We want to inform you that we will soon launch our 2.5.300 RC version. The backend changes will be live starting with the evening of Wednesday, the 15th of July, and the front-end (agent) changes starting with Monday, the 20th of July, on a roll-out basis.
New features:
Heimdal™ Dashboard:
• Last reboot time viewable – Added a new information field for last reboot time in
the CSV Export for Active Clients.
• All logs per endpoint easily available - Fetch event viewer logs from the endpoint
now retrieves all the logs, not only the "Application" logs.
• Filter clients by Operating System – In the Dashboard active clients view there is
now the option to filter by device type (Windows/Android/Mac).
Heimdal™ Next-Gen Antivirus & MDM: Scan USB / Disable USB:
In Heimdal™ Next-Gen Antivirus & MDM group policy settings, two new checkboxes for controlling USB ports
are available: Disable USB Ports and AutoScan USB Ports.
• Disable USB Ports - will disable USB ports for removable devices (for example:
memory stick, hard disk, etc.), no plugged-in removable device will be recognized.
When this option is disabled, AutoScan USB Ports will not be triggered.
• AutoScan USB Ports - will automatically scan all USB removable devices that are plugged in. For Enterprise users, the AutoScan option will automatically launch a popup with a scan window and for Home users, a prompt will be launched to ask the user if he wants to scan or not the newly plugged device.
• Updated the Next-Gen Antivirus driver.
Note: The scanning and block engines do not work for certain devices (for example:
mobile phones). Although these devices could be considered removable devices, the manufacturer software does not contain the correct code in order for Windows to correctly recognize the devices as such.
Patch & Asset Management: Microsoft Updates
• Updates available per Group policy filter - A new filter was added in Microsoft
Updates, Available tab: Group policy. This filter is used to show the available
Windows updates only for the machines that have the selected group policy as the
last retrieved policy.
Threat Prevention Endpoint:
• Allow top-level domain filtering for whitelisted and blacklisted domains - Top-level domains (such as .com, .co.uk, .uk, etc.) can now be blacklisted/whitelisted from Enable domains whitelist/blacklist option from Threat Prevention Endpoint group policy page. Domains can still be whitelisted/blacklisted regardless of the state of the top-level domain. These domains will be treated as exceptions and act according to the
lower lever setting made
• Whitelist domains, directly from the Threat Prevention Endpoint menu - The option to whitelist domains directly from the Threat Prevention Endpoint menus was added. A Whitelist button is now available, together with individual and Select All checkboxes. Upon selecting the domains to whitelist, the user may select the type of whitelist that should be applied:
- Global or Custom policy global. The selected domains will be displayed in the Threat Prevention Endpoint group policy, Enable domains whitelist section.
• Category blocking scheduler - The Block by category scheduler is now available in the Threat Prevention Endpoint group policy. On activation, this feature allows the user to schedule blocking websites from the selected categories within a set schedule. The user can select either weekdays or days in a month and a preferred time interval. Ticking “Enable Block By Category” is required in order for these settings to be applied.
• Category blocks view - A new tab was added to the Threat Prevention Endpoint views in order to display the domains blocked by the category blocking mechanism. The view displays the total number of blocked domains per endpoint and can be filtered by hostname, username, and IP address. Filtering by category/categories is available using the advanced filter. A statistics widget was added in the upper part of the page, together with the old Threat Prevention Endpoint stats. Clicking the number of blocked
categories per endpoint redirects the user to the Threat Prevention Endpoint Grid in Active Clients. Here
the user will see each accessed domain that is blocked using the category blocking mechanism, together with its category and timestamp.
Heimdal™ Privileged Access Management:
• Automatically close all processes started by a user during elevation - A new
option was added in the Heimdal™ Privileged Access Management group policy setting: Automatically
close all processes started during an elevation when the session ends. When
enabling his option, all processes started by user during elevation are closed (if
they are still opened). Please be aware that processes are closed with no warning.
• File elevations automatically run as admin when a session elevation is in progress - The possibility to select “Run with AdminPrivilege” in the right-click context menu while an elevation is in progress is now available. If “Run with AdminPrivilege” is used during elevation, the file will be elevated as part of the session- a new File elevation will NOT be created, the elevated process will appear as part of the existing elevation. Additionally, we added the possibility to select Run with AP on *.mmc files (Computer management, etc.)
• Elevation processes moved to separate view - The processes from the “Program executed” column were replaced by a total count for each elevation, which represents the number of processes executed. The admin can view more details by clicking the number of executed processes. They are then directed to a details page, where are shown a few details about selected elevation and a grid with all processes executed during elevation. In this view, the admin user can see the elevation details at the top of the page (reason, hostname, request time, etc.) and the executed processes listing. All executed processes are listed here and the admin can filter the listing by User and System executed processes.
• New option to elevate only users belonging to a specific hostname:
Privileged Access Mgmt Group Policy option to only allow users belonging to a specific hostname to
be elevated (their username must be part of the hostname).
Heimdal™ Email Security:
• Easier settings import - A new option was added to Heimdal™ Email Security,
making it easier to copy settings from perimeter to endpoint and vice versa.