Adaptive Defense on Aether Platform

What's new in Adaptive Defense

Release Notes

XVI

09/25/2024

Aether Platform-based products: Release XVI (09/25/2024)

Adaptive Defense: 4.40.00

Agent and protection versions

  • Windows protection: 8.00.23.0001
  • MacOS protection: 3.05.00.0001
  • Linux protection: 3.05.00.0001
  • Windows agent: 1.22.01.0000
  • MacOS agent: 1.14.01.0000
  • Linux agent: 1.14.01.0000

New features

  • Click here to download a presentation describing what’s new in the new version.
  • Endpoint Access Enforcement. This new feature monitors connections to the Windows computers on the network to help reduce potential infections and attacks from unprotected computers (Windows, macOS, or Linux). By default, it monitors inbound connections for SMB and RDP traffic. On Windows computers, this feature requires Windows protection v8.00.23.0000 or higher and communications agent v1.22.01.0000 or higher; on macOS and Linux computers, it requires communications agent v1.14.01.0000 or higher.
  • New Endpoint Access Enforcement settings profile. You can specify risk conditions for computers and create new connection rules for protocols other than SMB and RDP.
  • New Endpoint Access Enforcement dashboard with several graphs: connection map, top 5 computers reporting high-risk outbound or inbound connections, number of connections by condition, and number of connections by monitored protocol.
  • New Monitored connections tab on the computer details page. This tab shows connections that meet the conditions specified in the Endpoint Access Enforcement rules.
  • Endpoint Access Enforcement. Executive reports now include an Endpoint Access Enforcement section.
  • Ability to block vulnerable drivers. New Vulnerable drivers section in the Workstations and servers settings. This section enables you to detect and block vulnerable drivers, preventing attackers from exploiting them to perform malicious actions. This feature requires Windows protection v8.00.23.0000 or higher.
  • Ability to block vulnerable drivers. You can exclude detected vulnerable drivers from monitoring, so that they are never detected again.
  • Changes to anti-exploit protection settings. Anti-exploit protection is easier to configure. You can now exclude specific processes from anti-exploit protection, without having to completely disable the feature. This feature requires Windows protection v8.00.23.0000 or higher.
  • AMSI detection technology. You can now enable advanced scanning with AMSI. You can enable and disable AMSI detection technology and exclude specific processes, without having to completely disable the AMSI feature. This feature requires Windows protection v8.00.23.0000 or higher.
  • Ability to manage exclusion impact on risk assessment. One of the aspects that is considered in risk assessment is whether there are folder, file, and extension exclusions. Now, when configuring Risks settings, you can decide which exclusions you want the security software to consider when it calculates a computer risk level.
  • Ability to isolate Linux computers. You can now isolate Linux computers on your network. Similar to the Windows and macOS feature, isolated Linux computers allow only our processes to communicate. If an attack occurs, you can isolate the computer from the network to prevent the spread of the threat. If required, you can exclude other processes to allow them to communicate on isolated computers. This feature requires Linux protection v3.05.00.0000 or higher.
  • You can now enable and disable local alerts on macOS computers and customize malware, firewall, and device control alerts.
  • Android protection now supports Network Access Enforcement.
  • Support for SHA-256. You can now use MD5 and SHA-256 hashes when configuring these features: Advanced protection, Program blocking and Authorized software.
  • Users with Total Control permissions can export recipient email addresses configured in the My alerts section for all users in an account.
  • Task management improvements. You can now cancel or delete all tasks at once instead of having to individually select all tasks that appear on each page.
  • Support for Windows Server 2025. This feature requires Windows protection v8.00.23.0000 or higher.
  • Support for macOS 15 Sequoia. This feature requires macOS protection v3.05.00.0000 or higher.
  • Support for these Linux distributions: OpenSUSE 15.3, 15.4, 15.5, and 15.6; SUSE 15 SP6; Fedora 39 and 40; Red Hat/Oracle/Rocky/Alma 8.9, 8.10, 9.3, and 9.4; Ubuntu 23.10 and 24.04; and Mint 21.2, 21.3, and 22. Click here for detailed information about all supported Linux distributions. This feature requires Linux protection v3.05.00.0000 or higher.
  • Exchange Server protection is now end of maintenance (EOM). Although we no longer provide support for issues with Exchange Server protection, it will continue to be available until 1 January 2025 to customers that are currently using it. After that date, Exchange Server protection settings profiles will be removed from all consoles and Exchange Server protection will be disabled on all endpoints. As a result, Exchange Server email will no longer be intercepted and scanned.
  • On 30 September 2024, protection for Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008, as well as macOS Yosemite, El Capitan, Sierra, High Sierra, and Mojave will become End of Sale (EOS). Windows 2008 R2 will continue to be supported. After that date, you will not be able to add to the console or install the protection software on new computers that run these operating systems versions.
    Later, on 30 April 2025, our Windows and macOS protection for these OS versions will become End of Life (EOL). After that date, the product license will be automatically removed from all computers that run these OS versions, and you will not be able allocate licenses to affected computers.

Bug fixes

  • Issue that caused the security software to send the same alert email notifications repeatedly over several days.
  • Issue that caused the security software to classify URLs as “unknown category” and block them on some computers.
  • Issue that prevented users from logging in to a corporate website.
  • Security software upgrades after computer shutdown took too long because the computer waited for the PSANHost process to close.
  • BSOD error that occurred on computers with NeuShield drivers.
  • Issue that caused the security software decoy files to create temporary files and folders after backup sessions.
  • ATC.exe did not run on Server Core because of a dependency.
  • Issue that caused on-demand scans of PDF files to not finish.
  • Vulnerability found in the security software decoy files.
  • Issue with Linux protection signature file permissions after a security software upgrade.
  • Self-diagnosis issue that caused the security software to sometimes report an error despite it worked correctly.
  • When you uninstalled the security software from a macOS device, you were prompted to keep the quarantine despite it was empty.

 

 

XV

06/01/2023

Aether Platform-based products: Release XV (06/01/2024)

Adaptive Defense: 4.30.00

Agent and protection versions

  • Windows protection: 8.00.22.0025
  • MacOS protection: 2.00.10.1000 and 3.04.01.0000 for Catalina, Big Sur, Monterey, Ventura and Sonoma
  • Linux protection: 3.03.00.0001
  • Windows agent: 1.21.03.0000
  • MacOS agent: 1.13.10.0000
  • Linux agent: 1.13.00.0000

