Lastline Network and Email Defender On-Premises Release Notes

New Features

• Support for PERC H750 RAID controller

SUPPORT FOR PERC H750 RAID CONTROLLER

Added support for PERC H750 raid controller

This new feature was tracked internally as FEAT-7359

Detection Improvements

• LLAM-8565: Improved detection for modified UPX PE samples and .NET-based SharePoint user profile sync PUA PE samples.
• LLAM-8554: Improve detection of Linux Roothelper exploit
• LLAM-8530: Improved detection of Ryucurrency miners
• LLAM-8551: Improved detection for truncated ELF samples

Bug Fixes and Improvements

• FEAT-7432: Updated kernel to version 5.4.0. Appliances will require a restart to use the new kernel.
• LLCC-2748: Extended expiration date of GPG key used for signing appliance actions.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in …continue.

New Features

• Support for Broadcom NICs in sniffing appliances

SUPPORT FOR BROADCOM NICS IN SNIFFING APPLIANCES

This release adds official support to Broadcom NIC cards based on the bnxt_en driver. While sniffing appliances using such NICs were supported in standard "compatibility mode" with reduced performance, starting with this release sniffing appliances will be able to leverage hardware acceleration to achieve better throughputs.

This new feature was tracked internally as FEAT-7205

Bug Fixes and Improvements

• PLTF-3001: Shorten HA virtual IP label suffix to support interface names of up to 10 characters. This issue would cause the VIP to be unreachable only in certain installations when the interface …continue.

Bug Fixes and Improvements

• USER-5640: Added missing checkbox to login screen which allows the user to select whether or not to login with LDAP.
• LLANTA-2235: Disabled log4j's message lookup substitution in Elasticsearch as an additional mitigation against the CVE-2021-44228 vulnerability. See https://kb.vmware.com/s/article/87094 for additional details.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline …continue.

New Features

• Permalink Option for Interactive Analysis Reports
• Home network setting to default to RFC1918 private IP ranges.
• Support for license-based permissions for custom intel
• Allow configuration of archive file limit for on-premises defender.
• Change default NTP server to ntp.lastline.com

PERMALINK OPTION FOR INTERACTIVE ANALYSIS REPORTS

The permalink features allows for a link to an interactive Malware Analysis report to be made available to others within the organization without the need to log in to the NSX Defender Portal to view the details. To create a shareable report permalink, click on the "Share Report" button when viewing an Analysis Report.

This new feature was tracked internally as …continue.

New Features

We are planning on changing the public IP addresses that are used by Lastline backend services to reflect our move away from an older datacenter provider to more scalable infrastructure. These are the IP addresses assigned to lastline.com contacted by Lastline appliances (such as log.lastline.com, user.lastline.com, management.lastline.com, update.lastline.com, and anonvpn.lastline.com) when accessing services like cloud APIs and image registries. This will affect both hosted and on-premise installations of all Lastline products.

It is required that these IP addresses are permitted by firewall rules to prevent service issues when these IP addresses are expected to go live by August 31st 2021.

The new IP …continue.

Detection Improvements

• LLAM-7335: Improved detection of malware detecting the presence of known hypervisors via CPUID instruction.
• LLAM-7313: Improved detection for samples that overrides SEH with a custom handler.
• LLAM-7057: Improved detection of XLSB documents that make use of malicious formulas.

Bug Fixes and Improvements

• LLAM-7173: Fix to an issue where phishing denylist could not be updated when an appliance was behind a proxy
• SENT-3138: Fix to an issue where a race condition could cause the sensor IDS Service to crash and become unstable.
• SENT-3143: Fix to an issue where an appliance would not correctly respond to an attempt to disable processing of NTA URL logs.

Deprecation of API …continue.

Bug Fixes and Improvements

• PLTF-2402: Improved encryption of HTTPS traffic to the appliances (Manager, Analyst and Pinbox) by restricting the cipher suites supported by the web server to enforce stronger encryption in accordance with industry best practices.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of the appliances for use with NSX Defender On-Premises:

• NSX Manager …continue.

New Features

Detection Improvements

• LLAM-6948: Improved detection of corona family.

Bug Fixes and Improvements

• FEAT-6795: The license of a 3rd party component used in the Lastline analysis pipeline has been updated, the previous license was scheduled to expire May 15th 2021. Please update your On-Premises environment to version 9.4.2 by May 15th to receive continued signature updates. Failure to upgrade before this day may result in additional False Negative detections for new malware variants.
• SENT-3113: Fixes a bug that caused the mail analysis pipeline to stall when processing URLs with unicode characters

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this …continue.

New Features

Detection Improvements

Bug Fixes and Improvements

• PLTF-2215: Fixed a bug that caused Network IoC notifications to be disabled On-Premises
• SENT-3081: Fixed an issue where the submission of a completely benign document on an ICAP sensor would incorrectly cause its analysis to be stalled indefinitely.
• SENT-3080: Fixed a major issue in the sensor ICAP implementation where certain ICAP submissions would timeout indefinitely without ever being analysed.
• PLTF-2276: Fixed SAML SSO configuration issue observed on bionic appliances.
• USER-5072: Fixed an issue where inappropriate permissions were being set while creating multiple user accounts.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline …continue.

Distribution Upgrade

Version 9.4 will be the final version that supports Ubuntu Xenial as the operating system distribution. In all future releases, Ubuntu Bionic will be required. To support this distribution upgrade, 9.4 will support both Ubuntu Xenial and Ubuntu Bionic. Before upgrading to any future version, appliances on Ubuntu Xenial must be upgraded to Ubuntu Bionic while running version 9.4. The upgrade of the distribution will require a reboot and may take up to an hour to complete.

You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the …continue.