Endpoint Security / SandBlast Agent Newsletter - Version E83.20

Guy_Avnet — Thu, 27 Aug 2020 15:38:44 GMT

Hi all,

We are happy to announce the release of Endpoint Security Client E83.20.

The complete list of improvements can be found in the version release’s Secure Knowledge sk168081.

But here are the most exciting ones…

New windows support

E83.20 has full support (all blades and packages) for Windows 10 20H1 (version 2004)

Browser Extension support Microsoft Edge (Chromium) & Chrome for Mac

SandBlast Agent Browser Extension now supports Microsoft Edge (Chromium) and Chrome for Mac with the following capabilities:

URL Filtering (WebUI only)
File Download Protection
Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection

The extension is installed automatically together with the new version

Supported & Next To Come:

E83.20 for macOS

The version supports the following capabilities:

Anti-Malware blade is now GA
URL Filtering with SandBlast Agent Chrome Browser Extension
Advanced VPN features are now also available on Mac:

Multiple Factor Authentication
Multiple Entry Point
Implicit Mode
Secondary Connect

Follow sk166955 for more information on the E83.20 release for macOS.

New advanced protections

"Pass The Hash" detection in Behavioral Guard has been enhanced, to recognize more “Pass The Hash” attempts.
Pass The Hash is used by an attacker to do remote authentication by utilizing the hash of an account password. In other words, the attacker does not need the actual plaintext password.
This technique in essence allows for lateral movement in an organization.
Improved malicious LNK files detection
Behavioral Guard was enhanced, to detect malicious LNK files (windows shortcut / direct link to a file). It analyzes the target of a LNK file to determine if the LNK file itself is malicious.
LNK files are mostly though not exclusively utilized maliciously to start LOLBins (Living Off The Land Binaries) like Windows OS executables. Some common targets for malicious LNK files include CMD, powershell, and wscript.

In addition, the Forensics Analysis now can determine whether the attack originated from an LNK file and the Forensics Report shows the targets of all LNK files in an incident.

Content view in the Forensics report

The Forensics Report now has been enhanced to show all AMSI content and LNK targets in a new single view called the Content View. This view is accessible under the Incident Details Menu option.

Full Disk Encryption – pre-boot screen

The Full Disk Encryption pre–boot has a modernized look and feel along with updates to the color-theme and background images.

Stay safe,

Guy A.

Re: Endpoint Security / SandBlast Agent Newsletter - Version E83.20

MikeB — Sun, 27 Sep 2020 15:30:49 GMT

Hello @Guy_Avnet ,

According to sk169216 and sk108695, SBA4B "is installed on the Edge Chromium browser only on machines that are joined to the Organization Domain Controller (DC)."

What about non-AD clients?? It is possible to manually install Edge Chromium SBA4B on this machines?

Re: Endpoint Security / SandBlast Agent Newsletter - Version E83.20

Guy_Avnet — Tue, 29 Sep 2020 09:57:36 GMT

Hi @MikeB

The extension is being uploaded only to Chrome store and not to Microsoft store.

Edge is configured to take it from Chrome store but only if it is in a domain.

So currently this is a limitation and a must for Edge to be part of a domain.

We do consider having the extension also uploaded to the Microsoft-store but it’s still not final.

Thanks,

Guy

topic Re: Endpoint Security / SandBlast Agent Newsletter - Version E83.20 in Endpoint

Endpoint Security / SandBlast Agent Newsletter - Version E83.20

Re: Endpoint Security / SandBlast Agent Newsletter - Version E83.20

Re: Endpoint Security / SandBlast Agent Newsletter - Version E83.20