We want to inform you that we will soon launch our 2.5.300 RC version. The backend changes will be live starting with the evening of Wednesday, the 15th of July, and the front-end (agent) changes starting with Monday, the 20th of July, on a roll-out basis.
• Last reboot time viewable – Added a new information field for last reboot time in
the CSV Export for Active Clients.
• All logs per endpoint easily available - Fetch event viewer logs from the endpoint
now retrieves all the logs, not only the "Application" logs.
• Filter clients by Operating System – In the Dashboard active clients view there is
now the option to filter by device type (Windows/Android/Mac).
Thor Vigilance: Scan USB / Disable USB:
In Thor Vigilance group policy settings, two new checkboxes for controlling USB ports
are available: Disable USB Ports and AutoScan USB Ports.
• Disable USB Ports - will disable USB ports for removable devices (for example:
memory stick, hard disk, etc.), no plugged-in removable device will be recognized.
When this option is disabled, AutoScan USB Ports will not be triggered.
• AutoScan USB Ports - will automatically scan all USB removable device that are
plugged in. For Enterprise users, the AutoScan option will automatically launch a
popup with scan window and for Home users, a prompt will be launched to ask the
user if he wants to scan or not the new plugged device.
• Updated the Vigilance driver.
Note: The scanning and block engines do not work for certain devices (for example:
mobile phones). Although these devices could be considered removable devices, the
manufacturer software does not contain the correct code in order for Windows to
correctly recognize the devices as such.
XPloit Resilience: Microsoft Updates
• Updates available per Group policy filter - A new filter was added in Microsoft
Updates, Available tab: Group policy. This filter is used to show the available
Windows updates only for the machines that have the selected group policy as the
last retrieved policy.
• Allow top level domain filtering for whitelisted and blacklisted domains - Top
level domains (such as .com, .co.uk, .uk, etc.) can now be blacklisted/whitelisted
from Enable domains whitelist/blacklist option from DarkLayer Guard group policy
page. Domains can still be whitelisted/blacklisted regardless of the state of the top-
level domain. These domains will be treated as exceptions and act according to the
lower lever setting made
• Whitelist domains, directly from the DLG menu - The option to whitelist domains
directly from the DarkLayer Guard menus was added. A Whitelist button is now
available, together with individual and Select All check boxes. Upon selecting the
domains to whitelist, the user may select the type of whitelist that should be applied
- Global or Custom policy global. The selected domains will be displayed in
DarkLayer Guard group policy, Enable domains whitelist section.
• Category blocking scheduler - The Block by category scheduler is now available
in the DarkLayer Guard group policy. On activation, this feature allows the user to
schedule blocking websites from the selected categories within a set schedule. The
user can select either weekdays or days in a month and a preferred time interval.
Ticking “Enable Block By Category” is required in order for these settings to be
• Category blocks view - A new tab was added to the Darklayer Guard views in
order to display the domains blocked by the category blocking mechanism. The
view displays the total number of blocked domains per endpoint and can be filtered
by hostname, username and IP address. Filtering by category/categories is
available using the advanced filter. A statistics widget was added in the upper part
of the page, together with the old DLG stats. Clicking the number of blocked
categories per endpoint redirects the user to the DLG Grid in Active Clients. Here
the user will see each accessed domain that is blocked using the category blocking
mechanism, together with its category and timestamp.
• Automatically close all processes started by a user during elevation - A new
option was added in the Thor AdminPrivilege group policy setting: Automatically
close all processes started during an elevation when the session ends. When
enabling his option, all processes started by user during elevation are closed (if
they are still opened). Please be aware that processes are closed with no warning.
• File elevations automatically run as admin when a session elevation is in
progress - The possibility to select “Run with AdminPrivilege” in the right click
context menu while an elevation is in progress is now available. If “Run with
AdminPrivilege” is used during elevation, the file will be elevated as part of the
session- a new File elevation will NOT be created, the elevated process will appear
as part of the existing elevation. Additionally, we added the possibility to select Run
with AP on *.mmc files (Computer management, etc.)
• Elevation processes moved to separate view - The processes from “Program
executed” column were replaced by a total count for each elevation, which
represents the number of processes executed. The admin can view more details by
clicking the number of executed processes. They are then directed to a details
page, where are shown a few details about selected elevation and a grid with all
processes executed during elevation. In this view, the admin user can see the
elevation details at the top of the page (reason, hostname, request time, etc.) and
the executed processes listing. All executed processes are listed here and the
admin can filter the listing by User and System executed processes.
• New option to elevate only users belonging to a specific hostname:
AdminPrivilege GP option to only allow users belonging to a specific hostname to
be elevated (their username must be part of the hostname).
MailSentry Email Security:
• Easier settings import - A new option was added to MailSentry Email Security,
making it easier to copy settings from perimeter to endpoint and vice versa.