We want to inform you about the release of a new Heimdal™ Release Candidate version, 2.5.360 RC, that is now live in the RC instance of the Heimdal™ dashboard. The Heimdal™ Agent will be deployed, on a roll-out basis, during the upcoming week.
Here are the new features and improvements rolling in with the new 2.5.360 RC:
Heimdal™ Dashboard:
- Updated Active Clients Dashboard data
This new feature enables the Dashboard user to view fresh Dashboard data related to virus definitions, “last seen” data, IP & DNS info, applied Group Policies, usernames, memory, disk and CPU usage, Windows version, build version, and last reboot info.
The feature consists of an API call to the Heimdal™ Agent, checking for changes applied on the machine, with an hourly recurrence. If any changes are detected, these will be communicated back to the dashboard and the new info will be displayed in the Management, Active Clients, Standard, and Hardware views.
- Dashboard Homepage Graphs for Ransomware Encryption Protection and Application Control
Two new graphs have been added to the Heimdal™ dashboard homepage, graphs corresponding to the Ransomware Encryption Protection and Application Control modules. The Ransomware Encryption Protection graph will display a number of detections made in the selected time frame.
The Application Control graph will display a number of ran processes that matched either the Whitelist or the Blacklist over the total number of processes rules that have been white or blacklisted in the ruleset mode over a certain time frame.
- Re-skinned e-mail reports
Post the dashboard revamp launched in the 2.5.350 Release, we have also updated the looks of our Email reports.
Heimdal™ Privileged Access Management:
- Prevent spawning other processes on Run with AP elevations
With this new functionality, a check box in the Endpoint Settings, Privileges & App Control, Privileged Access Management Tab, Run as Administrator section, we will avoid the scenario in which when an end-user has a single file elevation (“Run with AdminPrivilege”) approved, he/ she would also be able to run with admin rights other executable files spawned by the elevated file:
- New APIs for PAM and App. Control modules
We’ve built brand new APIs for our Privileged Access Management (PAM) and Application Control products.
- PAM API compatibility with ServiceNow for elevations management
Our new PAM API is compatible with ServiceNow, allowing the management (processing) of elevations directly from ServiceNow.
Heimdal™ Endpoint Detection:
- Next-gen AV
1. Ability to stop the Next-gen AV from the Heimdal™ Agent
This feature will allow the end-user to stop the Anti-Virus services from the Heimdal™ Agent. The feature comprises of a Group Policy (Settings) tick box allowing this action, only when enabled (based on a password, set by the IT admin); in the Endpoint Settings, Endpoint Detection, Next-Gen Antivirus tab, Admin Settings section, we have also implemented a slider, for setting the auto-restart time for the AV services (2 – 60 minutes).
On the end-user side, in the Agent, Settings, Next-Gen Antivirus (Next-Gen AV) tab, there will be a “Pause Next-Gen AV”, ON/ OFF button (as per the below visual), allowing the end-user to pause the AV services (if the functionality is enabled in the Group Policy).
2. Visibility and self-management of the Next Gen AV Real time exclusions
In the Endpoint Settings, Endpoint Detection, Next-gen Antivirus tab, Next Gen AV Exclusion List section, we merged the two tabs, from the previous exclusions view (“Exclusion List & Real Time Exclusion List) into one tab called “Next Gen AV Exclusion List”. We also added a new column to the table, called “Priority” (High, Medium and Low options – drop down list), allowing the dashboard user to select the priority for each exclusion added to the list (the default priority will be Low). The High priority exclusions are limited to a number of 5.
3.Firewall compatibility with the ICMP protocol
When enabled, this new functionality, found in the Endpoint Settings, Endpoint Detection, Firewall tab, General Settings area, in the shape of check box named “Allow ICMP Echo Requests”, will enable the Heimdal™ customers to conduct IP pings in their LAN environment.
4. Delete option added to Default Scan action On Infected
This new feature which can be found in the Next Gen AV product (Endpoint Settings, Endpoint Detection, Next Gen AV, Default Scan action On Infected drop-down list, consists of the addition of a new option, namely “Delete” in case of infected files detected by Heimdal™’s Next Gen AV product.
Other improvements & fixes:
- Streamlined Heimdal™ Agent functionality
When either single clicking the left or right mouse button, on the Heimdal™ Agent icon, found in the Windows task bar, the user will get the same functionality, in the sense that the context menu will be displayed. Also, based on the licensed and activated Heimdal™ modules/ products, the end user will be able to take the relevant actions, thus having an enhanced user experience.
- Revoke existing Admin Rights functionality now works as intended
This fix applied to the Privilege Access Management product ensures the correct functioning of the “Revoke existing local admin rights” PAM Group Policy/ Settings check box.