New features

  • Click here to download a presentation describing the new and improved features included in the version rolled out on 20 March 2024.
  • Click here to download a presentation describing the new and improved features included before 20 March 2024.
  • Secure Wi-Fi connections. When you connect to a Wi-Fi network using WatchGuard Access Points, Access Points can check that connecting devices are secure: the security software is enabled and running. This feature supports Windows and macOS computers and requires a version of Wi-Fi Access Points that supports this functionality.
  • Secure Wi-Fi connections. You can configure this feature on the Network Access Enforcement tab inside the Network Services settings. You must also enable it on the Access Points that you configure in WatchGuard Cloud.
  • The Network Access Enforcement settings now apply to VPN connections through WatchGuard Fireboxes and Wi-Fi connections through WatchGuard Access Points.
  • The new version of Patch Management supports macOS computers. This version adds automatic detection of patches and the ability to patch macOS Catalina, Big Sur, Monterey, and Ventura systems on demand or on a schedule.
  • Patch Management on macOS systems enables you to patch both the operating system and third-party applications.
  • Operating system patches for macOS with ARM (M1 and M2) require the computer user password and a forced restart.
  • MacOS operating system patches are not included by default in recurring patch installation tasks. However, you can enable installation of these patches manually.
  • You can select to install macOS operating system patches manually from the list of available patches. These patches include the text “Softwareupdate” in the patch name. Search for Softwareupdate to easily identify these patches in your organization.
  • MacOS devices can install patches from a Windows cache computer to optimize bandwidth use and centralize patch downloads through cache computers. You can specify these cache computers in the Network Services settings.
  • The new version of Patch Management supports Linux computers. This version adds automatic detection of patches and the ability to patch Red Hat 7 and 8, CentOS 7, and SUSE 12 and 15 systems on demand or on a schedule. Future releases will support additional distributions.
  • Patch Management on Linux systems enables you to patch both the operating system and third-party applications.
  • Linux devices install patches by using the caching mechanisms implemented on the system, not the caching mechanisms configured in the product.
  • Support for macOS Sonoma. Requires macOS protection version 3.03.00.0002 or higher.
  • In the Patch Management dashboard and lists, you can now filter by operating system (Windows, macOS, or Linux).
  • In the Available Patches list, you can now filter the list by operating system (Windows, macOS, or Linux). You can also filter by the hundreds of Windows, macOS, and Linux applications that can be patched with Patch Management.
  • By default, recurring patch installation tasks install only Windows patches. To install macOX or Linux patches, you must select them manually in the section where you specify the software you want to patch.
  • You can view the software supported by Patch Management here.
  • Patch Management. New Programs with Most Available Patches widget that shows programs with most patches that are pending installation.
  • Patch Management. New Available Patches by Computers list that shows patches that are pending installation on most computers on the network.
  • Vulnerability assessment. New dashboard that shows vulnerabilities detected on computers. It is only available for customers without the Patch Management module.
  • Vulnerability assessment. Automatic discovery of vulnerabilities in the operating system and third-party software on Windows, macOS, and Linux workstations and servers.
  • Vulnerability assessment. This feature enables you to run searches to check whether vulnerabilities that are being exploited by hackers are present in your organization. You can view a list of vulnerabilities exploited in the wild here.
  • Vulnerability assessment. The Available Patches list shows the number of affected computers. For details about affected computers in the organization, you can purchase or take a 30-day free trial of the Patch Management module.
  • Vulnerability assessment. To patch vulnerabilities on demand or on a recurring schedule in order to keep your network free of critical vulnerabilities, you can purchase or take a 30-day free trial of the Patch Management module.
  • Audit mode. In a Workstations and Servers settings profile, you can enable Audit mode to detect and report malware, ransomware, and other types of attacks. However, detected threats are not blocked or deleted. Audit mode supports Windows, macOS, and Linux workstations and servers.
  • Audit mode. We recommend you use this mode only if you are evaluating our endpoint security solutions or if you are evaluating the security status of a customer protected with another solution. Computers in Audit mode are shown as computers at risk because they are not protected. They are simply audited.
  • Audit mode. In Audit mode, the solution detects the hardware and software installed on each computer, malware, PUPs, exploits, vulnerabilities, etc. To prevent malicious software from running and performing any action, you must disable Audit mode.
  • If Audit mode is enabled in the workstations and servers settings profile applied to a computer, the security software does not register as an antivirus with Windows Security Center (WSC) and does not disable the Windows Defender antivirus protection.
  • Network attack protection. New protection technology for Windows that scans network traffic in real time to detect and stop threats. It prevents network attacks that attempt to exploit vulnerabilities in services that are open to the Internet and in the internal network. To view the network attacks detected by this protection, click here.
  • Network attack protection. You can configure this protection in the Advanced Protection section of a Workstations and Servers settings profile. The default action is Block, although you can also set it to Audit. If this protection is disabled or in Audit mode, the computer appears as at risk.
  • Network attack protection. New Network Attack Activity widget that shows the number of incidents and computers with network attack activity.
  • Network attack protection. If needed, you can exclude the detection of a specific network attack on all computers in the organization, as well as network attacks that originate from a specific IP address or IP address range.
  • Network attack protection. You can send email alerts when network attack protection detects a network attack.
  • Network attack protection. Network attack detections are included in executive reports.
  • Threat Hunting Service. The Indicators of Attack (IOA) Mapped to the MITRE Matrix widget now includes the MITRE sub-technique, along with the tactic and technique (TTP). The tactic, technique, and sub-technique enable you to identify the phase of an attack to take containment and remediation actions with the required urgency.
  • Enriched events sent to the SIEM platform. Provided you have the SIEMFeeder module, this new release provides you with information about indicators of attack (IOA) as well as the MITRE tactic and technique associated with each IOA.
  • Settings profiles set by partners. Partners can define whether the settings profiles assigned to customers from the partner’s multi-customer console can be editable. Editable settings profiles enable you to add exclusions and authorized software to the settings. However, you cannot delete or edit the list of exclusions or authorized software defined by the partner.
  • Ability to configure multiple proxies. You can configure multiple proxies so that computers on the network connect to the Internet through the first proxy computer that works. This feature is now supported by macOS workstations and Linux servers as well as on Windows.
  • Support for these Linux distributions: Ubuntu 22.10 and 23.04, Linux Mint 21.1, Fedora 36, 37, and 38, Oracle Linux 8 UEK R7, 9.0, 9.1, and 9.2, Red Hat Enterprise 8.8 and 9.2, AlmaLinux 8.8 and 9.2, and Rocky Linux 8.8 and 9.2.. Information about all supported Linux distributions. This requires Linux protection version 3.03.00.0001 or higher.
  • Performance improvements on macOS computers. Improved boot time. Faster startup speed for applications that require thousands of files be opened to work. This requires macOS protection version 3.03.00.0001 or higher.
  • ART and Data Control: More modern, intuitive, user-friendly user interface. New colors for color-blind users. Reduced visual noise. Some sections have been moved to sub-tabs. Better contrast. Improved spacing. Fewer icons. Horizontal scroll bars always visible. Some items are responsive to fit the screen size. Changes to domain navigation. Redesigned modal dialog boxes for warning and notification messages. More intuitive action buttons.
  • Full Encryption. Added support for macOS Catalina or higher. macOS computer encryption leverages FileVault technology included in the operating system. Encryption runs in the background. There is no impact on performance.
  • Full Encryption. When you enable macOS computer encryption in the settings, the computer user is prompted to enter administrator credentials for encryption to begin. All hard disks on the computers are encrypted. On computers already encrypted with FileVault, the user is also prompted to enter administrator credentials to generate recovery keys.
  • Full Encryption. Recovery keys for macOS computers are managed centrally from the console. These keys are requested after a number of failed login attempts or when the encrypted drive is removed from the computer and an attempt is made to use it on another computer.
  • Full Encryption. You can now see the encryption status of Windows as well as macOS computers on dashboards and in lists.
  • Full Encryption. Just like Windows computers, macOS computers are not decrypted when Full Encryption licenses expire or the software is uninstalled.
  • Full Encryption. This module requires as many licenses as computers are encrypted with Windows BitLocker and macOS FileVault technologies.
  • MacOS device isolation. You can now isolate macOS computers as well. Just like Windows computers, isolated macOS computers allow only our processes to communicate. If an attack occurs, you can isolate the computer from the network to prevent the spread of the threat. If required, you can exclude other processes to allow them to communicate on isolated computers. Requires macOS protection version 3.04.00.0000 or higher.
  • To improve anti-tamper protection, we have added the ability to enforce two-factor authentication (2FA) when users access the local console installed on their computers or to uninstall the protection software on a computer. 2FA relies on a single QR code you can generate for all computers in a customer account or multiple codes if you want to have different authenticator factors for different areas. Requires Windows protection version 8.00.22.0023 or higher.
  • You can enable protection when Windows computers start in Safe Mode with Networking to prevent hackers from taking advantage of this boot mode to spread their attacks across the network. This setting is enabled for default, but you can disable it from the web console and from the local console. Requires Windows protection version 8.00.22.0023 or higher.
  • The Report a Problem feature you can access from a computer details page is now available for Windows, Linux, and macOS computers.
  • You can now send executable files larger than 50 MB to Collective Intelligence platform for analysis. These files do not contain personal details. This improvement enables our Zero-Trust Application Service to classify large files more accurately.
  • Patch Management. Ability to filter the list of available patches by patch release date.
  • Patch Management. We have added new columns to the installation history export file to provide more information about the tasks that installed the patches shown in the list.
  • Patch Management. New text for the message that appears on user computers when a reboot is required to install a patch. The text indicates that the reboot is requested by the patched software, not by our security solution.
  • Patch Management. Ability to configure computers on the network as test computers. You can use test computers to verify patches install successfully before deploying them across the network.
  • Patch Management. When creating a patch installation task, you can select to install patches only on test computers. Later, if everything goes well, you can edit the task to install the patches on all computers.
  • Patch Management. Ability to configure computers or computer groups where you do not want to install patches.
  • Patch Management. If a patch you wanted to install required a computer restart, the patch appeared as ‘Pending Restart’ on the patch installation history page and the status was never updated. Now, if the computer restarts at some point after patch installation, the patch status changes to ‘Installed’.
  • Ability to select all unprotected computers discovered from the list of computers discovered.
  • Created a new default settings profile where the anti-exploit and decoy files technologies are disabled. This is the profile that is applied by default. However, any new profile you create has the anti-exploit and decoy files technologies enabled by default.
  • Ability to download signatures over HTTPS.

