Lastline Enterprise On-Premises Release Notes

Version 7.16.3

New features

  • Improved file analysis
  • Bug fixes and improvements

Improved file analysis

We have made enhancements to the detection of

  • LLADOC-454 LLADOC-482 LLADOC-483 LLADOC-488 LLADOC-507 LLADOC-517 obfuscated DDE commands embedded in Microsoft Office documents,
  • LLADOC-490 LLADOC-513 obfuscated or encoded URLs referring to external scripts embedded in Microsoft Office documents,
  • LLADOC-501 extracting binary data from Hangul documents,
  • LLADOC-515 suspicious JavaScript embedded in PDF documents,
  • SIGREPSCAN-390 launching of anomalous shell commands from Microsoft Office,
  • SIGREPSCAN-382 SIGREPSCAN-385 SIGREPSCAN-386 invocation of remote script code from Microsoft Office,
  • ANREV-4263 ANREV-4280 SIGREPSCAN-376 ransom notes,
  • ANREV-4294 open source XMRig miner,

and extended anti-evasion techniques to detect abusing

  • SIGLOGSCAN-213 SIGREPSCAN-264 known processor manufacturers,

and improved the reliability of

  • LLADOC-508 parsing unnamed VBA functions,
  • MALS-2459 extracting information on Microsoft Windows driver files.

Bug fixes and improvements

  • FEAT-2700: improved analysis of URLs contacting suspicious hosts on the internet.
  • FEAT-2321 MALS-2339: allow enabling Analyst on-premises analysis options requiring special permissions for pre-approved Enterprise on-premises appliances.
  • FEAT-2611: improve information about timestamps returned by the Analyst API.
  • MALS-2404: fix bug reporting failures contacting hosted analysis service for downloading analysis metadata.
  • MALS-2445: fix bug requesting analysis metadata when appliance was offline for a long time.
  • MALS-2309: allow fine-grained tweaking of Analyst API completion requests.
  • FEAT-2341: allow tuning of analysis priority auto-selection for MSSP multi-license environments.
  • FEAT-2299: make Analyst API documentation available via the on-premises web-UI. This allows accessing the API and client documentation for the specific version installed on the local appliance via https:///analyst-api-docs/html/index.html .
  • MALS-2368: script to analyze local submission load/statistics.

Deprecation of API methods

All methods of the legacy API (/ll_api/ll_api) have been deprecated.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On-Premises:

  • Lastline Manager version 820
  • Lastline Engine version 820
  • Lastline Sensor version 725.4
  • Lastline All-in-one (Pinbox) version 820

Released sandbox images versions

The sandbox images version remains at 2017-07-17-01.

Distribution Upgrade

As of version 7.16, support for Ubuntu Precise as the underlying operating system distribution has been discontinued. Before upgrading to version 7.16 or later, appliances that are still on Ubuntu Precise will need to be upgraded to Ubuntu Trusty.

Users can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "trusty". If it is "precise", the appliance distribution needs to be upgraded.

For complete information regarding the upgrade process please refer to the Lastline Support Knowledge Base

7.16.2 7.16.4