Version 2021.1
Detection Improvements
- TRES-1979: Improved detection of d77fd67d malware family.
- TRES-1990: Improved detection of malware abusing image file execution options.
Bug Fixes and Improvements
- FEAT-6687: Sniffing and ICAP sensors now support the extraction from the wire of Executables and Linkable Format (ELF) files.
- MALS-3451: The Lastline Analyst API now supports HTTP Basic Authentication (RFC 7617). To support backwards-compatibility, authentication headers are ignored if another form of authentication is provided.
- SENT-3081: Fix to an issue where the submission of a completely benign document on an ICAP sensor would incorrectly cause its analysis to be stalled indefinitely.
- SENT-3080: This fix resolves a major issue in the sensor ICAP implementation where certain ICAP submissions would timeout indefinitely without ever being analysed.
- USER-5072: Fixed an issue where inappropriate permissions were being set while creating multiple user accounts.
- TRES-1932: Improved detection of benign process hollowing.
- PLTF-2094: The "can view custom threat intelligence entries" and "can manage custom threat intelligence entries" permissions are now available at per-license granularity.
Windows XP End of Life
In this release we are deprecating support of sandbox analysis in the Windows XP operating systems. Most malware explicitly targeting Windows XP environments will still be detected using other analysis environments, analysis techniques and analysis of dormant code.
Deprecation of API Methods
The Lastline API documentation includes a deprecation schedule for deprecated Portal API methods, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Defender Hosted:
- Lastline Sensor version 1250