Bug fixes

  • Fixed issue where the Available Patches Trend graph did not show the exact number of available patches.
  • Fixed issue where the Automatic Deletion of Computers option in the Computer Maintenance feature deleted computers and also uninstalled the security software. We have fixed the bug so that the security software is no longer uninstalled.
  • Fixed issue where the risk monitoring feature reported the risk “Advanced protection for Windows in Hardening mode” when the advanced protection was in Lock mode.
  • Fixed issue where executive reports for the last 7 days gave wrong information about indicators of attack (IOA).
  • The solution now shows detections made by the decoy files technology in the local console reports.
  • The solution now shows detections made by anti-exploit technology in the blocked items counter in the local console.
  • We have fixed vulnerabilities in our security software. Requires Windows protection version 8.00.22.0010 or higher.
  • Fixed issue where the solution did not identify the operating system correctly when it was installed on a server in a Virtual Desktop Infrastructure (VDI) environment.
  • Fixed issue to avoid BSOD errors in the firewall technology in rare cases where there is a timeout error because there is no network traffic.
  • Fixed issue to cancel the installer when there are Windows Update updates in progress.
  • Fixed issue where the computer restart message showed an incorrect number of days left to restart.
  • Fixed issue where path exclusions that include special characters did not work on macOS computers. Requires macOS protection version 3.03.00.0001 or higher.
  • Fixed issue where local alerts where not shown on macOS computers.
  • Fixed issue with the Network Extension (NEXT) used on macOS computers. Requires macOS protection version 3.03.00.0001 or higher.
  • Fixed issue on macOS Catalina where the Network Extension (NEXT) enabled by a user did not enable for other users of the computer.
  • Fixed issue where scheduled tasks did not run on the configured dates on macOS computers in Sleep mode.
  • Fixed issue loading the scan engine on Linux computers with version 9 of CentOS, Red Hat, Rocky Linux, and AlmaLinux when SELinux is running in Enforcing mode (there were no issues in Permissive mode). Requires Linux protection version 3.03.00.0001 or higher.
  • Fixed issue on Linux that prevented access to our collective intelligence when you connected through Blue Coat ProxySG or FortiProxy devices. Requires Linux protection version 3.03.00.0001 or higher.
  • Fixed issue on Linux where the communications agent crashed due to a memory error and did not process the changes received from the web console or send reports.
  • Fixed issue on Linux where the solution sent duplicate detection reports when the protection version was upgraded.
  • Fixed issue to avoid random BSOD errors in the PSINProt.sys driver. Requires Windows protection version 8.00.22.0013 or higher.
  • Improved protection upgrades to better keep the settings defined in a previous version.
  • Improvements to minimize the possibility that the protection service crashes. Requires Windows protection version 8.00.22.0013 or higher.
  • Fixed issue that caused a memory leak in a firewall driver. Requires Windows protection version 8.00.22.0013 or higher.
  • Fixed issue to enable the operating system, the backup software, and other applications to create shadow copies on drives other than system drives. Our protection did not allow this to prevent ransomware from deleting shadow copies. Requires Windows protection version 8.00.22.0013 or higher.
  • Improved creation of decoy files to prevent Windows Defender from detecting them as malware on servers. Requires Windows protection version 8.00.22.0013 or higher.
  • Fixed issue in the RDP protection that detects and contains brute-force attacks on RDP. This issue affects customers with Windows protection version 8.00.22.0012 and is fixed in version 8.00.22.0014 and higher.
  • Fixed issue that caused the solution to not show pop-up notifications when malware was detected on macOS computers under very specific circumstances. Requires macOS protection version 3.03.00.0001 or higher.
  • Improvements to the communications agent to process corrupt messages. Requires Windows agent version 1.21.02.0000 or higher.
  • Fixed issue to correctly get Active Directory paths with computer names longer than 15 characters. Requires Windows agent version 1.21.02.0000 or higher.
  • Patch Management. Added a prompt for users to enter their password when installing operating system patches for macOS with ARM (M1 and M2). Requires macOS agent version 1.21.02.0000 or higher.
  • Fixed issue where the protection service crashed when the Decoy Files technology was enabled and the computer had directories whose name was in Greek. Requires Windows protection version 8.00.22.0014 or higher.
  • Fixed issue that caused a memory leak in the PSINReg.sys driver and could lead to a BSOD error. Requires Windows protection version 8.00.22.0014 or higher.
  • Fixed issue where scheduled reports did not include details of available patches.
  • Fixed issue where, when you installed certain Windows operating system patches, the solution did not show the result of the installation task.
  • Fixed issue where, when you excluded a network attack performed from certain IP addresses, these were lost when you added another exclusion for the same attack performed from other IP addresses.
  • Fixed issue where executive reports showed an incorrect date and time in IOA-related information.
  • Fixed issue that caused an increase in memory usage by the PSANHost process and led to increased CPU usage by the service.
  • Improvements so that our security software registers correctly with Windows Security Center (WSC) after an operating system upgrade.
  • Fixed issue to improve loading of some specific web pages. This bug affects version 8.00.22.0010 or higher of the Windows protection and is fixed in version 8.00.22.0022 or higher.
  • Correction of Japanese texts in the local console installed on endpoints. Requires Windows protection version 8.00.22.0022 or higher.
  • Fixed issue that prevented macOS computers from connecting to a VPN when you enabled network access enforcement (VPN enforcement). Requires macOS protection version 3.03.00.0001 or higher.
  • Fixed issue that caused network extensions on macOS computers to stop working, and a message indicating that required privileges had not been accepted appeared. Requires macOS protection version 3.03.00.0001 or higher.
  • Fixed issue that caused the local console to stop working on macOS computers when the protection software scanned paths and files that contained special characters or emojis. Requires macOS protection version 3.03.00.0001 or higher.
  • Performance improvements. Goodware items are now correctly added to the cache to optimize scans at the next program execution. Requires macOS protection version 3.03.00.0001 or higher.
  • Fixed issue by which, when you created a list of patches and sorted it by computer, an error occurred if you tried to access a patch details.
  • Fixed issue by which, when a patch description contained the + sign, no information appeared when you accessed the patch details.
  • Fixed issue by which, when you disabled advanced protection, features that depended on advanced protection, such as Anti-exploit or Network Attack Protection, were not disabled.
  • Fixed issue by which, when a MAC address was not in uppercase letters, the security software did not discover unprotected computers.
  • Fixed issue by which, when you searched the network for unprotected computers, the search results returned protected computers whose name did not match the name in the list.
  • Fixed issue by which antivirus exclusion were not applied to the Decoy Files technology. Requires Windows protection version 8.00.22.0023 or higher.
  • Fixed issue that caused a BSOD error when the server exceptionally generated malformed network packages. Requires Windows protection version 8.00.22.0023 or higher.
  • We have updated the zlib version to fix vulnerabilities in the previous version. Requires Windows protection version 8.00.22.0023 or higher.
  • Fixed issue that caused a memory leak with Data Control and customer-defined filters. Requires Windows protection version 8.00.22.0023 or higher.
  • Performance improvements on virtual servers. Requires Windows protection version 8.00.22.0023 or higher.
  • Fixed a vulnerability in the pskmad_64.sys driver that could enable an attacker with Administrator privileges to run code with SYSTEM privileges on the target computer. For more information, click here. Requires Windows protection version 8.00.22.0023 or higher.
  • Fixed issue that caused a memory leak with connections over port 8180 of the Java application. This could cause the server to run out of memory. This fix requires Windows protection version 8.00.22.0024 or higher.
  • Fixed issue that caused a rare BSOD error due to the pskmad.sys driver. This fix requires Windows protection version 8.00.22.0024 or higher.
  • Improvements to the protection software upgrade process to prevent rare BSOD errors when a driver cannot be stopped. This fix requires Windows protection version 8.00.22.0024 or higher.
  • Fixed issue so that AMSI detection technology respects the path exclusions configured in the protection software settings. This fix requires Windows protection version 8.00.22.0024 or higher.
  • Improvements to prevent high CPU usage during computer startup when the Shadow Copies feature is enabled. This fix requires Windows protection version 8.00.22.0024 or higher.
  • Reinstallation of the security software with a restart for which there was a wait time did not work if no user was logged in.
  • Fixed issue to prevent display of duplicate computers when you used Active Directory to discover computers.
  • When you filtered the list of discovered computers by a criterion and selected all filtered computers to install the security software only on them, the security software installed on all discovered computers just as if there was no filter applied.
  • Executive reports and other reports you scheduled to send daily were not sent in some specific cases.
  • The NAHSL network driver did not disable even when you disabled all features that use it (advanced protection, web access control, and firewall).
  • Fixed issue to minimize the cases where the protection appears with an error status. This fix requires Windows protection version 8.00.22.0024 or higher.
  • Fixed issue that caused isolated computers to show alert messages despite the option to not show alerts was selected. This fix requires v8.00.0022.0025 or higher.
  • Fixed issue for computers that showed a protection software error on the Status tab. This fix requires v8.00.0022.0025 or higher.
  • Fixed issue that stopped the service during upgrades. This fix requires v8.00.0022.0025 or higher.
  • Fixed issue to prevent BSOD errors caused by the protection for POP3/SMTP email over IPv6. This fix requires v8.00.0022.0025 or higher.
  • Fixed issue to prevent a rare BSOD error caused by the NNSSTRM.sys driver. This fix requires v8.00.0022.0025 or higher.
  • Fixed issues resolving the criteria defined for trusted networks in the Panda Endpoint Security firewall protection settings for networks detected automatically. This fix requires v8.00.0022.0025 or higher.
  • Performance improvements for multi-user environments such as RDS environments. This fix requires v8.00.0022.0025 or higher.

