Lastline Enterprise On-Premises Release Notes

Version 7.15.1

This release is a detection update. As such, no features are added, changed, or removed.

Detection Improvements

  • Improved file analysis
  • Improved URL analysis

Improved file analysis

We have made enhancements to the detection of

  • LLWEB-1771 exploits triggered via PDF OpenAction
  • LLWEB-1770 evasions via PDF reader fingerprinting
  • LLADOC-442 LLADOC-449 Python scripts embedded in Microsoft Office documents
  • LLADOC-432 LLADOC-435 LLADOC-437 LLADOC-438 suspicious data embedded in OleCF streams in RTF documents
  • LLADOC-434 EPS files embedded in Microsoft Office documents
  • LLADOC-424 LLADOC-425 suspicious links in Microsoft PowerPoint slide shows
  • FEAT-2165 LLAM-2983 executable code embedded in Microsoft Office documents
  • LLADOC-450 exploits via remote Ole resources
  • LLADOC-448 LLADOC-443 archives embedded within documents
  • LLAM-3010 evasions requiring user interaction in Microsoft Office
  • LLAM-2991 stalling behavior
  • ANREV-3909 .Net packers/protectors
  • ANREV-3981 ANREV-3901 memory scraper tools
  • SIGREPSCAN-274 evasions via task scheduling
  • SIGREPSCAN-332 command-and-control communication via HTTPS
  • SIGREPSCAN-303 remote code execution via system utilities
  • SIGREPSCAN-313 anomalous execution of PEs for documents

Improved URL analysis

We have made enhancements to the detection of

  • LLWEB-1764 scripts dropped in web attacks
  • LLWEB-1755 dropped files requiring user-interaction for the download

Bug fixes and improvements

  • PAPI-579 PAPI-597 fix bug displaying the upgrade status of appliances not upgraded to Trusty distribution.
  • LLAM-2901 extract more information from Microsoft Windows networking APIs
  • LLAM-2805 take more frequent and informative process snapshots during the dynamic analysis
  • MALS-2204 LLFILE-376 more robust handling of archives containing anomalous filenames
  • LLADOC-414 more robust parsing of Ole10Native "compact" mode streams
  • LLFILE-379 more robust handling of Svgz images
  • LLFILE-371 MALS-2207 more robust type-detection for script files
  • LLFILE-327 LLFILE-363 LLFILE-373 MALS-2199: more robust handling of various archive formats

Deprecation of API methods

All methods of the legacy API (/ll_api/ll_api) have been deprecated.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On-Premises:

  • Lastline Manager version 781
  • Lastline Engine version 781
  • Lastline Sensor version 722.7
  • Lastline All-in-one (pinbox) version 781

Released sandbox images versions

The sandbox images version remains at 2017-06-19-01.

Distribution Upgrade

The appliance versions which are being made available as part of this release, will be the last versions to support Ubuntu Precise as the underlying operating system distribution. Before upgrading to the following versions, appliances that are still on Ubuntu Precise will need to be upgraded to Ubuntu Trusty.

Users can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "trusty". If it is "precise", the appliance distribution needs to be upgraded. A distribution upgrade can be performed with the "lastline_distribution_upgrade" command-line utility. These updates are not done automatically to prevent unexpected downtime. Please contact support@lastline.com for help with the upgrade process.

7.15 7.15.2