Lastline Analyst and Detonator On-Premises Release Notes

Version 9.5.3

New Features

  • Support for PERC H750 RAID controller

SUPPORT FOR PERC H750 RAID CONTROLLER

Added support for PERC H750 raid controller

This new feature was tracked internally as FEAT-7359

Detection Improvements

  • LLAM-8565: Improved detection for modified UPX PE samples and .NET-based SharePoint user profile sync PUA PE samples.
  • LLAM-8554: Improve detection of Linux Roothelper exploit
  • LLAM-8530: Improved detection of Ryucurrency miners
  • LLAM-8551: Improved detection for truncated ELF samples

Bug Fixes and Improvements

  • FEAT-7432: Updated kernel to version 5.4.0. Appliances will require a restart to use the new kernel.
  • LLCC-2748: Extended expiration date of GPG key used for signing appliance actions.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Analyst On-Premises and Lastline Detonator On-Premises:

  • Lastline Analyst version 1120.3

and for Lastline Detonator On-Premises:

  • Lastline Manager version 1120.3
  • Lastline Engine version 1120.3

Released Sandbox Images Versions

The sandbox images version will remain at 2021-06-25-01.

Distribution Upgrade

Version 9.4.5 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 9.5.3, you must be running Bionic as the operating system distribution.

You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.

For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.

9.5.2 9.6