Hotfixes Included in Windows Protection v8.00.22.0025

 

Hotfix Name JiraResolved Issue
hf-wgua2680_diagnosticstatus.exeWGUA-2680Fix for computers that showed a protection software error on the Status tab. This fix requires v8.00.0022.0025 or higher.
hf-wgua2809_nnsmanager.exeWGUA-2809Fixed issues resolving the criteria defined for trusted networks in the Panda Endpoint Security firewall protection settings for networks detected automatically.
hf-ker822-pkndisk.exeKER-822Performance improvements for multi-user environments such as RDS environments.
hf-wgua2617-shadowcopies-psanmodproactive.exeWGUA-2617High CPU usage (usually caused by the System process) due to the Shadow Copies feature after an upgrade.
hf-wgua623-scanfeature.exeWGUA-623Immediate and scheduled scan crashes.
hf-wgua-2152-2320-nnsstrm-tcpsession.exe WGUA-2320 / WGUA-2152Performance issues caused by the firewall infrastructure. This issue could occur with any of these protections enabled on the affected endpoint: advanced protection, web protection, firewall protection, and web filtering protection.
hf-ker608-system_rules_consumption.exe KER-608 Performance issues and high CPU usage on Windows servers monitored by SysMon.
hf-wgua991-datacontrol-pslucene.exe WGUA-991 Performance issues with Data Control rules-based monitoring of files.
hf-wgua-2243-2246-waconf-amsi-wsc.exe WGUA-2243 Third-party antivirus programs disabled in Windows Security Center.
hf-wgua-2243-2246-waconf-amsi-wsc.exe WGUA-2246AMSI detection technology issues with WatchGuard Endpoint Security.
hf-wgua1881-getdomainname.exe WGUA-1881Blue screen (BSOD) with reference to the NNSDNS.sys driver caused by the firewall infrastructure. This error could occur with any of these protections enabled on the affected endpoint: advanced protection, web protection, firewall protection, and web filtering protection.
hf-wgua2030-ransomdecoydetection.exe WGUA-2030The protection software detected Trj/RansomDecoy after you selected “Do not detect again”.
hf-wgua1796-psncnotifmgr.exe WGUA-1796High RAM and CPU usage.
hf-wgua1389-multilanguage.exe WGUA-1389Protection software errors on Windows computers with multibyte character sets (MBCS) with decoy files enabled.
hf-wgua1681-psanmodmv.exe WGUA-1681 File transfer errors for SMB (Server Message Block) traffic on domain controller servers.
hf-wgua1731-psnwsc.exe WGUA-1731After you upgraded the protection software or certain Windows versions, the installed application did not appear in Windows Security Center (WSC).
hf-wgua1636-nnsstrm.exe WGUA-1636Connection timeout errors for some HTTPS web pages with the protection software installed.
hf-wgua2746-cmw-951_psnwsc_pknmdt.exe WGUA-2746Unexpected restarts of the PSANHost.exe service due to failures in the Windows Security Center (WSC) self-diagnosis. These failures could cause the service to crash after failing to get all of the necessary information about the modules configuration.

 

 

XIV

11/02/2022

Aether Platform-based products: Release XIV (11/02/2022)

Adaptive Defense: 4.20.00

Agent and protection versions

  • Windows protection: 8.00.21.0005
  • MacOS protection: 2.00.10.1000 and 3.02.00.0000 for Catalina, Big Sur, Monterey and Ventura
  • Linux protection: 3.02.01.0002
  • Windows agent: 1.20.00.0000
  • MacOS agent: 1.11.03.0000
  • Linux agent: 1.11.04.0002

