Dear Heimdal™ Security customer, we want to inform you that we will be rolling out our
Heimdal™ 2.5.310 Release Candidate version starting with September 2nd.
The older version 2.5.301 Release Candidate will become 2.5.302 Production. The
changes will be live according to the following schedule:
•
2nd of September: 2.5.310 RC Backend and 2.5.302 PROD Backend;
•
7th of September: 2.5.310 RC Agent available on a roll-out basis;
•
11th of September: 2.5.302 PROD Agent available on a roll-out basis;
Here are the main changes rolling in with the new 2.5.310 RC.
Agent changes:
•
Fixed an issue with AV displayed as unregistered in action center.
X-ploit Resilience – Patch Management:
3rd party updates:
•
Assets views - Add product code information: The product code associated
with an installed application (if that application has one) is now displayed in
Assets View.
Windows updates:
•
Windows Updates with "Vulnerabilities reporting": A new pop-up is displayed
when trying to install Windows Updates for group policies that have “Microsoft
Vulnerability reporting only” enabled. Agreeing to continue will disable “Microsoft
Vulnerability reporting only” for the selected group policies and install the
selected update.
•
Improvements for CVE correlation with KB: The CVE correlation with the KB
code was improved using the Microsoft API. The information displayed in the
Windows Updates section is up to date, according to the latest information available from Microsoft.
Threat Prevention Endpoint:
•
Whitelist to take priority over blacklist: Refactored the whitelist and blacklist functionality to allow whitelisted domains to take priority over blacklisted ones. If
.com is blacklisted but www.domain.com is whitelisted, the user can still access
www.domain.com.
•
Sort Standard View by RISK as default: DarkLayer GUARD Standard View is
now sorted by risk descending (high > low).
Next-Gen Antivirus Enterprise:
•
Added a silent mode for Auto-Scan USB port – this new silent mode is enabled by default and a scan window will appear only if infected files are found.
If your Auto-Scan USB Port feature is currently disabled, you need to re-enable it with this new Silent Mode (this fix will be available for the 2.5.302 PROD as well).
•
Global quarantine - Add files using file path even if files are not infected:
Files added by file name or file path to the “General Quarantine List” were previously marked as Infected/Suspicious based on Antivirus analysis. We implemented a new flow that handles files in the “General Quarantine List” added by file path, that would not normally be detected as Suspicious/Infected.
The “Default scan action on suspicious” tab determines what action will be taken when scanning a file in the “General Quarantine List”.
•
Get infection Md5 from agent to dashboard: An additional field was added for infections/quarantines that were sent to the dashboard. The field stores the infection file hash. An additional icon that will redirect to VirusTotal for Autoscan will be displayed in the dashboard next to the “Add to storage” icon.
•
Notification on User-initiated scan completed: For customers that have the
Next-Gen Antivirus Alerts enabled a new job was added. The new job will retrieve all scanned devices and will generate a mail template with the devices scanned,
infections/quarantines found, and timestamp when the scan is finished. The job runs hourly and an email notification is sent to the user.
Thor Heimdal™ Privileged Access Management:
•
Notify admin via email when session/file elevation is requested and the group policy is set to “Auto-mode”: A notification was added for admin users that will inform the user of the requested elevations. The email will not contain a link to approve the request, this is a basic notification email.
•
‘Automatically close all processes started during an elevation when the session ends will work as ‘Identify and close only processes executed with Heimdal™ Privileged Access Management or Admin Rights’: An improvement was made to the feature “Automatically close all processes started during an elevation when the session ends “previously released in version 2.5.300. We now identify and close only the
processes that were executed with either Privileged Access Management or Run as Administrator.
•
History view search bar – Added "Program Executed" filter: A new filter is available in Heimdal™ Privileged Access Management, History tab: Program Executed. When used, the filter will search through available elevations and display only the elevations in which the selected program was executed.
Dashboard changes:
Active clients:
•
Add email notification when a new event viewer/Heimdal logs/files request is completed or file uploaded to storage: A pop-up was added when requesting machine logs. The user is asked to confirm if a notification should be sent to the email address registered in the account once the logs are downloaded. A similar pop-up and notification were also added when an infected file is manually uploaded to storage by the user.
•
Display host details in notification modal: Hostname, Last active username, and the Last seen date and time are displayed in the notification modal.
•
Added active network interface MAC address: In Active Clients details, the
MAC address of the host is now displayed.
•
Added Motherboard serial 2 in the verbose report: Motherboard serial 2 column was
added in Active Clients verbose report.
Group Policy:
•
Firewall module enabled by default for all new GP: For all new group policies, the Firewall module will now be enabled by default. Old group policies are not affected by this change.
•
Ability to search in the Group Policy page/Settings for all devices: The user can now search group policies by either name or AD group/user group. The Search is available for all device views.
•
3rd Party - Ability to Filter Infinity Management applications: If the option
'Enabled Infinity management' is enabled, a new check box is displayed in the group policy settings: Show only Infinity management applications. When checked, the application list is filtered and only IM applications are displayed.
Mobile Device Management – A new feature for Android devices:
A new licensing option was added under Next-Gen Antivirus, Mobile Device Management. When enabled, a new tab is displayed in the Android group policy edit.
If the module is enabled, three functionalities are available:
•
Enable Locate Device – device location can be pinged and displayed in the dashboard.
•
Enable Lock Device — will lock the device and its password will be required to unlock; A fallback password must also be set and this password will be used for devices where no previous password/lock method was set.
•
Enable Wipe Device – will wipe all data from the device and return it to the factory settings; No backup is created, data cannot be recovered!
If the options are enabled, when accessing Active Clients and selecting an Android mobile device a new tab is available under Next-Gen Antivirus, Mobile Device Management:
Note: A new version of the Android application (2.5.15) will be released soon. The dashboard features will be functional only for devices using the new version. More details regarding the requirements of this feature on the mobile app will be provided in the Android version 2.1.15.