September 28, 2022 Service Pack

The following Service Pack versions were released:

Versions (Sensor and Server)

21.1.500

21.2.443

The tables below describe the enhancements, fixed issues, and changes included in each version.

  • The Versions column indicates the versions that include the fix. (For more information, see the note above)

  • The Required Update column indicates if the fix requires sensor/server update.

IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.

Version 21.1.500

Issue

Area

Description

Required Update

Supported OS

DFND-17947

Predictive Anti-Ransomware

For users in Japanese environments, we have updated the title of the Predictive Ransomware Protection screen to 予測型ランサムウェア保護.

Server

N/A

DFND-28883

Anti-Malware scans

We have updated the logs recorded when you perform an Anti-Malware scan to also report the Static Analysis prediction score for a file and the PE file type for each file.

Sensor and Server

All

DFND-13846

Sensors screen

At times when an environment uses a proxy, the Internal IP address field value displayed for a sensor in the Sensors screen was 127.0.0.1 instead of the real IP address of the sensor due to the looping of the address as part of the proxy.

We have updated the configuration of the sensor to report the correct IP address for the machine in the Sensors screen.

Sensor and server

All

DFND-19860

Sensor installation

When uninstalling a sensor from the latest version, the uninstallation failed with an error that the sensor installation folder was still in use.

We have resolved this issue and the uninstallation works as expected.

Sensor and server

Windows

DFND-20802

Behavioral Document Protection

Previously, detection rules used with Behavioral Document Protection did not create detections when the document files contained Japanese characters.

We have resolved the issues and detection rules work even when the document file contains Japanese characters in the name.

Sensor and server

Windows

DFND-20656

Sensor installation

When uninstalling the sensor after upgrading to the latest 21.1 version, the uninstall operation failed, unless you restarted the machine.

We have resolved the issue and the uninstall operation works as expected without a restart of the machine.

Sensor and server

Windows

DFND-21496

L3 analyst role

Previously, users with the L3 analyst role were not able to view and edit machine isolation exception rules.

We have resolved this issue and users with the L3 analyst role are able to view and edit as expected.

Server

N/A

DFND-22698

Linux sensors

When trying to install sensors on Linux machines running Oracle Linux operating systems, the installation would fail as the minionhost process did not work properly.

This issue has been resolved and installations on Oracle Linux machines work properly.

Sensor and Server

Oracle Linux

DFND-22993

Sensors screen

When exporting details on sensors to a CSV file with the API, the list of sensors was incomplete. For example, the exported might contain 10,000 lines instead of the expected 40,000 lines.

This issue has been resolved and the CSV file exports with the correct amount of data.

Server

N/A

DFND-23407

Detection rules

Due to a change in the sensor certificate name, Attempt to manipulate Cybereason sensor false-positive detections were generated for the sensor’s amsvc.exe and activeconsole.exe processes.

This issue has been resolved and these detections should no longer be created for the sensor processes.

Server

N/A

DFND-28702

Remediation

When viewing the Response History screen, if you clicked the Back button in your browser, you were returned to the default Discovery Board page, instead of the previous screen.

This issue has been resolved and clicking the Back button returns you to your previous screen.

Server

N/A

Version 21.2.443

Issue

Area

Description

Required Update

Supported OS

DFND-16006

User screen

We have updated the quick filters on the left of the Users screen to include all user roles. There is now an All analysts section and an All admins section populated with the relevant roles. Use these filters to quickly display relevant users with these roles:

  • L1 Responders

  • L2 Responders

  • Policy admins

  • L1 Sensor Admins

  • Local Analyst (L1/L2)

  • Local Responder

  • Sensor Viewer

Use these filters to quickly display relevant users with these roles.

Server

N/A

DFND-17947

Predictive Anti-Ransomware

For users in Japanese environments, we have updated the title of the Predictive Ransomware Protection screen to 予測型ランサムウェア保護.

Server

N/A

DFND-28883

Anti-Malware scans

We have updated the logs recorded when you perform an Anti-Malware scan to also report the Static Analysis prediction score for a file and the PE file type for each file.

Sensor and Server

All

DFND-9630

Behavioral Allowlisting

If you created a behavioral allowlisting rule with a special character, you were not able to later edit this rule.

This issue has been resolved and you can edit allowlisting rules with special characters.

Server

N/A

DFND-13846

Sensors screen

At times when an environment uses a proxy, the Internal IP address field value displayed for a sensor in the Sensors screen was 127.0.0.1 instead of the real IP address of the sensor due to the looping of the address as part of the proxy.

We have updated the configuration of the sensor to report the correct IP address for the machine in the Sensors screen.

Sensor and server

All

DFND-19860

Sensor installation

When uninstalling a sensor from the latest version, the uninstallation failed with an error that the sensor installation folder was still in use.

We have resolved this issue and the uninstallation works as expected.

Sensor and server

Windows

DFND-20802

Behavioral Document Protection

Previously, detection rules used with Behavioral Document Protection did not create detections when the document files contained Japanese characters.

We have resolved the issues and detection rules work even when the document file contains Japanese characters in the name.

Sensor and server

Windows

DFND-21372

Local responder role

Previously, users with the Local Responder role had access to non-authorized sections of the Cybereason UI, including

  • Discovery board screen

  • Malop Inbox screen

  • Malware alerts screen

We have updated the permissions for the Local Responder role and users with this role should no longer be able to access these parts of the Cybereason UI.

Server

N/A

DFND-21496

L3 analyst role

Previously, users with the L3 analyst role were not able to view and edit machine isolation exception rules.

We have resolved this issue and users with the L3 analyst role are able to view and edit as expected.

Server

N/A

DFND-22698

Linux sensors

When trying to install sensors on Linux machines running Oracle Linux operating systems, the installation would fail as the minionhost process did not work properly.

This issue has been resolved and installations on Oracle Linux machines work properly.

Sensor and Server

Oracle Linux

DFND-22993

Sensors screen

When exporting details on sensors to a CSV file with the API, the list of sensors was incomplete. For example, the exported might contain 10,000 lines instead of the expected 40,000 lines.

This issue has been resolved and the CSV file exports with the correct amount of data.

Server

N/A

DFND-23360

Sensor system tray icon

At times, the minionhost.exe process used by the sensor created multiple cramtray.exe process instances on the machine, causing a sensor error.

This issue has been resolved and the processes open as expected with a single cramtray.exe process.

Sensor and server

Windows

DFND-23407

Detection rules

Due to a change in the sensor certificate name, Attempt to manipulate Cybereason sensor false-positive detections were generated for the sensor’s amsvc.exe and activeconsole.exe processes.

This issue has been resolved and these detections should no longer be created for the sensor processes.

Server

N/A

DFND-28702

Remediation

When viewing the Response History screen, if you clicked the Back button in your browser, you were returned to the default Discovery Board page, instead of the previous screen.

This issue has been resolved and clicking the Back button returns you to your previous screen.

Server

N/A