New features

  • Click here to download a presentation describing what’s new in the new version.
  • Risk assessment. New dashboard for monitoring risks on managed computers. It includes four graphs showing the risk level for each computer in the organization, the risk trend, the most detected risks, and the top 10 computers at risk. We recommend that you manage risks to reduce the attack surface.
  • Risk assessment. New “Risks” settings which enable you to specify the risk factors you want to detect on computers. You can disable each factor to avoid detection. Also, we recommend a risk level for each factor, which you can change based on your needs.
  • Risk assessment. The risk factors that are detected automatically are: computer protection status, inadequate settings, and detection of indicators of attacks (IOA). For customers who have the Patch Management module, the solution also detects whether there are critical patches pending installation.
  • Risk assessment. The details page for each laptop, desktop, server, or mobile device now includes risk information, including the overall risk status.
  • Risk assessment. New lists detected risks and risks by computer.
  • Risk assessment. You can now include risk information in the executive report.
  • Discovery of unmanaged computers through Active Directory. Discovery computers can access up to three Active Directory servers to find computers registered in Active Directory. Unprotected computers found in Active Directory appear in the list of unmanaged computers discovered. You can remotely install the protection on those unmanaged computers from the web console.
  • Discovery of unmanaged computers using Active Directory. In the list of unmanaged computers discovered, the computers you find using Active Directory show the Active Directory path where they are located.
  • As of this version, the Active Directory path appears for macOS and Linux computers.
  • The installation page for macOS and Linux computers now includes the "Add computers to their Active Directory path” option.
  • The "Move to Active Directory path" option is now available for macOS and Linux computers.
  • Automatic deletion of computers. On the ”Computer maintenance” page, you can configure VDI environments and now also automatically delete computers based on a filter. All computers that meet the criteria in the filter are automatically deleted daily. Deleted computers that reconnect to our platform reappear in the web console.
  • Automatic deletion of computers. Only users with full visibility of the account and the “Add, discover, and delete computers” permission can modify these settings. Deletions are tracked in the “System events” section.
  • Source IP address. The “Malware activity”, “PUP activity”, and “Currently blocked programs being classified” widgets on the “Security” dashboard now show when a computer visible to you is infected after a file was copied from another computer on the network. The information includes the IP address of the computer where the infection originated.
  • On the Patch Management dashboard, an Available patches trend graph shows the number of patches that are available for installation on the computers on the network, over time (seven days, one month, one year). This information also appears for individual computers, on the “Detections” tab of the computer details page.
  • You can filter the Available patches trend graph by computer type (laptop, workstation, and server) and patch type (operating system patches and app patches).
  • Patch Management. In the Available patches list, you can export trend data about patches pending installation to a file for further analysis.
  • Patch Management. The Available patches trend graph is now included in the executive report.
  • Patch Management. In the Restart options section of an install patches task, you can now specify the maximum time that the system waits before it forces a restart on the computer to complete the installation of the patch (the default time is 4 hours). You can restart immediately when the task is scheduled or delay the restart up to 7 days.
  • You can now export tasks in the account to a file to easily identify tasks in progress, affected computers and groups, etc.
  • You can filter the task list by task status (No recipients, In progress, Finished, and Canceled).
  • When you copy a task, you can copy its settings with or without the recipients.
  • Integration with the VPN enforcement feature of WatchGuard’s Firebox solutions. Secure VPN is now available for computers with macOS. With Secure VPN, all VPN connections must meet specified security requirements before they connect to VPN networks.
  • New tool for generating gold images on macOS and Linux systems. For more information, see this FAQ on how to create a gold image.
  • Better integration with Windows Security Center (WSC) in Windows 11. The process that communicates with WSC is protected at all times with ELAM to meet a future requirement of Windows 11 22H2.
  • Support for macOS Ventura, the newest version of macOS. It requires macOS protection version 3.02.00.0000 or higher.
  • Support for the CentOS Stream, Alma Linux and Rocky Linux Linux distributions. Support for new versions of the supported distributions. Details about all supported Linux distributions. It requires Linux protection version 3.02.00.0000 or higher.
  • Performance improvements on Linux servers with high workload. It requires Linux protection version 3.02.00.0000 or higher.
  • Computers list. You can now export a simplified computer list that does not include configuration details.
  • In the filter tree, you can now search filters by name.
  • Improved anti-tamper protection for Windows to prevent our files from being deleted through registry modifications that run when the computer starts. It also prevents changes to our process permissions. It requires Windows protection version 8.00.21.0000 or higher.
  • Updated third-party libraries to fix vulnerabilities in them. It requires Windows protection version 8.00.21.0000 or higher.
  • The Aether web console now opens in WatchGuard Cloud, instead of on a separate tab.
  • New web notifications. When a new version becomes available, a notification appears in the console that enables users to begin the upgrade on demand.
  • The Linux agent service now restarts automatically after a crash.
  • The core files created by the Linux protection and agent are automatically deleted so that they do not take up all disk space. The oldest files are deleted until there is at least 1 GB of free disk space.

Bug fixes

  • Fixed issue where, when a decoy file was opened exclusively, the solution detected it as write. This led to false positives with Office 365 and certain backup programs.
  • Fixed issue where decoy files were identified as Office files and were continuously synced with OneDrive. We have made changes to minimize this.
  • We have optimized the Decoy Files module to resolve performance issues on servers with many concurrent users. It requires protection version 8.00.21.0004.
  • Fixed an issue where there was a protection service outage with paths that exceed the maximum length allowed by the operating system. It requires protection version 8.00.21.0004.
  • Fixed an issue with the mv.sig signature file that caused slowdowns on certain servers.
  • Fixed a vulnerability that had the ability to modify the behavior of the security software in specific situations to delete files on the affected computer. It requires protection version 8.00.21.0004.
  • Fixed an issue to avoid potential BSOD errors on computers with the FSLogix application installed. It requires protection version 8.00.21.0004.
  • Fixed an issue that prevented the creation of firewall rules on servers. It requires protection version 8.00.21.0004.
  • Fixed an issue with the VMware VMXNET3 adapter, where files copied over the network were modified (SMB). It requires protection version 8.00.21.0004.
  • Fixed an issue with the Linux agent, where the protection could not be updated.
  • Fixed an issue with the Linux agent, where there were continuous errors when the event queue became full.
  • We have optimized the tasks performed by the Linux agent to not affect performance on servers with thousands of active sessions.
  • Fixed issue to avoid BSOD errors when you run Sandbox on Windows.
  • Fixed issue that caused increased CPU usage on certain computers, mainly Windows servers.
  • Fixed issue to avoid BSOD errors in the firewall technology when inconsistent network packets were received.
  • Fixed issue to avoid losing the ability to communicate in real time with isolated computers.
  • Fixed issue so that, if there is an error in some data in a report, the error is dismissed and all other information in the report is sent.
  • Fixed issue with version 3.01 of the macOS protection that caused systems to stop responding when Time Machine Incremental backups were performed in the background.
  • Fixed issue with the macOS protection by which when there was an upgrade to Catalina, the EndpointProtection Network driver of the previous version was kept.
  • Fixed issue that caused crashes when you scanned macOS Catalina systems on demand.
  • When you tried to install the protection on a Red Hat Enterprise Linux 6.7 (Santiago) server, an error occurred and the installation was canceled soon after it started.
  • Ability to change the recipients of a recurrent task (scan or patch installation tasks).
  • Now you can filter the hardware inventory list by any operating system we support (Windows, macOS, Linux, Android, and iOS). The exported information contains data from all systems.
  • If a machine communicated using the IPv6 protocol, the console showed only the first numbers in the IP address, but not the full IP address.
  • If you had the “Add, discover, and delete computers” permission only and tried to add a discovery computer, the action was not allowed.
  • Fixed issue when updating Windows Defender signatures with Patch Management.
  • On Linux systems, we were reporting as malware behaviors that we were monitoring but were not confirmed malware.
  • Fixed issue on Linux systems that caused errors in the psanhost process.
  • Fixed issue to prevent temporary disruptions of the protection service from affecting other sessions with logged-in users. It requires protection version 8.00.21.0005.
  • The Decoy Files technology has been optimized to not regenerate decoy files in closed remote desktop sessions. It requires protection version 8.00.21.0005.

 

 

XIII

05/10/2022

Aether Platform-based products: Release XIII (05/10/2022)

Adaptive Defense: 4.10.00

Agent and protection versions

  • Windows protection: 8.00.20.0001
  • MacOS protection: 2.00.10.0000 and 3.01.00.0000 for Catalina, Big Sur, and Monterey
  • Linux protection: 3.01.00.0003
  • Windows agent: 1.19.01.0000
  • MacOS agent: 1.10.12.0001
  • Linux agent: 1.10.10.0001

