Version 9.8
New Features
- Introduce Permission for Viewing Analysis Reports of Other Accounts
INTRODUCE PERMISSION FOR VIEWING ANALYSIS REPORTS OF OTHER ACCOUNTS
This introduces a new permission "Can View Analysis History". With this permission, a user is able to view the history of file and URL analysis submissions performed by any account under Analyst -> Submission History. Users without this permission are only able to view their own submissions.
Previously, only users with administrator permissions were able to view submissions from other accounts.
This new feature was tracked internally as FEAT-7762
Detection Improvements
- LLAM-10326: Reduced false positives in script behavior analysis
- LLAM-10825: Improved detection of Malform RTF
- LLAM-11131: Improved detection for Info Stealer
- LLAM-11139: Improved detection for MSIL Shellcode Downloader
- LLAM-11130: Improved detection for Mirai Botnet
- LLAM-11128: Improved detection of QiLin ransomware
- LLAM-11095: Improved detection for Darkgate
- LLAM-11117: Improved detection for Knight Ransom Loader
- LLAM-10617: Improved detection for Boxter Runner
- LLAM-10546: Improved detection of Parite malware
- LLAM-10555: Improved detection of Rootkits
- LLAM-10475: Improved detection of Nukesped malware
- LLAM-10469: Improved detection of a Downloader
- LLAM-10440: Improved detection of Keyplug malware
- LLAM-10447: Improved detection of Amadey malware
- LLAM-10237: Detection of Telegram bot (informational)
- LLAM-10236: Improved detection of Disdroth trojan
- LLAM-11032: Improved detection of Akira ransomware
- LLAM-10922: Improved detection of Kryptik
- LLAM-10902: Improved detection for Whirlpool Linux Backdoor
- LLAM-10894: Improved detection of a Powershell Loader
- LLAM-10895: Improved detection of Shellcode Runner
- LLAM-10893: Improved detection for MathTypeObfs exploit
- LLAM-10826: Improved detection for Nitrogen Installer
- LLAM-10790: Improved detection for Amadey Clipper
- LLAM-10961: Detection improvement for OilRig Trojan
- LLAM-10859: Improved detection of Sapphire Stealer
- LLAM-10856: Improved detection for elevation of UIAccess applications
- LLAM-10775: Improved detection of Qakbot
- LLAM-10787: Improved detection of Mallox ransomware
- LLAM-10704: Improved detection for Invicta Stealer
- LLAM-10670: Improved detection for Ponyshell Downloader
- LLAM-10660: Improved detection for Perl Shellbot
- LLAM-10695: Improved detection for Bandit stealer
- LLAM-10693: Improved detection for IcedID trojan
- LLAM-10685: Improved detection for Meduza Stealer
- LLAM-10672: Improved detection for PyCrypter
- LLAM-10649: Improved detection for GreetingGhoul Infostealer
- LLAM-10615: Improved detection of Bruteforce hacktool
- LLAM-10519: Improved detection for ClipBanker
- LLAM-10525: Improved detection of Ransomwares
- LLAM-10529: Improved detection of Nokoyawa ransomware
- LLAM-10505: Improved detection for the RokRat Powershell starter.
- LLAM-10473: Improved detection of Mirai MooBot
- LLAM-10571: Improved detection of Earthworm hacktool
- LLAM-10570: Improved detection of Buhti ransomware
- LLAM-10545: Improved detection of Kimsuky malware
- LLAM-10516: Improved detection of Python Stealer
- LLAM-10474: Improved detection of CrimsonRAT
- LLAM-10838: Improved detection for HookAMSI has been found in Raccoon Stealer.
