Directly contact our Support Team

GravityZone 6.7.1-1 Release Notes

Release Date: 2019-07-02
Last revised: 5 July 2019

These changes require the following minimum product versions: 

  • BEST 6.6.11.159
  • Security Server Multi-Platform 6.1.71.8593

New Features

Advanced Anti-Exploit

Powered by machine learning, this new proactive technology stops zero-day attacks carried out through evasive exploits. Advanced Anti-Exploit catches the latest exploits in real-time and mitigates memory corruption vulnerabilities that can evade existing solutions.

This security layer is pre-configured with the recommended security settings and you can customize it from the Antimalware > Advanced Anti-Exploit policy section.

You can view Advanced Anti-Exploit events in the Security Audit, Blocked Application, Endpoint Module Status reports.

note Note:
This security layer addresses Windows-based systems.

Improvements

Antimalware

  • Improved custom exclusions:
    • Ability to use wildcards when defining custom exclusions.
    • Added more exclusion types: file hash, certificate thumbprint, threat name, and command line.
    • New field for adding notes or remarks for each exclusion.
    • Added the option to add ATC/IDS exclusions on folders.
  • Technology improvements to Central Scan:
    • Security Server cache sharing technology is now available. With this implementation, Security Servers will share scanning cache information with each other, leading to significant scanning speed performance increase in virtualized environments. To benefit of this feature, enable port 6379 to allow traffic between Security Servers.
      note Note:
      Cache sharing works only between Security Servers of the same type. For example, Security Server Multi-Platform shares its cache only with other Security Servers Multi-Platform.
    • Implemented a new Load Balancing mechanism between endpoints protected through BEST with Central Scan, and Security Servers. You can now choose to distribute the load evenly between the assigned Security Servers.
    • Improved load status reporting for Security Severs help you assess the scalability of Security Servers in your environment. The Security Server Status report now includes two new states: Near overloaded and Near underloaded

Sandbox Analyzer

  • Expanded the list of supported file types that can be automatically submitted to Sandbox Analyzer.
  • Added content pre-filtering capabilities for submitting files to the Sandbox Analyzer. This functionality is configurable in a new policy section.
  • Added error messages for failed detonations in the submission card section on the Sandbox Analyzer page.

Storage Protection

You can now use the secured connection between Security Servers and the protected NAS servers, provided they use SSL over ICAP. Load your security certificate in the Configuration > Certificates > Endpoint - Security Server communication section of Control Center.

Usability

Optimized the Control Center workspace with the new display modes of the menu: expanded, collapsed (icon view) and hidden.

Reports

The Network Protection Status report has been enriched with more granular statuses for licenses (Expired, Pending, Trial) and endpoint management (Unamanaged).

Update System

  • Replaced the antimalware signatures with a new method to identify known and unknown malware, called Security Content.
  • Security Server updates are now published using update rings.

Public API

  • General: Through this new endpoint you can now get the API key details.
  • Network:
    • Added the option to create a scan task using the MAC address of the endpoint.
    • Added the companyId field in the results of the getManagedEndpointDetails method.
    • You can now reset the label for an endpoint using the setEndpointLabel method.
    • Introduced the assignPolicy method.

Resolved Issues

Sandbox Analyzer

Analysis results from a manual submission could not be retrieved if a proxy was in place.

Update System

In Control Center, weekly recurrence for antimalware updates was resetting upon return if set only on Sunday. This was only a display issue, the setting being sent correctly to the security agent.

Antimalware

Security Server Load Balancing – Equal distribution mode had limited functionality. The scan load was not distributed equally between Security Servers.

Known Issues

Antimalware

  • The new custom exclusion types are not available for on-demand scanning tasks.
  • The following exclusion types for ATC/IDS are available only for Windows desktop operating systems:
    • Process with wildcards
    • File hash
    • Detection name
    • Detection name with wildcards
    • Command-line
  • Certificate thumbprint exclusions are not available for ATC/IDS.
Can't find a solution for your problem? Open an email ticket and we will answer the question or concern in the shortest time possible.

Rate this article:

Submit