New features

  • Click here to download a presentation showing what’s new in the new version.
  • You can centrally manage Shadow Copies from the product web console. Shadow Copies is a technology included in Microsoft Windows that enables you to restore previous versions of files. This feature is particularly useful in the event of a ransomware infection. It is supported on Windows Vista or higher and Windows Server 2003 or higher. Requires Windows protection version 8.00.20.0001 or higher.
  • You enable the Shadow Copies feature from the product web console. You can specify the percentage of disk space you want to dedicate to shadow copies (10% by default).
  • When the Shadow Copies feature is enabled, Windows creates a shadow copy every 24 hours. The Panda software retains up to 7 copies at a given time.
  • The Shadow Copies feature is protected against ransomware attacks by our anti-tamper protection. Ransomware can delete all backup copies on affected devices before encrypting all files on the system.
  • We have incorporated Decoy Files technology to detect attacks based on behavior. This technology detects changes to files stored on computers as bait. Requires Windows protection version 8.00.20.0001 or higher.
  • We have added deep learning technologies as an additional machine learning technique in the protection model. Requires Windows protection version 8.00.20.0001 or higher.
  • Integration with the VPN enforcement feature of WatchGuard Firebox solutions. Secures VPN access from computers with our protection installed and running.
  • New optimized protection for macOS computers with a Catalina operating system or higher. Includes a new local console and uses Network Extension technology to intercept network traffic. This new technology replaces SQUID, which has been removed in our macOS protection (version 3.00.00.0000 or higher).
  • The new macOS protection (version 3.00.00.0000 or higher) for computers running Catalina or higher can also intercept traffic when connected via VPN, so web protection and URL filtering are available when using any VPN.
  • You must allow the new Network Extension technology included in our protection on all macOS computers. You need to allow it the first time that it is installed, or when we update the macOS protection to version 3.00.00.0000 or higher. For more information about the required permissions, click here.
  • You can now select the type of device where you want to run patch installation tasks: laptop, workstation, server, or mobile device.
  • If an error occurs installing the Linux and macOS protections, detailed information is shown in the protection status section.
  • The protection status section shows information about the status of the advanced protection for Linux systems.
  • Ability to export, sort, and filter the list of users with access to the product web console. This feature improves efficiency when you manage accounts with tens or hundreds of users. Relevant information is included, such as user role or 2FA enforcement.
  • The computer details page now shows the public IP address of the device (Windows, macOS, Linux), even of mobile devices.
  • Patch Management. New tile with information on computers with most vulnerabilities. You can filter the information in the tile by criticality, computer type, and patch type (operating system patches or third-party software patches).
  • Patch Management. New tile with information on most available patches for computers in the organization. You can filter the information in the tile by criticality, computer type, and patch type (operating system patches or third-party software patches).
  • Patch Management. The number of computers that are pending a restart to finish installing patches is shown in the main tile on the Patch Management dashboard.
  • Patch Management. New filter that shows operating system patches and third-party software patches. This filter is available from the available patches and installation history lists.
  • Full Encryption. Ability to search for recovery keys by using the encrypted device ID. These searches are particularly useful for USB devices (it is easy to forget on which computer they were encrypted), and computers that are difficult to identify.
  • We have improved the process to validate the certificates required to communicate with certain domains safely. Requires Windows protection version 8.00.20.0001 or higher.
  • We have improved the anti-tamper protection by leveraging the ELAM (Early Launch Anti-Malware) technology included on Windows 10 and Server 2019 or higher operating systems. Requires Windows protection version 8.00.20.0001 or higher.
  • We have optimized the Linux protection performance. Linux protection version 3.01.00.0003 and higher include multiple performance improvements that are particularly noticeable on servers with heavy workloads.
  • Support for the latest versions of the supported Linux distributions (Fedora 35, Red Hat 8.6, and Ubuntu 22.04). More information about all supported Linux distributions. Requires Linux protection version 3.01.00.0003 or higher.

Bug fixes

  • Hardware and detected threats reports were not emailed when they had been modified by users with restricted privileges.
  • When exporting the computers list, if the user had read-only permissions, information for some computers was not exported.
  • Patch Management. Improved reporting of patch installation tasks on computers with an incorrect date and computers where the time was changed.
  • In silent installations, the First Installation window appeared when there was a temporary error updating signatures.
  • When you tried to install the protection with the option to update signature files disabled in the settings, the installation froze.
  • Exclusions for the permanent protection now apply to Windows AMSI (AntiMalware Scan Interface) as well.
  • Fixed BSOD errors with inconsistent network packets.
  • Fixed BSOD errors that occurred if you opened Outlook when scanning inconsistent network packets.
  • Fixed a bug in the way URLs in blocklists were managed.
  • Fixed a POP3 bug that prevented connections from being made when the email protection was active.
  • IPv6 public IP addresses were not fully shown in the web console.
  • You could not copy roles created with a higher-end product or trial version.
  • If you installed patches that required a restart and user consent and several days went by without a response, when you tried to install new patches that required a restart, the communications agent crashed.
  • If you installed the agent on an ARM-based Windows 11 Education computer, the protection failed to install.
  • When you tried to install the protection on extremely slow computers, there was a double installation attempt which uninstalled the installed antivirus and caused an unnecessary restart.
  • The new macOS protection (version 3.00.00.0000 or higher) for systems running Catalina or higher includes a new network interceptor that optimizes browsing speed and enables you to open URLs which, in TLS 1.3 connections, could not be opened with the SQUID technology.
  • The new macOS protection (version 3.00.00.0000 or higher) for systems running Catalina or higher eliminates problems when you log in to online services such as OneDrive or Google Drive.
  • Fixed a bug updating kernel modules in SUSE.

 

 

XII

07/12/2021

Aether Platform-based products: Release XII (07/12/2021)

Adaptive Defense: 4.01.00

Agent and protection versions

  • Windows protection: 8.00.19.0010
  • macOS protection: 2.00.10.0000 and 2.00.10.1000 for Catalina, Big Sur, and Monterey
  • Linux protection: 3.01.00.0001
  • Windows agent: 1.18.02.0000
  • macOS agent: 1.10.11.0000
  • Linux agent: 1.10.10.0001

