We want to inform you about the release of a new Heimdal™ Production Dashboard version, 2.5.360, that is now live. The Heimdal™ Production Agent will be available, for download, on Monday, July 5th, 2021 and, deployed, on a roll-out basis, during the upcoming week.
Here are the new features and improvements rolling in with the new 2.5.360 Production:
Heimdal™ Dashboard:
- Updated Active Clients Dashboard data
This new feature enables the Dashboard user to view fresh Dashboard data related to virus definitions, “last seen” data, IP & DNS info, applied Group Policies, usernames, memory, disk and CPU usage, Windows version, build version, and last reboot info.
The feature consists of an API call to the Heimdal™ Agent, checking for changes applied on the machine, with an hourly recurrence. If any changes are detected, these will be communicated back to the dashboard and the new info will be displayed in the Management, Active Clients, Standard and Hardware views.
- Dashboard Homepage Graphs for Ransomware Encryption Protection and Application Control
Two new graphs have been added to the Heimdal™ dashboard homepage, graphs corresponding to the Ransomware Encryption Protection and Application Control modules. The Ransomware Encryption Protection graph will display a number of detections made in the selected time frame.
The Application Control graph will display the number of ran processes that matched either the Whitelist or the Blacklist over the total number of processes rules that have been white or blacklisted in the ruleset mode over a certain time frame.
- Re - skinned email reports
Post the dashboard revamp launched in the 2.5.350 Release, we have also updated the looks of our Email reports.
Heimdal™ Privileged Access Management:
- Prevent spawning other processes on Run with AP elevations
With this new functionality, a check box in the Endpoint Settings, Privileges & App Control, Privileged Access Management Tab, Run as Administrator section, we will avoid the scenario in which when an end-user has a single file elevation (“Run with AdminPrivilege”) approved, he/ she would also be able to run with admin rights other executable files spawned by the elevated file.
- New APIs for PAM and App. Control modules
We’ve built brand new APIs for our Privileged Access Management (PAM) and Application Control products.
- PAM API compatibility with ServiceNow for elevations management
Our new PAM API is compatible with ServiceNow, allowing the management (processing) of elevations directly from ServiceNow.
Heimdal™ Endpoint Detection:
- Next-gen AV
- Ability to stop the Next-gen AV from the Heimdal™ Agent
This feature will allow the end-user to stop the Anti-Virus services from the Heimdal™ Agent. The feature comprises of a Group Policy (Settings) tick box allowing this action, only when enabled (based on a password, set by the IT admin); in the Endpoint Settings, Endpoint Detection, Next-Gen Antivirus tab, Admin Settings section, we have also implemented a slider, for setting the auto-restart time for the AV services (2 – 60 minutes).
On the end-user side, in the Agent, Settings, Next-Gen Antivirus (Next-Gen AV) tab, there will be a “Pause Next-Gen AV”, ON/ OFF button (as per the below visual), allowing the end-user to pause the AV services (if the functionality is enabled in the Group Policy).
2. Visibility and self-management of the Next-Gen AV Real-time exclusions
In the Endpoint Settings, Endpoint Detection, Next-gen Antivirus tab, Next-Gen AV Exclusion List section, we merged the two tabs, from the previous exclusions view (“Exclusion List & Real-Time Exclusion List) into one tab called “Next-Gen AV Exclusion List”. We also added a new column to the table, called “Priority” (High, Medium, and Low options – drop-down list), allowing the dashboard user to select the priority for each exclusion added to the list (the default priority will be Low). The High priority exclusions are limited to a number of 5.
3. Firewall compatibility with the ICMP protocol
When enabled, this new functionality, found in the Endpoint Settings, Endpoint Detection, Firewall tab, General Settings area, in the shape of check box named “Allow ICMP Echo Requests”, will enable the Heimdal™ customers to conduct IP pings in their LAN environment.
4. Delete option added to Default Scan action On Infected
This new feature which can be found in the Next-Gen AV product (Endpoint Settings, Endpoint Detection, Next-Gen AV, Default Scan action On Infected drop-down list, consists of the addition of a new option, namely “Delete” in case of infected files detected by Heimdal™’s Next-Gen AV product.
Other improvements & fixes:
- Streamlined Heimdal™ Agent functionality
When either single-clicking the left or right mouse button, on the Heimdal™ Agent icon, found in the Windows taskbar, the user will get the same functionality, in the sense that the context menu will be displayed. Also, based on the licensed and activated Heimdal™ modules/ products, the end-user will be able to take the relevant actions, thus having an enhanced user experience.
- Revoke existing Admin Rights functionality now works as intended
This fix applied to the Privileged Access Management product ensures the correct functioning of the “Revoke existing local admin rights” PAM Group Policy/ Settings check box.
- Home page graphs are now segregated per month if a longer time frame is selected
We made some changes to the Heimdal™ dashboard home page graphs, in order to streamline, visually the display and interpretation of data. The home page graphs are now displaying daily sets of data, if the selected time frame is smaller than one - month, weekly sets of data, if the selected time frame bigger than one month, and monthly sets of data, in case the selected time frame is bigger than three months.
- Heimdal™ Agent self–update issues are fixed
- Next-Gen AV mapped network drives scan issues are fixed
- App. Control “Auto Elevation” functionality fixes
We re-activated the “Allow auto elevation” functionality in our Application Control product, as the issues related to it are now fixed. You can auto elevate processes from the Application Control Rules grid, except for the major browser-related ones (i.e.: Google Chrome, Microsoft Edge, Safari, Mozilla Firefox, etc.). The fix for these will be available in about 2 weeks.
- New code signing certificates for Windows & Mac OS
New code signing certificates and a new delivery launcher, which fixes a small issue related to the agent being downloaded multiple times, are now available, while the Mac OS instances are signed with a new certificate, which allows the correct Heimdal™ Agent version to be displayed.