Lastline Defender and Analyst Hosted Release Notes

Version 2018.7

Detection Improvements

  • LLADOC-604 Improved extraction of OLE2.0 streams from Microsoft Office documents.
  • LLADOC-644 LLADOC-308 LLFILE-326 More robust detection of Microsoft Support Diagnostic cab files.
  • LLADOC-645 Improved extraction of zlib-compressed objects embedded in Microsoft Office documents.
  • LLADOC-650 Improved extraction of objects/metadata from RTF documents.
  • LLADOC-651 Improved extraction of email body text using RTF encoding.
  • LLADOC-653 More robust detection of embedded remote OLE objects in Microsoft Office documents.
  • LLADOC-661 LLADOC-662 Improved extraction of files embedded in Microsoft Office CDF documents.
  • SIGLOGSCAN-229 Improved detection of Turla Carbon.
  • SIGLOGSCAN-288 More robust detection of documents containing suspicious URLs.
  • SIGLOGSCAN-323 Improved detection of Mimikatz.

Bug Fixes and Improvements

  • USER-3030: Fixed the issue where the user was not able to enter a sensor name within the scope of allowed characters.
  • USER-3017: Fixed a bug that could prevent authorized portal users from seeing the analysis subject download button and downloading the analysis subject.
  • PLTF-475: Updated the maximum file size limit for submissions to the Lastline Portal to match what is supported with the API (from 10MB to 64MB).
  • MALS-2730: Fixed a bug to enable robust parsing of Microsoft Windows command lines.
  • MALS-2343: Fixed the extraction of network connection metadata (e.g., missing TCP port data) in the sandbox analysis reports.
  • FEAT-3170: The label "Threat" now replaces "Malware" across the product when referring to network threats (i.e. command and control, etc). The label "Malware" has been updated to now apply only to malicious artifacts (i.e. files, attachments in emails, malicious URLs, etc).
  • FEAT-2706: Fixed an issue that could lead to the license being displayed as expired on its last valid day.

Deprecation of API methods

The Lastline API documentation includes a deprecation schedule for deprecated Lastline API methods, as well as information on how to replace usage of these deprecated methods with supported methods.

Since release 7.24, all methods of the legacy API (/ll_api/ll_api) are deprecated. The deprecation schedule also includes methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

This release contains no new versions for Lastline Sensor. This release is compatible with Lastline Sensor version 1030.

Deprecation of appliance versions

Since release 7.28, sensor versions before 720 are no longer compatible with Lastline backend.

Since release 7.24, sensor versions before 717 are no longer compatible with Lastline backend.

Distribution Upgrade

Sensor version 1030 does not support Ubuntu Precise as the underlying operating system distribution. Before upgrading to the latest sensor versions, sensors that are still on Ubuntu Precise must be upgraded to Ubuntu Trusty.

Users can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "trusty". If it is "precise", the appliance distribution needs to be upgraded.

For complete information regarding the upgrade process please refer to the Lastline Support Knowledge Base.

2018.6 2018.8