New features

  • Click here to download a presentation showing what’s new in the new version.
  • Support for Windows 11. Requires Windows protection version 8.00.19.0000 or higher.
  • Support for Windows 2022. Requires Windows protection version 8.00.19.0000 or higher.
  • Support for macOS Monterey. Requires macOS protection version 2.00.10.1000 or higher.
  • Threat Hunting Service. New dashboard providing visibility into the indicators of attack (IOA) detected through the Threat Hunting Service included at no extra cost in our EDR products. Indicators of attack (IOA) are anomalous behaviors detected on computers which are very likely to belong to an attack. The continuous monitoring of the actions performed on computers enables us to provide this service.
  • Threat Hunting Service. Widgets with the number of events, indicators, and indicators of attack. Events are the number of actions monitored by the EDR solution, indicators are anomalous behaviors detected on the network, and indicators of attack are indicators which are very likely to be an attack.
  • Threat Hunting Service. Indicators of attack (IOA) mapped to the MITRE. matrix. Each indicator of attack is mapped to a tactic and technique of the MITRE matrix. This enables organizations to easily identify the stage of the attack and its characteristics. This information also provides organizations with customized response recommendations and enables them to take containment and remediation actions with the required urgency.
  • Threat Hunting Service. View of indicators of attack by indicator type to easily identify the most common types of attacks suffered by the organization and prioritize preventive measures to prevent future attacks.
  • Threat Hunting Service. View of indicators of attack by computer to easily identify computers with a high probability of being compromised.
  • Threat Hunting Service. Ability to archive indicators of attack that have already been managed to easily identify indicators that are pending management. These appear in red in widgets.
  • Threat Hunting Service. Detailed information about each indicator of attack: date, risk, attack type description, containment and remediation recommendations if the attack is confirmed, and full description of the attack type based on the mapping of the tactic and technique used by the adversary to the MITRE database.
  • Threat Hunting Service. Direct access to extended information about an indicator of attack from its Details page. Click the MITRE, tactic and technique links to open the MITRE website with detailed information that helps remediate the attack and reduce the attack surface.
  • Threat Hunting Service. Advanced attack investigation. Accessible from the Details page of an indicator of attack. This investigation automatically reports the compromised users and computers, helps determine the root cause of the attack, provides information such as the URLs and IP addresses involved in the attack, and gives a view of the overall impact of the attack on the entire organization.
  • Threat Hunting Service. Attack graph. Accessible from the Details page of an indicator of attack. This view is a graphical display of all the items involved in the attack, aiding the investigation of the root cause of the attack, its impact, etc.
  • Threat Hunting Service. Attack graph. The nodes in the graph show the classification of files. Orange nodes indicate unknown files and PUPs, whereas red nodes indicate malware. Additionally, node icons are those of popular applications, making identification easier.
  • Threat Hunting Service. Attack graph. You can interact with graph items and even take action on multiple nodes simultaneously.
  • Threat Hunting Service. Attack graph. The graph enables you to view activity details of specific processes.
  • Threat Hunting Service. Attack graph. The graph shows the sequence of events triggered by a process for identification of all events occurred over time. Each edge is assigned a sequential number based on the date when the event occurred.
  • Threat Hunting Service. Detect and contain brute force attacks on the RDP protocol. Ability to manually end containment mode on computers.
  • Threat Hunting Service. Configure indicators of attack and select the action to take, set a list of trusted IP addresses, and disable any indicator of attack that is generating false positives on any computer in the organization.
  • Threat Hunting Service. Added a new permission to roles to control who can modify indicators of attack settings.
  • Threat Hunting Service. Added a new alert type to the “My alerts” settings to send email notifications when indicators of attack are detected.
  • Threat Hunting Service. Added information about indicators of attack to executive reports.
  • New Detections tab on the Details page of computers. This tab shows all detections, unpatched vulnerabilities, indicators of attack, etc. The information displayed depends on the contracted product and modules.
  • Ability to cancel and delete multiple tasks in one step.
  • More granular, flexible task scheduling You can schedule scans or patching tasks to run on any day of the week, on the last Friday of the month at the time you select, etc. There are many other options that make the task scheduling process more flexible. Especially suitable for installing patches through Patch Management.
  • Ability to delete blocked programs in the process of classification. Administrators can delete blocked programs from the list of blocked items. This option is useful when there are blocked files that could not be sent to the cloud because they are too large or are no longer available. The status of the file is shown in the list of blocked programs. All actions taken are logged in the activity log and in the history of blocked items.
  • Ability to perform searches in the computer group tree.
  • Ability to schedule the sending of a full or summary version of the lists that allow exporting detailed information (for example, the software inventory list).
  • New column in the “Protection status” list. This column shows the status of computer communications with the Collective Intelligence platform servers and the servers used for URL classification. This feature is currently implemented for Windows computers.
  • New column in the “Protection status” list export. This column shows the status of the advanced protection (Audit, Hardening, or Lock).
  • The anti-exploit protection is now enabled and in Block mode by default. The anti-exploit protection settings created prior to this release are not modified, although it is recommended to enable the protection in all settings profiles.
  • The advanced protection for Linux is now in Block mode by default. This way, all malicious actions detected by the behavior scanner are blocked, providing maximum protection.
  • The contextual detections of the advanced protection for Linux are updated dynamically when necessary.
  • Better integration with the Windows 10 AntiMalware Scan Interface (AMSI). The use of AMSI provides our solutions with telemetry and additional information about script and macro execution, improving protection without negatively impacting computer performance.
  • Scanning of programs launched on Windows startup to make sure that all programs loaded in memory are trusted.
  • IPv6 traffic filtering for all protocols supported by the firewall technology incorporated into all our products.
  • Ability to show notifications in the web console. These notifications are informational and are also used to notify customers of the availability of new versions, enabling them to upgrade their account to the latest version. Each user of the web console can disable the notifications they want, without affecting other users.
  • Support for the latest versions of the supported Linux distributions (Fedora, Red Hat, CentOS, etc.). More information about all supported Linux distributions.
  • Support for SUSE 11 SP2 and above, SUSE 12, and SUSE 15.
  • Support for Oracle Linux 6.X, 7.X y 8.X.
  • Monitoring of network events on Linux to get more context information for run applications. The final objective is to provide the EDR features included in the Linux protection with more visibility and therefore more detection capabilities.
  • Improved process monitoring on Linux to enrich telemetry with more process execution data. This provides the EDR features included in the Linux protection with more visibility and therefore more detection capabilities.
  • New parameter in the Linux agent installation to include proxy settings.
  • Automatic upgrade of the Linux protection when necessary after an upgrade of the Linux kernel or distribution installed.
  • Linux protection performance improvements applicable to very specific distributions where management of multiple threads was not optimal.
  • When selecting “Custom range” in “Web access” lists, no data or incorrect data was returned. Now, it is not possible to select more than one month of data.
  • To optimize performance, Windows protection communications now use WinHTTP.
  • Scanning of compressed files on macOS systems when you launch an on-demand or scheduled scan.
  • Ability to select "Last 7 days" and "Last month" in the Patch Management installation history so that partners can inform customers about the patches installed in the last 7 days or in the last month as part of the managed service provided to them.
  • In Patch Management, patches shared using cache computers can now be shared across network segments.
  • Ability to set an expiration date for downloaded installers so that you can control their use.
  • On Windows Legacy operating systems (Windows Vista, Windows 7, and Windows Server 2008), only SHA-256 signed drivers are allowed. To install a protection version higher than 8.00.19.0001, the Windows Legacy operating system of the target computer must be up to date and compatible with SHA-256 driver signing. For more information, click here.
  • The advanced protection classifies files included in MSI installers signed with a trusted digital signature as trusted files.
  • Improved Anti-tampering protection by leveraging the ELAM (Early Launch Anti-Malware) technology included in Windows 10 and Server 2019 or higher operating systems.
  • Included the last 4 digits in the protection and agent versions reported in the “About…” section of the local console on Windows devices.
  • Patch Management goes into EOL (End of Life) for the following operating systems: Windows XP, Windows Vista, and Windows Server 2003.

Bug fixes

  • Fixed a bug to avoid BSOD errors with inconsistent DNS network packets.
  • Fixed a bug to avoid BSOD errors under certain circumstances when using the “Automatically detect the network type” feature.
  • When selecting the “All” filter in the list of blocked items, only items from the last month were shown. This has been fixed so that all items are shown.
  • When a filter was created that included hardware and software fields, you could not select multiple computers.
  • If protection upgrades were disabled in the settings, an upgrade error was displayed in the Details page of computers instead of indicating that upgrades were disabled.
  • If there were multiple groups at the first level of the group tree and one of them was collapsed, the rest of groups appeared with no name.
  • On the Licenses tab, if there was more than one license contract and any of them was close to expiring, it was incorrectly reported that all contracts were close to expiring.
  • Clicking the VirusTotal link did not take you to the page for the specific malware but to a search page.
  • After upgrading the protection and restarting the computer, the user was incorrectly prompted to restart their computer again to complete the upgrade.
  • Windows 10 version 21H1 was not correctly detected.
  • Sometimes, the Windows protection status was incorrectly reported in the web console for a short period of time.
  • Fixed an issue starting the Windows protection service in very specific scenarios in some languages.
  • The local alerts shown when a computer is isolated were displayed incorrectly when you customized the alert text.
  • BSOD error restoring Active Directory on Windows systems.
  • The macOS protection stopped starting if multiple errors occurred in a short period of time. From version 2.00.10.0000 of the macOS protection, the protection service starts correctly after multiple errors if it is started on demand or after restarting the computer.
  • Windows 11 computers are now correctly identified as Windows 11 in the web console.
  • Ability to install the protection on Windows 11 computers with an ARM processor (used on Surface devices and some specific laptops). Requires Windows protection version 8.00.19.0010 or higher.
  • Fixed an issue that caused a BSOD error when you installed the NeuShield software. Requires Windows protection version 8.00.19.0010 or higher.
  • When you installed patches that required a restart, the pending restart notification never disappeared.
  • When you created a weekly report, the dates shown in the report schedule were one day before the configured dates.
  • The Automatic proxy discovery using Web Proxy Autodiscovery Protocol (WPAD) setting was not applied correctly.

