Directly contact our Support Team

GravityZone (Cloud-based) Release Notes for June 2019 Update

Last revised: 2019-07-17

Minimum BEST version: 6.6.11.159

Minimum Security Server Multi-Platform version: 6.1.71.8593

New Features

Endpoint Risk Management

This update brings Endpoint Risk Management, a brand-new feature designed for effectively identifying, assessing and remediating endpoint weaknesses. GravityZone exposes this new feature in the following areas:

  • Risk Management policy section, including a risk scan scheduler.
  • Risk Scan task available from the Network page.
  • New Risk Management Dashboard, providing several panels with risk information, one-click resolve action per endpoint and recommendations for exposure mitigation.

Advanced Anti-Exploit

Powered by machine learning, this new proactive technology stops zero-day attacks carried out through evasive exploits. Advanced Anti-Exploit catches the latest exploits in real-time and mitigates memory corruption vulnerabilities that can evade existing solutions.

This security layer is pre-configured with the recommended security settings and you can customize it from the Antimalware > Advanced Anti-Exploit policy section.

You can view Advanced Anti-Exploit events in the Security Audit, Blocked Application, Endpoint Module Status reports.

note Note:

This security layer addresses Windows-based systems.

Antimalware

Implemented a new Load Balancing mechanism between endpoints, protected through BEST with Central Scan and Security Servers. You can now choose to distribute the load evenly between the assigned Security Servers.
 

Improvements

EDR

  • Added full support for incidents detection and response actions, root cause analysis and MITRE events on Linux OS endpoints.
  • Enriched the Search section with several predefined queries, covering the most useful investigation scenarios.
  • Improved security event visualization from the Incidents page:
    • New panel in the graph area displaying the actions and their states for the selected event node in a single view.
    • New Further Investigation section in the node details area, outlining the additional analysis through Sandbox, Virus Total and Google.

Sandbox Analyzer

  • Expanded the list of supported file types that can be automatically submitted to Sandbox Analyzer.
  • Added content pre-filtering capabilities for submitting files to the Sandbox Analyzer. This functionality is configurable in a new policy section.
  • Added error messages for failed detonations in the submission card section on the Sandbox Analyzer page.

Antimalware

  • A major increase of the scanning speed in VDI environments due to the new scan cache sharing protocol between Security Servers. To benefit of this feature, enable port 6379 to allow traffic between Security Servers.
  • Two new statuses for Security Server load: Near overloaded and Near underloaded.
  • New custom exclusion types by file hash, certificate thumbprint, threat name, and command line.
  • Ability to define custom exclusions by using wildcards:
    • Asterisk (*) for one or more characters.
    • Question mark (?) for a single character.
  • New option to add folder exclusions for ATC/IDS. With this release, existing folder exclusions remain configured for on-access and on-demand scanning. To add ATC/IDS as well, you need to select the corresponding checkbox in the Modules column.

Storage Protection

You can now use a secured connection between Security Servers and the protected NAS servers, provided they use SSL over ICAP.

Usability

Optimized the Control Center workspace with the new display modes of the menu: expanded, collapsed (icon view) and hidden.

Update System

Replaced the antimalware signatures with a new method to identify known and unknown malware, called Security Content.

Resolved Issues

Sandbox Analyzer

Analysis results from a manual submission could not be retrieved if the proxy was in place.

Update System

In Control Center, weekly recurrence for antimalware updates was resetting upon return, if set only on Sunday. This was only a display issue, the setting being sent correctly to the security agent.

Network

Removed the ghost folders that appeared on some Partner accounts.

Antimalware

Security Server Load Balancing - Equal distribution mode had limited functionality. The scan load was not distributed equally between Security Servers.

Known Issues

Antimalware

  • The new custom exclusion types are not available for custom scanning tasks from the Network page.
  • The following exclusion types for ATC/IDS are available only for Windows desktop operating systems:
    • Process with wildcards
    • File hash
    • Detection name
    • Detection name with wildcards
    • Command-line
  • Certificate thumbprint exclusions are not available for ATC/IDS.

View the full list of known issues for GravitZone Cloud platform.


Rate this article:

Submit