sent in the language set by the user for their access to the Cybereason platform. Instead, the mail notifications used the language set for the machine on which the WebApp server was running. We have resolved this issue and the mail notifications will use the user-defined language setting. |
Server |
N/A |
DFND-56056 |
Sensor installation |
In recent Cybereason versions, when trying to upgrade sensors, an error about Downgrade is not supported was displayed, even though the operation was not a downgrade operation. This was due to issues with the sensor installation report that is created as part of the sensor installation/upgrade process. We have resolved this error and the downgrade message should not display. |
Sensor and server |
Windows |
Version 23.1.263
Issue |
Area |
Description |
Required Update |
Supported OS |
|---|---|---|---|---|
DFND-23543 |
NGAV |
The sensor can now report file metadata to Cybereason headquarters for analysis that will impact the accuracy rate of our anti-malware engines and help reduce false positives. Open a Technical Support to enable this feature. |
Sensor and server |
Windows |
DFND-41756 |
User notifications |
In environments that use sensor grouping, if a MalOp was triggered on a machine a sensor groups, local analysts for other groups in which the sensor was not assigned also received an email notifying that there were 0 MalOps detected. We have resolved this issue and analysts from other groups not associated with the machine in the MalOp will not receive email notifications for machines not in their assigned groups. |
Server |
N/A |
DFND-53308 |
NGAV, Behavioral Document Protection |
At times, AI-based Behavioral Document Protection triggered false positive MalOps for files that did not have a macro but contained suspicious strings of characters. We have resolved this issue and the Cybereason platform’s AI-based Behavioral Document Protection will not trigger MalOps for files with suspicious strings but no macros. |
Sensor and server |
Windows |
DFND-53805 |
NGAV |
In recent Cybereason versions, on machines using Sensor Tampering Protection, MalOps based on Variant Payload Protection or Threat Intelligence services were not generated as expected. We have resolved this issue and Variant Payload Protection and Threat Intelligence will generate as expected, even with Sensor Tampering protection enabled. |
Sensor and server |
Windows |
DFND-54537 |
Sensor logs |
When retrieving sensor logs from the Sensors screen, the exclusions in the sensor policy will be decrypted as part of the retrieval operation to enable administrators to read clear text in the exclusions entries in the log. |
Sensor and server |
Windows |
DFND-55333 |
Linux sensors |
On machines running the SUSE 15.3 operating system on Azure provisioned server machines, the sensor was unable to run due to a Could not verify minion signature error message. We have resolved this issue and the sensor can run on these machines without issue. |
Sensor and server |
Linux - SUSE 15.3 |
DFND-55970 |
User notifications |
In recent versions, email notifications sometimes were not sent in the language set by the user for their access to the Cybereason platform. Instead, the mail notifications used the language set for the machine on which the WebApp server was running. We have resolved this issue and the mail notifications will use the user-defined language setting. |
Server |
N/A |
DFND-56056 |
Sensor installation |
In recent Cybereason versions, when trying to upgrade sensors, an error about Downgrade is not supported was displayed, even though the operation was not a downgrade operation. This was due to issues with the sensor installation report that is created as part of the sensor installation/upgrade process. We have resolved this error and the downgrade message should not display. |
Sensor and server |
Windows |