This new feature was tracked internally as FEAT-7359
Detection Improvements
LLAM-8565: Improved detection for modified UPX PE samples and .NET-based SharePoint user profile sync PUA PE samples.
LLAM-8554: Improve detection of Linux Roothelper exploit
LLAM-8530: Improved detection of Ryucurrency miners
LLAM-8551: Improved detection for truncated ELF samples
Bug Fixes and Improvements
FEAT-7432: Updated kernel to version 5.4.0. Appliances will require a restart to use the new kernel.
LLCC-2748: Extended expiration date of GPG key used for signing appliance actions.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in …continue.
Version 9.5.2
Bug Fixes and Improvements
PLTF-3001: Shorten HA virtual IP label suffix to support interface names of up to 10 characters. This issue would cause the VIP to be unreachable only in certain installations when the interface name is longer than expected. The issue only affects installations that are running a software version between 9.4 and 9.5.1, AND are using the Bionic Ubuntu distribution.
PLTF-2994: Fix parsing of network interfaces in the status reporter on appliances that are using bonded network interfaces.
USER-5639: This tickets fixes the 404 error when user try to access manuals in on-prem UI.
USER-5640: Added missing checkbox to login screen which allows the user to select whether or not to login with LDAP.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Analyst On-Premises and Lastline Detonator On-Premises:
Support for license-based permissions for custom intel
Change default NTP server to ntp.lastline.com
PERMALINK OPTION FOR INTERACTIVE ANALYSIS REPORTS
The permalink features allows for a link to an interactive Malware Analysis report to be made available to others within the organization without the need to log in to the NSX Defender Portal to view the details. To create a shareable report permalink, click on the "Share Report" button when viewing an Analysis Report.
This new feature was tracked internally as FEAT-6081
SUPPORT FOR LICENSE-BASED PERMISSIONS FOR CUSTOM INTEL
The "can view custom threat intelligence entries" and "can manage custom …continue.
Version 9.4.5
New Features
We are planning on changing the public IP addresses that are used by Lastline backend services to reflect our move away from an older datacenter provider to more scalable infrastructure.
These are the IP addresses assigned to lastline.com contacted by Lastline appliances (such as log.lastline.com, user.lastline.com, management.lastline.com, update.lastline.com, and anonvpn.lastline.com)
when accessing services like cloud APIs and image registries. This will affect both hosted and on-premise installations of all Lastline products.
It is required that these IP addresses are permitted by firewall rules to prevent service issues when these IP addresses are expected to go live by August 31st 2021.
LLAM-7335: Improved detection of malware detecting the presence of known hypervisors via CPUID instruction.
LLAM-7313: Improved detection for samples that overrides SEH with a custom handler.
LLAM-7057: Improved detection of XLSB documents that make use of malicious formulas.
Bug Fixes and Improvements
LLAM-7173: Fix to an issue where phishing denylist could not be updated when an appliance was behind a proxy
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
PLTF-2402: Improved encryption of HTTPS traffic to the appliances (Manager, Analyst and Pinbox) by restricting the cipher suites supported by the web server to enforce stronger encryption in accordance with industry best practices.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of the appliances for use with NSX Analyst On-Premises:
FEAT-6795: The license of a 3rd party component used in the Lastline analysis pipeline has been updated, the previous license was scheduled to expire May 15th 2021. Please update your On-Premises environment to version 9.4.2 by May 15th to receive continued signature updates. Failure to upgrade before this day may result in additional False Negative detections for new malware variants.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information …continue.
Version 9.4.1
New Features
Detection Improvements
Bug Fixes and Improvements
PLTF-2215: Fixed a bug that caused Network IoC notifications to be disabled On-Premises
PLTF-2276: Fixed SAML SSO configuration issue observed on bionic appliances.
USER-5072: Fixed an issue where inappropriate permissions were being set while creating multiple user accounts.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances for …continue.
Version 9.4
Distribution Upgrade
Version 9.4 will be the final version that supports Ubuntu Xenial as the operating system
distribution. In all future releases, Ubuntu Bionic will be required. To support this
distribution upgrade, 9.4 will support both Ubuntu Xenial and Ubuntu Bionic. Before upgrading
to any future version, appliances on Ubuntu Xenial must be upgraded to Ubuntu Bionic while running version 9.4.
The upgrade of the distribution will require a reboot and may take up to an hour to complete.
You can check the distribution in use by an appliance in the
Appliance Status view of the portal.
The "Base Distribution" listed should be "bionic". If it is "xenial",
the …continue.
