Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Guy_Avnet
Employee
Employee

Endpoint Security / SandBlast Agent Newsletter - Version E83.20

Hi all,

 

We are happy to announce the release of Endpoint Security Client E83.20.

 

The complete list of improvements can be found in the version release’s Secure Knowledge sk168081.

But here are the most exciting ones…

 

New windows support

E83.20 has full support (all blades and packages) for Windows 10 20H1 (version 2004)

 

Browser Extension support Microsoft Edge (Chromium) & Chrome for Mac

SandBlast Agent Browser Extension now supports Microsoft Edge (Chromium) and Chrome for Mac with the following capabilities:

  • URL Filtering (WebUI only)
  • File Download Protection
  • Credential Theft protection including Zero-Phishing and Corporate-password-reuse protection

The extension is installed automatically together with the new version

Supported & Next To Come:

Guy_Avnet_0-1598542587961.png

 

E83.20 for macOS

Guy_Avnet_1-1598542587964.png

The version supports the following capabilities:

  • Anti-Malware blade is now GA
  • URL Filtering with SandBlast Agent Chrome Browser Extension
  • Advanced VPN features are now also available on Mac:
    • Multiple Factor Authentication
    • Multiple Entry Point
    • Implicit Mode
    • Secondary Connect

Follow sk166955 for more information on the E83.20 release for macOS.

 

New advanced protections

  • "Pass The Hash" detection in Behavioral Guard has been enhanced, to recognize more “Pass The Hash” attempts.
    Pass The Hash is used by an attacker to do remote authentication by utilizing the hash of an account password. In other words, the attacker does not need the actual plaintext password.
    This technique in essence allows for lateral movement in an organization.
  • Improved malicious LNK files detection
    Behavioral Guard was enhanced, to detect malicious LNK files (windows shortcut / direct link to a file). It analyzes the target of a LNK file to determine if the LNK file itself is malicious.
    LNK files are mostly though not exclusively utilized maliciously to start LOLBins (Living Off The Land Binaries) like Windows OS executables. Some common targets for malicious LNK files include CMD, powershell, and wscript.

In addition, the Forensics Analysis now can determine whether the attack originated from an LNK file and the Forensics Report shows the targets of all LNK files in an incident.

 

Content view in the Forensics report

The Forensics Report now has been enhanced to show all AMSI content and LNK targets in a new single view called the Content View. This view is accessible under the Incident Details Menu option.

 

Guy_Avnet_2-1598542587972.png

 

Full Disk Encryption – pre-boot screen

The Full Disk Encryption pre–boot has a modernized look and feel along with updates to the color-theme and background images.

Guy_Avnet_3-1598542587975.png

 

Stay safe,

Guy A.

2 Replies
MikeB
Advisor

Hello @Guy_Avnet , 

According to sk169216 and sk108695, SBA4B "is installed on the Edge Chromium browser only on machines that are joined to the Organization Domain Controller (DC)."

What about non-AD clients?? It is possible to manually install Edge Chromium SBA4B on this machines?

0 Kudos
Guy_Avnet
Employee
Employee

Hi @MikeB 

The extension is being uploaded only to Chrome store and not to Microsoft store.

Edge is configured to take it from Chrome store but only if it is in a domain.

 

So currently this is a limitation and a must for Edge to be part of a domain.

 

We do consider having the extension also uploaded to the Microsoft-store but it’s still not final.

 

Thanks,

Guy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events