- LLAM-11159: Improved detection for Ddostf Botnet
- LLAM-11137: Improved detection of Kinsing malware
- LLAM-11166: Improved detection of BeaverTail malware
- LLAM-11172: Improved detection of a VBS Downloader
- LLAM-11120: Improved detection of RunPE Loader
- LLAM-10563: Improved detection of BlackCat ransomware
- LLAM-10562: Improved detection of Nanodump hacktool
- LLAM-10543: Improved detection for Mirai Botnet
- LLAM-9980: Improved detection of NTDLL unhooking evasion
- LLAM-11129: Improved detection for Stealer Downloader
- LLAM-11011: Improved detection for dotRunpeX Injector
- LLAM-11018: Detection improvement for Stealer Loader
- LLAM-11046: Improved detection for Poverty Stealer
- LLAM-11121: Improved detection of BATLoaders
- LLAM-10989: Improved detection for Lumma Stealer
- LLAM-10990: Improved detection for Bunny Loader
- LLAM-10975: Improved detection for MSIL Exploit CVE-2022-22718
- LLAM-10957: Improved detection for Veeam Dumper
- LLAM-10919: Improved detection of Webshell
- LLAM-10915: Improved detection of Shellcode Runner
- LLAM-10848: Improved detection for Logcleaner Hacktool
- LLAM-10813: Improved detection of Mirai
- LLAM-10920: Improved detection of Blueshell malware
- LLAM-10852: Improved detection for DreamBus Botnet
- LLAM-10849: Improved detection of Qbot
- LLAM-10842: Improved detection for Shellscript miner
- LLAM-10771: Improved detection of malware files in MEME#4CHAN attack
- LLAM-10774: Improved detection for Linpeas Hacktool
- LLAM-10762: Improved detection for Boxter Downloader
- LLAM-10747: Improved detection of Prikormka malware
- LLAM-10745: Improved detection of a Downloader
- LLAM-10744: Improved detection of XWorm
- LLAM-10735: Improved detection for Spyder trojan
- LLAM-10742: Improved detection of Rootkits
- LLAM-10743: Improved detection of persistence techniques used by malwares in MEME#4CHAN attack
- LLAM-10668: Improved detection for Emeka Crypter
- LLAM-10686: Improved detection for WarHawk backdoor
- LLAM-10671: Improved detection for Mirai Condi Botnet
- LLAM-10651: Improved detection for Clipper dropper
- LLAM-10597: Improved detection for malicious LNK files executing msiexec.exe
- LLAM-10595: Improved detection for malicious LNK files executing PowerShell
- LLAM-10561: Improved detection of Ligolo hacktool
- LLAM-10518: Improved detection for Qakbot
- LLAM-9979: Improved detection of NTDLL unhooking evasion
Bug Fixes and Improvements
- PLTF-3652: Fixed issue on the standby manager that could cause it to incorrectly authenticate to the active manager during install or upgrade, and could cause the standby manager to go into an Error state.
- LLCC-2762: Improved database performance in environments with high disk throughput but high I/O latency, by increasing the number of concurrent I/O threads. Updated appliance diagnostic checks to account for this type of environment.
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR FILE ANALYSIS ON WINDOWS 7
To ensure a satisfactory level of security, it is not advisable to use Windows 7. As a consequence, testing the maliciousness of files in this environment is no longer deemed relevant. Therefore, we have decided to gradually phase out the analysis of files on Windows 7. With this latest release, file analysis on Windows 7 will become optional. All analysis on Windows 7 will cease in the next major release.
EXPLICIT PROXY DEPRECATION
NSX Defender On-premise 9.8 is the last major release to support the use of the sensor explicit proxy capabilities. The sensor explicit proxy functionality allows to run a squid proxy on the appliance with basic TLS decapsulation functionality. This feature will no longer be available in the next major release of NSX Defender on-premise. Support for ICAP integrations will not be affected by this deprecation.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Detonator On-Premises:
- Lastline Manager version 1150
- Lastline Engine version 1150
Released Sandbox Images Versions
The sandbox images version will remain at 2022-07-16-01.
Distribution Upgrade
Version 9.4.5 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 9.8, you must be running Bionic as the operating system distribution.
You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.
For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.