Version 7.13.5
This release is a detection update. As such, no features are added, changed, or removed.
Detection Improvements
- Improved file analysis
Improved file analysis
We have made enhancements to the detection of
- ANREV-3845 JavaScript embedded in PDF files.
- ANREV-3899 ransomware behavior.
- ANREV-3901 ANREV-3902 SMB exploit code.
- LLADOC-387 LLADOC-402 ROP shellcode.
- LLADOC-403 embedded script code in Microsoft Office documents.
- LLADOC-407 anomalous macros using system utilities.
- SIGLOGSCAN-173 document exploits via harmful CLSIDs.
- SIGLOGSCAN-185 installing hooks.
- SIGLOGSCAN-186 VM fingerprinting behavior.
- SIGLOGSCAN-193 network scanning behavior.
- SIGREPSCAN-252 SIGREPSCAN-272 UAC Bypass.
- SIGREPSCAN-255 document exploits via non-ASLR libraries.
- SIGREPSCAN-264 enumeration of security products via WMI.
- SIGREPSCAN-271 disabling Microsoft Word recovery features.
- SIGREPSCAN-276 SIGREPSCAN-277 abuse of system utilities (such as waitfor.exe and bitsadmin.exe).
- SIGREPSCAN-301 using GEO location services.
and improved the reliability of
- LLADOC-392 extracting OLE streams from Microsoft Office documents.
- LLADOC-404 LLADOC-414 Ole10Native stream analysis.
- LLADOC-413 WordProcessingML handling.
Deprecation of API methods
No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On-Premises:
- Lastline Manager version 724
- Lastline Engine version 724
- Lastline Sensor version 717.5
- Lastline All-in-one (pinbox) version 724