• Granular filter for the dashboard time frame
The timeframe selector now has 2 additional fields for selecting Hour and Minutes to the specific timeframe. Once a custom time is selected, the dashboard results will be filtered accordingly. A default time is applied for each selector- 00:00 for the start date and 23:59 for the end date.
• Device filter available in Threat Prevention Endpoint/VectorN/ Next-Gen Antivirus/Privileged Access Mgmt views
Depending on the availability of the module on each OS, a device filter was added in Threat Prevention Endpoint, VectorN, Next-Gen Antivirus, and Privileged Access Mgmt views. The filters are Android, Mac OS, and Windows devices.
• DnsInfo added Active Clients verbose CSV
• Microsoft Updates per Group Policy information added in API
• Added the MD5 column for Next-Gen Antivirus
• Agent info logged in a fixed registry key
This feature is meant to allow the user (only CORP users) to see which modules of the Heimdal product suite are installed and running on the customers' endpoints, which version of the agent is installed on the endpoints and which group policy it belongs to (GP).
The registries are found here:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\HeimdalSecurity\Info or HKEY_LOCAL_MACHINE\SOFTWARE \HeimdalSecurity\Info (based on Windows version 64 or 32)
Threat Prevention Endpoint:
• Added “Force NCSI fix” option
A new checkbox was added in group policy > Threat Prevention Endpoint module, “Force NCSI fix”.
When enabled, this functionality will fix the Network Connectivity Status Indicator that causes the not connected globe in the tray menu, when running alongside Threat Prevention Endpoint.
• Added isolation exclusions profiles
This feature adds the functionality of adding some specific rules for firewall only if the computer is isolated. Those rules come as a specific profile that adds some rules for a certain program (ex: TeamViewer, ISL Online). Those rules will be deleted when the pc will not be isolated.
New isolation profiles can be added, please send this request to the Support team.
Heimdal™ Privileged Access Management:
• Elevation request availability period
A new option was added in Admin Privilege Group policy, “Accepted requests availability time”. When enabled, the user is able to select a custom time to live for elevation request, between 1 and 24 hours. If the option is disabled, all elevation requests will expire after the default 24 hours
Privileges and APP Control:
• Application Control is a module created to better control which applications can be executed on client machines and how they are executed. You can define rules which describe what is allowed or blocked on machines using application details like paths, publisher, and executable MD5, as well as how the application should run (it can automatically elevate the application if so configured) and how we handle child processes (we can allow all processes spawned by the application defined by the rule).
The group policy tab has been split into 2 subsections. The “Privileged Access Mgmt ” tab will include previous options for Privileged Access Mgmt and the second tab. “Application Control” will include new settings for App Control module.
Heimdal™ Email Fraud Prevention:
• Group policy option to disable Outlook suspicious activity warnings
In Dashboard GP settings will appear a new checkbox on Email Security tab that will disable/enable the outlook suspicious activity warnings.
On Agent a registry key will be modified for this with the values (2 -> disable, 0 -> enable). This registry key value can be found at the following path in Regedit: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Outlook\Security
On this path a new key will be created if not exists called “ObjectModelGuard” and this will
Heimdal™ Email Security:
• Added minute and daily limits for sent emails
A default minute limit of 300 emails and a daily limit of 10.000 emails was added. The limit change be lowered from the Perimeter settings, the Limits section.
• Option to customize the header and footer of the Quarantine Report
In Perimeter, Quarantine settings options, a new button is available “View and Edit Template”. When clicking this button, a model that allows the user to edit the header and footer of the Quarantine Report is displayed.
• Communication between Backed to Agent – “Enable realtime communication” checkbox added in GP (admin only); When enabled the communication between agent and backend should be faster, GP changes are visible in agent in around 1 min.
• Target update control system – section added in admin; option to add a version to be targeted in agent for auto update. AllowNewer - if set to true, must change the core service will retrieve the latest available version of Heimdal rather than the targeted one, if the latest available version is newer than the targeted one. Works from 2.5.320 onward only.