We want to inform you about the release of a new Heimdal™ Release Candidate Dashboard version, 2.5.410, that is now live. The Heimdal™ R.C. Agent will be available, for download, in the dashboard ( “Guide” section, “Download and install” tab), starting Monday, March 14th, 2022 and, deployed, on a roll-out basis, over the coming weeks.
Here are the main features and improvements rolling in with the new 2.5.410 R.C:
Heimdal™ Dashboard:
- Enhanced Group Policies management – copy GP changes to other GP(s)
In the Endpoint Settings, when applying changes on a Group Policy and hitting the “Update GP” button, the dashboard user will see a pop-up window asking if they’d like to apply the changes made to the current GP, specific GPs, or all GPs of that customer.
- Detect computers that do not have the Heimdal™ agent installed
In the Dashboard -> Management -> ActiveClients -> Standard View, “Select what action to take” drop-down list, we implemented a new command, namely “Scan non-Heimdal devices”. If applied, the command (available only if that/ those hostname(s) has/ have the Heimdal™ agent installed and the corresponding tick box “Allow network scan”, found in the Group Policy, General tab, is enabled) will trigger the start of the scanning, in the local area network and identification of all the devices that do not have the Heimdal™ agent installed.
The scanning process will take about 1 and a half minutes and after that, the results will appear in the new tab from Management -> Active Clients -> Non-Heimdal Devices.
The “Details” column will contain cells that are editable and will allow the dashboard user to edit the respective field(s), unless, in the Accounts section of the dashboard the “Haze personal data”, Additional Settings check box is enabled.
The dashboard user will also have the options, in the Non-Heimdal devices tab, to Hide and Unhide devices (commands in the “Select what action to take” drop-down list), apply a filter to display only the Hidden Devices, and download the list in a .csv format.
- Audit logs made available to our customers
We are now providing the option to view modifications made to Windows, macOS, and Android Group Policies, found under the Endpoint and Network Settings areas of the dashboard, by pulling the data from a dedicated API. The “audit logs” are also available for the Active Clients and Global actions (product grids) changes.
The API can be accessed via the Guide -> Your HS Api Key -> For Audit logs area.
Heimdal™ Threat Prevention Network:
- Vector N detection for Threat Prevention Network
The addition of the Vector N detection smart patterns AI-driven algorithm represents a big enhancement for our Threat Prevention Network module. A periodic job will analyze the data and run it thru our multi-layer pattern detection, to determine if suspicious activity is present, being able to identify 4 active patterns: Infostealer strain, APT strain, Botnet strain, and Attack blocked.
A new grid for visualizing detected threats has been implemented and can be found in Threat Prevention -> VectorN Detection™ -> VectorN for TPN dedicated tab.
Hostname-specific data is available under the Client Specifics view.
Heimdal™Patch & Asset Management:
- Infinity Management deployment API
We now offer the option to control the “Infinity Management” module through our Corporate Customers API. The new addition is to be found in the Guide -> Your HS Api Key -> For Customer Infinity Management and is available for those customers who have the module licensed.
Some of the methods that can be used under this section are: GET – retrieving all the customer’s applications, POST – enabling to post custom applications, PUT – enabling the modification of an existing application, etc. All the methods can be found, together with their command parameters in the earlier mentioned section of the Heimdal™ dashboard.
- Heimdal™ Encryption tool command line support
This functionality is related to our Heimdal™ Encryption Tool, which can be found and downloaded in/ from the Patch & Asset Management -> Infinity Management -> Windows OS -> View Private Patching Storage section of the dashboard and it enables the user to add command lines for encrypting, decrypting and uploading files.
Below you can find the mandatory arguments needed for performing the above-mentioned actions:
- Encrypt
3 mandatory arguments:
- Action: “-a encrypt” or “-a e”
- Input: “-i C:\work\testenc\test.zip”
Output, the directory where the encrypted file will be placed: “-o
- C:\work\testenc”- ”
2. Decrypt
3 mandatory arguments:
- Action: “-a decrypt” or “-a d”
- Input: “-i C:\work\testenc\test.zip.enc”
Output, the directory where the decrypted file will be put: “-o
- C:\work\testenc”
3. Upload
4 mandatory arguments:
- Action: “-a upload” or “-a u”
- Input, can be an encrypted or non-encrypted file or folder: “-i
- C:\work\testenc\test.zip.enc”
- Customer id, must be a number: “-ci 197116”
- Private api key: “-ak U3RMHATIXKEF7JTIBT4PLS4UBX2IXRFL”
- 3ʳᵈ Party Patch Management – provide a reason for patch failure
This new feature is meant to display in the Heimdal™ dashboard, Products -> Patch & Asset Management -> Standard view, in the “Status” column, the description of the error code in case a patch has failed and it is found in Status “Vulnerable”.
The code, if available, will be displayed on hovering over the icon.
Another place where you can see the status is Active clients -> Select the client -> Patch & Asset Management -> Patch Management -> Latest Status.
The error code descriptions are available only for .msi files (Microsoft installer). If the patch is installed using a .exe file or in another way and the patch fails, we will only display “Vulnerable” status, without any error description.
