Hi all,
We are happy to announce the release of Endpoint Security Client E83.20.
The complete list of improvements can be found in the version release’s Secure Knowledge sk168081.
But here are the most exciting ones…
New windows support
E83.20 has full support (all blades and packages) for Windows 10 20H1 (version 2004)
Browser Extension support Microsoft Edge (Chromium) & Chrome for Mac
SandBlast Agent Browser Extension now supports Microsoft Edge (Chromium) and Chrome for Mac with the following capabilities:
- URL Filtering (WebUI only)
- File Download Protection
- Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection
The extension is installed automatically together with the new version
Supported & Next To Come:
E83.20 for macOS
The version supports the following capabilities:
- Anti-Malware blade is now GA
- URL Filtering with SandBlast Agent Chrome Browser Extension
- Advanced VPN features are now also available on Mac:
- Multiple Factor Authentication
- Multiple Entry Point
- Implicit Mode
- Secondary Connect
Follow sk166955 for more information on the E83.20 release for macOS.
New advanced protections
- "Pass The Hash" detection in Behavioral Guard has been enhanced, to recognize more “Pass The Hash” attempts.
Pass The Hash is used by an attacker to do remote authentication by utilizing the hash of an account password. In other words, the attacker does not need the actual plaintext password.
This technique in essence allows for lateral movement in an organization.
- Improved malicious LNK files detection
Behavioral Guard was enhanced, to detect malicious LNK files (windows shortcut / direct link to a file). It analyzes the target of a LNK file to determine if the LNK file itself is malicious.
LNK files are mostly though not exclusively utilized maliciously to start LOLBins (Living Off The Land Binaries) like Windows OS executables. Some common targets for malicious LNK files include CMD, powershell, and wscript.
In addition, the Forensics Analysis now can determine whether the attack originated from an LNK file and the Forensics Report shows the targets of all LNK files in an incident.
Content view in the Forensics report
The Forensics Report now has been enhanced to show all AMSI content and LNK targets in a new single view called the Content View. This view is accessible under the Incident Details Menu option
Full Disk Encryption – pre-boot screen
The Full Disk Encryption pre–boot has a modernized look and feel along with updates to the color-theme and background images.
Stay safe,
Guy A.