Version 9.7.1
New Features
- Ability to disable home-net filtering on sensor appliances
ABILITY TO DISABLE HOME-NET FILTERING ON SENSOR APPLIANCES
Sensor appliances default to using the home network configuration of the appliance to filter out from processing expensive events happening outside of the home network range. For instance, a file transfer happening between endpoints that are both outside the defined home network would not be analysed.
It is now possible to disable this behavior by means of an override to be added to the sensor appliance to disable the home network filtering. If you are interested in applying this change, please reach out to VMware Technical Support for further assistance on applying the changes.
This new feature was tracked internally as FEAT-7868
Detection Improvements
- LLAM-10033: Improved detection accuracy for CheatEngine
- LLAM-10013: Improved accuracy of detection of suspected shellcode instructions
- LLAM-9820: Improved detection of Brute Ratel
- LLAM-9885: Improved detection of Nighthawk implants
- LLAM-10054: Improved detection of Royal ransomware
- LLAM-10043: Improved detection of Netsupport Rat
- LLAM-9972: Improved detection of Coinminer
- LLAM-9970: Improved accuracy of detection for ELF files
- LLAM-9951: Improved detection of XMRigMiner
- LLAM-9989: Improved detection of Merlin Agent
- LLAM-10067: Improved detection of ESXiArgs ransomware
- LLAM-10036: Improved detection of LNKRunner
- LLAM-10032: Improved accuracy of detection for obfuscated applications
- LLAM-10034: Improved accuracy of detection of ransomware
- LLAM-9940: Improved detection of Jumplump
- LLAM-9216: Improved detection of KNOTWEED malware
- LLAM-9941: Improved detection of Jumplump dropper
- LLAM-9837: Improved detection of Blackbasta
- LLAM-8450: Improved detection of Sysjoker Backdoor
- LLAM-9915: Improved detection of Sysjoker
- LLAM-9803: Improved detection of Manuscript Downloader
- LLAM-9802: Improved detection of malicious Krypter
- LLAM-9443: Improved detection of Autorun worm
- LLAM-9944: Improved detection for payload samples of Redline stealer
- LLAM-9850: Improved detection of Brute Ratel
- LLAM-9847: Improved detection of CobaltStrike
- LLAM-9814: Improved detection of Qakbot
- LLAM-9584: Improve detection of access to Chrome configuration files
- LLAM-9577: Improved detection of Conti ransomware
- LLAM-9952: Improved detection of P2P-Worm
Bug Fixes and Improvements
- LLAM-9929: Fixed analysis images update timestamp when image localization option is on.
- SENT-3524: When the sensor appliance operates in sniffing mode it now reports with a customer-visible error in case of issues at submitting an extracted file for analysis. This covers a potential corner case that might happen during internal component restarts. The failure will be visible in the appliance monitoring logs as a "File Submission" type under the "IDS Service" component.
- USER-5710: Fixed the threshold toggle that enables a user to set a minimum score for APK file uploads or to disable APK file uploads.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On-Premises:
- Lastline Manager version 1140.1
- Lastline Engine version 1140.1
- Lastline Data Node version 1140.1
- Lastline Sensor version 1332
- Lastline All-in-one (Pinbox) version 1140.1
Released Sandbox Images Versions
The sandbox images version will remain at 2022-07-16-01.
Distribution Upgrade
Version 9.4.5 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 9.7.1, you must be running Bionic as the operating system distribution.
You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.
For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.