Lastline Analyst and Detonator On-Premises Release Notes

Version 6.0

New feature

  • Redesigned installer and diagnostic tool
  • Analysis engine improvements
  • Analysis report improvements
  • Analysis UI improvements
  • Improved commenting on analysis reports
  • Improved proxy support
  • Dell hardware support improvements

Redesigned installer, diagnostic tools, and improved proxy support

The installer for the Lastline Analyst On-premise appliances has been redesigned in order to simplify the installation process, and proactively detect problems with the installation environment.

The "lastline_test_appliance" command has been added to allow diagnosing issues with the appliance or the deployment environment.

Analysis engine improvements

The analysis engine has received a number of improvements:

  • improved the analysis of PDFs, by adding support for encrypted PDFs and extending the number of exploits that are identified
  • improved the analysis of Java applets, extending the number of exploits that are identified and improving the stability of the analysis
  • improved the analysis of web content, extending the number of exploits that are identified and improving the stability of the analysis
  • added additional heuristics to detect suspicious JavaScript code
  • improved the handling of slow-executing JavaScript code
  • improved the analysis of Microsoft Office documents, by recognizing new exploit patterns and identifying suspicious content embedded in documents

Analysis report improvements

The analysis report pages have been improved in several ways:

  • Display reputation information about Android APKs
  • Improved handling of signed Windows binaries
  • Show packer information from PEiD in analysis reports
  • URL analysis reports now include a description of the exploits that were identified

Analysis UI improvements

The analysis UI has been improved by adding the following feature:

  • UI support for providing a password when submitting encrypted archives for analysis
  • Preserve file name of file submitted for analysis when submitting through UI
  • Fix display of long URLs and Unicode file names in Analysis History

Improved commenting on analysis reports

Additional views have been introduced for viewing comments about analysis reports. This makes it more practical for users to take advantage of the existing commenting feature to share information about an analysis.

Improved proxy support

The ability to function in an network with Internet connectivity relgulated by an HTTP proxy has been extended and improved:

  • It is now possible to deploy a Lastline Enterprise appliance behind a transparent proxy with SSL inspection.
  • Support for networks with explicit HTTP proxy and not DNS access has been extended.

Dell hardware support improvements

  • Dell R320/R420 v2 CPUs (Ivy Bridge) are now officially supported and tested.
  • BIOS-mode installation is now supported on Dell R320/R420 with recent firmware.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use on-premise:

  • Lastline Analyst version 600
5.1.1 6.0.1