Lastline Enterprise On-Premises Release Notes

Version 4.7

New features

  • On-premise support for data backup and restore functionality for on-premise Manager appliances
  • On-premise Android APK analysis (Android applications) now also supported for on-premise installations without cloud-analysis component
  • Extended APK behavior detection engine
  • Extended Microsoft Windows library analysis engine
  • Enhanced anti-evasion engine

On-premise Backup Functionality

On-premise installations now support generating periodic full data backups. This allows to restore the entire state of the Lastline system to well-defined snapshots. Additionally, support for incremental backups allows to guarantee backup of and recovery to the latest system state at all times.

The backup functionality integrates with different storage engines, such as Amazon S3 or generic backup systems accessible through Secure Shell (SSH).

On-premise Android APK analysis

On-premise installations now support analyzing APK artifacts (Android applications) without sharing the artifact with the Lastline cloud (using the cloud-analysis component). This allows analysis of all file-types supported by Lastline completely on customer premises.

Android APK analysis behavior detection improvements

An update to the APK analysis engine now extracts additional activity and reveals more of the malicious behavior exhibited by the analyzed program.

Examples of newly extracted behavior:

  • Leaking of encrypted GPS/location data
  • Sending IMEI/device data to remote servers
  • Placing phone calls without user interaction

Microsoft Windows library analysis improvements

The analysis engine for Microsoft Windows libraries has been extended to extract more behavior for service DLLs and Internet Explorer extensions (BHOs).

Examples of newly extracted behavior:

  • Detect specific URLs targeted by Internet Explorer BHOs
  • Detect script code injected into specific web-sites while browsing

Enhanced anti-evasion engine

The anti-evasion engine now supports analysis of many malware families that require a previous infection of the host. This allows classification of programs without access to the initial infection vector.

Bug fixes

  • Improve analysis report export functionality when exporting to PDF/RTF
4.6 4.8