Heimdal™ Endpoint Detection, Heimdal™ Privileges & App. Control:
- Zero – Trust Execution Protection – Hostname clickable and ability to select what action to take at hostname level
This enhancement is meant to update Zero Trust grids (from the Privileged Access Management, Application Control, and NextGen AV & MDM sections of the dashboard) to make the hostname from each entry clickable and redirect the dashboard user to a dedicated tab, in Active Clients -> Client Specifics view, in which more detailed information is available. More specific, if, for example, anyone will log in to the dashboard and goes to the Next-Gen AV main page, and after that to the Zero Trust grid, if it will click on a hostname, it will be redirected straight to a specific client view, with Endpoint Detection main tab selected and Zero – Trust Execution Protection sub-tab selected.
Also, in all Zero–Trust Execution Prevention grids we added a new column with check boxes that allow users to select one, many, or all displayed hostnames from the grid and act on all the selected items. Once an item (or multiple items) is selected, the “Select what action to take” drop-down list will be displayed, showcasing the actions that can be taken.
The available actions that a dashboard user can perform are:
- Upload selected item(s) to private storage (same functionality as in other Heimdal™ modules)
- Exclude selected item(s) in one, more (specific) or all Group Policies
In the Active Clients view -> Client Specifics view, in the Zero–Trust Execution Protection Tab, we split the grids into multiple sub-tabs, by status (like in the below screenshot):
The “All” sub-tab will display all intercepted processes by Zero - Trust, like the one existing before this enhancement. The others sub-tabs, “Allowed”, “Blocked” and “Unknown” will display only processes with those respective statuses. For all these 4 grids, we will display a counter with the total number of items next to the grid title, as shown in the screenshot above.
Heimdal™ Privileges & App. Control:
- Privileged Access Management – increasing the PAM session length up to 24h
In the Dashboard -> Endpoint Settings -> Privileges & App Control -> Privileged Access Management tab, we enhanced the session length functionality slider, which allows you now to set the duration of the PAM session from 2 minutes up to 24 hours.
- Application Control – Default priority listing for App Control rules
This new functionality automatically sets the default priority for App Control rules to be the last maximum priority + 1. The functionality is present both in the Dashboard -> Endpoint Settings -> Privileges & App Control -> Application Control tab, Application Control area, as well as in the Products -> Privileges & App Control -> Application Control -> Application Control tab grids (the pop – up window that appears when blocking, allowing a process).
The dashboard user will still be allowed to edit the priority field and set customized priorities for the App. Control rules.
- Application Control – App Control rules details
This new functionality is meant to provide information to the dashboard user regarding which App Control rules allowed or blocked a certain application. It comes as a very nifty user experience enhancement and the new info can be found in the status column of each Application Control grid. We added an icon that, on mouseover, will display a tooltip with a text providing the Group Policy active at the time of the interception and the rule priority details. If the rule no longer exists the tooltip will mention that that rule was deleted from the GP.
Heimdal™ Remote Desktop
- Remote Desktop recordings
We are offering new functionality to our Remote Desktop customers consisting of the possibility to automatically record and upload RD sessions to the Heimdal™ storage, by enabling the “Automatically record Remote Desktop sessions” check box from the Endpoint Settings -> Remote Desktop.
The recordings will be available in a newly dedicated tab “Recordings view” which can be accessed under Products -> Remote Desktop.
The data relating to recordings can be also seen in the Active Clients -> Client Specifics -> Recordings tab (after clicking on a hostname).
The recordings can be viewed, as well, at the Hostname level from a newly created context menu (as displayed in the below screenshot).
Recordings are made on the ENDPOINT (end-user) side, not on the Supporter hostname. The recordings are only available in the scenarios in which the Heimdal™ Agent is involved (the “Invite to remote session”/ non Heimdal™ agent scenarios) is not supported from a recordings’ availability standpoint.
Recordings are saved at the following path on the disk: C:\ProgramData\Heimdal Security\RemoteDesktop\Recordings and they are available in the custom .isr format which requires the Heimdal™ Remote Desktop Player (Guide -> Download and install -> Click here to download the Heimdal™ Remote Desktop Player stand-alone installer for Windows) to be played.
- Remote Desktop Invite to remote session (non-Heimdal agent) History View
We’ve enriched the History View (dedicated tab in the Products -> Remote Desktop section of the dashboard) to also include information about the non Heimdal™ agent sessions. In the case of the “Invite to remote session” connections (non Heimdal™ agent) the information grid is the same (in terms of structure) as in the case of the Heimdal™ agent scenarios, the difference is that not all the fields contain data (the only available data, due to the nature of these sessions are: From (hostname), Start Time and Session Type).
- Remote Desktop Heimdal™ agent to non Heimdal™ agent connections
A new enhancement to our Heimdal™ Remote Desktop module was implemented, namely the option to conduct non-Heimdal™ agent sessions (invite to remote sessions) from our agent. We previously had this option available only from the dashboard. The end-user needs to click the icon corresponding to the agent (Windows taskbar) and then click the Start RD session command. For the non Heimdal™ agent sessions, they will see an Invite button that needs to be pressed, and then they will have the option to send an email invite to the users that do not have the Heimdal™ agent installed on their machine. The rest of the flow is the same as the one corresponding to the non-Heimdal sessions triggered from the dashboard.
Other enhancements & fixes:
- Fix related to the Microsoft Updates reboot mechanism:
We have implemented a new check box in the Endpoint Settings -> Patch & Assets -> Operating System Updates, called “Enhanced reboot detection” which, if enabled, will better determine whether a Microsoft update requires a reboot or not.