September 28, 2022 Service Pack
The following Service Pack versions were released:
Versions (Sensor and Server) |
---|
21.1.500 21.2.443 |
The tables below describe the enhancements, fixed issues, and changes included in each version.
The Versions column indicates the versions that include the fix. (For more information, see the note above)
The Required Update column indicates if the fix requires sensor/server update.
IMPORTANT: If you want to upgrade your servers to this version, we recommend that you upgrade all components - Registration server, Detection servers, and WebApp server - to this version.
Version 21.1.500
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
DFND-17947 |
Predictive Anti-Ransomware |
For users in Japanese environments, we have updated the title of the Predictive Ransomware Protection screen to 予測型ランサムウェア保護. |
Server |
N/A |
DFND-28883 |
Anti-Malware scans |
We have updated the logs recorded when you perform an Anti-Malware scan to also report the Static Analysis prediction score for a file and the PE file type for each file. |
Sensor and Server |
All |
DFND-13846 |
Sensors screen |
At times when an environment uses a proxy, the Internal IP address field value displayed for a sensor in the Sensors screen was 127.0.0.1 instead of the real IP address of the sensor due to the looping of the address as part of the proxy. We have updated the configuration of the sensor to report the correct IP address for the machine in the Sensors screen. |
Sensor and server |
All |
DFND-19860 |
Sensor installation |
When uninstalling a sensor from the latest version, the uninstallation failed with an error that the sensor installation folder was still in use. We have resolved this issue and the uninstallation works as expected. |
Sensor and server |
Windows |
DFND-20802 |
Behavioral Document Protection |
Previously, detection rules used with Behavioral Document Protection did not create detections when the document files contained Japanese characters. We have resolved the issues and detection rules work even when the document file contains Japanese characters in the name. |
Sensor and server |
Windows |
DFND-20656 |
Sensor installation |
When uninstalling the sensor after upgrading to the latest 21.1 version, the uninstall operation failed, unless you restarted the machine. We have resolved the issue and the uninstall operation works as expected without a restart of the machine. |
Sensor and server |
Windows |
DFND-21496 |
L3 analyst role |
Previously, users with the L3 analyst role were not able to view and edit machine isolation exception rules. We have resolved this issue and users with the L3 analyst role are able to view and edit as expected. |
Server |
N/A |
DFND-22698 |
Linux sensors |
When trying to install sensors on Linux machines running Oracle Linux operating systems, the installation would fail as the minionhost process did not work properly. This issue has been resolved and installations on Oracle Linux machines work properly. |
Sensor and Server |
Oracle Linux |
DFND-22993 |
Sensors screen |
When exporting details on sensors to a CSV file with the API, the list of sensors was incomplete. For example, the exported might contain 10,000 lines instead of the expected 40,000 lines. This issue has been resolved and the CSV file exports with the correct amount of data. |
Server |
N/A |
DFND-23407 |
Detection rules |
Due to a change in the sensor certificate name, Attempt to manipulate Cybereason sensor false-positive detections were generated for the sensor’s amsvc.exe and activeconsole.exe processes. This issue has been resolved and these detections should no longer be created for the sensor processes. |
Server |
N/A |
DFND-28702 |
Remediation |
When viewing the Response History screen, if you clicked the Back button in your browser, you were returned to the default Discovery Board page, instead of the previous screen. This issue has been resolved and clicking the Back button returns you to your previous screen. |
Server |
N/A |
Version 21.2.443
Issue |
Area |
Description |
Required Update |
Supported OS |
---|---|---|---|---|
DFND-16006 |
User screen |
We have updated the quick filters on the left of the Users screen to include all user roles. There is now an All analysts section and an All admins section populated with the relevant roles. Use these filters to quickly display relevant users with these roles:
Use these filters to quickly display relevant users with these roles. |
Server |
N/A |
DFND-17947 |
Predictive Anti-Ransomware |
For users in Japanese environments, we have updated the title of the Predictive Ransomware Protection screen to 予測型ランサムウェア保護. |
Server |
N/A |
DFND-28883 |
Anti-Malware scans |
We have updated the logs recorded when you perform an Anti-Malware scan to also report the Static Analysis prediction score for a file and the PE file type for each file. |
Sensor and Server |
All |
DFND-9630 |
Behavioral Allowlisting |
If you created a behavioral allowlisting rule with a special character, you were not able to later edit this rule. This issue has been resolved and you can edit allowlisting rules with special characters. |
Server |
N/A |
DFND-13846 |
Sensors screen |
At times when an environment uses a proxy, the Internal IP address field value displayed for a sensor in the Sensors screen was 127.0.0.1 instead of the real IP address of the sensor due to the looping of the address as part of the proxy. We have updated the configuration of the sensor to report the correct IP address for the machine in the Sensors screen. |
Sensor and server |
All |
DFND-19860 |
Sensor installation |
When uninstalling a sensor from the latest version, the uninstallation failed with an error that the sensor installation folder was still in use. We have resolved this issue and the uninstallation works as expected. |
Sensor and server |
Windows |
DFND-20802 |
Behavioral Document Protection |
Previously, detection rules used with Behavioral Document Protection did not create detections when the document files contained Japanese characters. We have resolved the issues and detection rules work even when the document file contains Japanese characters in the name. |
Sensor and server |
Windows |
DFND-21372 |
Local responder role |
Previously, users with the Local Responder role had access to non-authorized sections of the Cybereason UI, including
We have updated the permissions for the Local Responder role and users with this role should no longer be able to access these parts of the Cybereason UI. |
Server |
N/A |
DFND-21496 |
L3 analyst role |
Previously, users with the L3 analyst role were not able to view and edit machine isolation exception rules. We have resolved this issue and users with the L3 analyst role are able to view and edit as expected. |
Server |
N/A |
DFND-22698 |
Linux sensors |
When trying to install sensors on Linux machines running Oracle Linux operating systems, the installation would fail as the minionhost process did not work properly. This issue has been resolved and installations on Oracle Linux machines work properly. |
Sensor and Server |
Oracle Linux |
DFND-22993 |
Sensors screen |
When exporting details on sensors to a CSV file with the API, the list of sensors was incomplete. For example, the exported might contain 10,000 lines instead of the expected 40,000 lines. This issue has been resolved and the CSV file exports with the correct amount of data. |
Server |
N/A |
DFND-23360 |
Sensor system tray icon |
At times, the minionhost.exe process used by the sensor created multiple cramtray.exe process instances on the machine, causing a sensor error. This issue has been resolved and the processes open as expected with a single cramtray.exe process. |
Sensor and server |
Windows |
DFND-23407 |
Detection rules |
Due to a change in the sensor certificate name, Attempt to manipulate Cybereason sensor false-positive detections were generated for the sensor’s amsvc.exe and activeconsole.exe processes. This issue has been resolved and these detections should no longer be created for the sensor processes. |
Server |
N/A |
DFND-28702 |
Remediation |
When viewing the Response History screen, if you clicked the Back button in your browser, you were returned to the default Discovery Board page, instead of the previous screen. This issue has been resolved and clicking the Back button returns you to your previous screen. |
Server |
N/A |