 

 

XI

01/12/2021

Aether Platform-based products: Release XI (01/12/2021)

Adaptive Defense: 3.72.00

Agent and protection versions

  • Windows protection: 8.00.18.0003
  • macOS protection: 2.00.08.0000 and 2.00.08.1000 for Catalina and Big Sur
  • Linux protection: 3.00.00.0050
  • Windows agent: 1.17.01.0000
  • macOS agent: 1.10.08.0000
  • Linux agent: 1.10.06.0050

New features

  • Software authorization. Ability to configure, in the settings, rules that prevent the advanced protection for Windows from blocking unknown processes. Authorized software is continuously monitored and is prevented from running if classified as malware. Therefore, software authorization is a secure method to allow the execution of unknown processes. These rules can be based on the hash (MD5) or other attributes of files (digital signature, name, path, and version), which can be combined with each other.
  • Software authorization. If exclusions are being used to prevent unknown processes from being blocked, we recommend that you move extension, file, and folder exclusions to software authorization rules. For security reasons, exclusions should only be used when it is necessary to avoid all kinds of scans due to performance problems or incompatibility with other applications.
  • Software authorization. Added new permissions to user roles in order to allow users to configure or just view this feature.
  • Minimize blocking of unknown processes. The new protection version includes a local goodware cache to prevent goodware (legitimate software) from being blocked in case the protected computer cannot connect to the Collective Intelligence platform.
  • Removed the ability to unblock items reclassified as goodware as they are already unblocked.
  • Windows on ARM. Compatibility with computers running this operating system included in Microsoft Surface devices and some laptops. Now, you can install our Windows protection on both Intel-based and ARM-based Windows computers.
  • Windows on ARM. All features provided by our solutions work on this new operating system with the exception of the anti-exploit protection and Patch Management, which works partially since patches for ARM-based operating systems are not detected; nevertheless, patches for third-party applications are detected.
  • Windows on ARM. New ‘Windows ARM’ filter that shows computers with Windows on ARM.
  • Support for Big Sur, the latest version of the macOS operating system, on Intel-based Macs. Requires version 2.00.07.100 or later of the macOS protection.
  • Support for Big Sur, the latest version of the macOS operating system, on ARM Macs (M1). For our macOS protection to work on ARM-based Big Sur computers, Rosetta is used. This is a macOS emulator that enables ARM Macs to run Intel applications. Requires version 2.00.08.1000 or later of the macOS protection.
  • Support for System Extensions on macOS. System Extensions is the latest standard recommended by macOS for execution interception. Systems Extensions were first introduced in Catalina.
  • For the permanent protection to be active and running on macOS Catalina and later systems, Systems Extensions (SEXT) and Full Disk Access (FDA) must be enabled for our protection. If they are not enabled, the user will be reminded every 2 hours of the need to do so in order to be protected. For more details, see this FAQ.
  • Improved scan times on macOS when performing on-demand or scheduled scans. Mapped network drives are not scanned. Also, the scanner is prevented from scanning the same file twice.
  • Advanced protection on Linux systems. Added the ability to detect malicious activity on Linux systems using contextual detections. Contextual detections allow us to proactively detect and prevent malware and malwareless attacks.
  • Advanced protection on Linux systems. Ability to change the configuration of contextual detections on Linux. New options are available (‘Do not detect’, ‘Audit’, and ‘Block’) in the ‘Detect malicious activity (Linux only)’ setting of the advanced protection. The default option is ‘Audit’ (malicious actions detected are not blocked), although we recommend that you change the setting to ‘Lock’ if, after some weeks, you see that the detections made by the advanced protection for Linux are malicious actions in all cases.
  • Exclusions in the anti-exploit technology. If an exploit detection turns out to be a false positive, you can add an exclusion for the exploit technique detected in the affected program.
  • Exclusions in the anti-exploit technology. Exclusions added to the anti-exploit technology are displayed in the ‘Programs allowed by the administrator’ widget, from where they can be deleted at any time.
  • More details about exploit detections. This version shows the exploit technique in the list of detections and in the detection details. Also, the exploit technique links to a support article with additional information. Finally, the detected exploit’s activity graph is now displayed by default in hierarchical format.
  • Ability to customize local alert messages. Ability to enter a custom text that will be displayed in the local alerts shown when a computer is isolated, a detection is made, an unknown process is blocked by the advanced protection, or a program is blocked.
  • Data Control. New policy for controlling writing to removable storage devices. Ability to allow write to removable storage devices (USB drives) only when the drive is encrypted with BitLocker. It is not necessary for the drive to have been encrypted with the Full Encryption module.
  • Full Encryption. Removable storage drive encryption. Removable storage drive encryption using BitLocker. The authentication method supported is key authentication. All volumes on the same USB device are encrypted with the same key. Only used space is encrypted.
  • Full Encryption. Centralized management of removable storage drive encryption policies. Ability to configure USB drive encryption policies from the Aether management console. These encryption policies enable you to select on which machines the end user will be prompted to encrypt the USB drives connected to them.
  • Full Encryption. Centralized storage of recovery keys in the Aether console.
  • Full Encryption. Recovery key availability. Recovery keys are stored on the machine where the USB drive was encrypted. They are available in the computer details.
  • Improvements to the status information of Windows computers. The new version shows more accurate information about the status of protected computers.
  • Now, a computer’s details page in the web console indicates if its settings have been temporarily modified by the administrator from the computer’s local console. A computer’s settings can be modified locally if the administrator knows the password configured in the ‘Per-computer settings.’
  • Improved usability. Ability to easily copy/paste to/from the clipboard any tags selected by the user in the settings.

Bug fixes

  • Fix to the multiple selection feature in the list of duplicate machines. If the user tried to select all computers in the list of duplicate machines, in reality only one more computer than was displayed was selected, instead of all computers.
  • Patch Management. If some computers reported that a patch could not be installed, it was impossible to install it on any computer, regardless of whether the selected computers had all the information required for the patch to be properly installed.
  • Full Encryption. Successfully encrypted computers reporting an “error” status did not show recovery keys in the console.
  • Non-persistent virtual machines were not automatically deleted when the maximum configured number of machines was reached.
  • Correct detection of virtual machines running under the QEMU emulator.
  • Laptops connected to a dock are now correctly reported.
  • Improvements to the status information of Windows computers. The protection has been improved in order to report the status of the protections installed on computers more accurately, even when the protection service is not responding.
  • No action taken in Audit mode. The advanced protection won’t block any malware if the protection is configured in Audit mode.
  • Fixed a bug to avoid blue screen of death (BSOD) errors if there are continuous restarts of the protection service.
  • Additional checks in the firewall technology to avoid double context flows that could cause a blue screen of death (BSOD) error.
  • If the Power Nap feature of macOS systems was enabled, the protection sometimes reported an incorrect status. This could generate an email alert informing of an incorrect status of the protection.
  • The MAC address of macOS computers was not sent correctly.
  • When installing the protection, if external software deleted the installation configuration file, the protection was not installed and the generic uninstaller was erroneously launched.
  • In very exceptional cases on 64-bit machines, protection updates failed because a file could not be copied.
  • The protection was not installed if it was not possible to uninstall the existing security product from the computer. This was always the case regardless of whether the “Automatically uninstall protections from other vendors” option was enabled or disabled.
  • The option to export blocked programs did not export all available data. Data such as computer names was missing.
  • Now it is not possible to enter more than 15 characters in the “Password required to perform advanced management tasks locally from computers” field of the “Per-computer settings” section.
  • Fixed an issue that caused a BSOD error when using 4G or 5G connections on Windows computers with ARM processors.

 

 

X

07/23/2020

Aether Platform-based products: Release X (07/23/2020)

Adaptive Defense: 3.71.00

Agent and protection versions

  • Windows protection: 8.00.17.0001
  • macOS protection: 2.00.06.0006
  • Linux protection: 3.00.00.0050
  • Windows agent: 1.16.11.0000
  • macOS agent: 1.10.05.0001
  • Linux agent: 1.10.06.0050

New features

  • Added protection for macOS and Linux to Panda Adaptive Defense. Our protection for macOS and Linux includes activity monitoring (process execution, library loading, access to paths and critical system files, etc.), which gives us the visibility and context information required to provide EDR protection on those systems.
  • Visibility of the activity of the malware and PUPs detected on macOS and Linux systems, including activity details and activity graphs.
  • Visibility of the malware and PUPs detected on macOS and Linux systems in Advanced Reporting Tool (Alerts table).
  • Visibility of the monitoring of macOS and Linux systems in Advanced Reporting Tool (Ops and Install tables).
  • Continuous improvement and adaptation of the Windows protection included in Adaptive Defense/Adaptive Defense 360. Added new sensors to detect in-process privilege escalation attacks, domain controller spoofing, port opening, DNS tunneling, processes launching tasks from the WMI, and attempts to delete items protected by the shield. All these events are included in the collected telemetry to enrich our Intelligence and classify malware and malwareless attacks even faster.
  • Greater integration with the Windows 10 AMSI (AntiMalware Scan Interface). The use of AMSI provides Adaptive Defense with telemetry and additional information about script and macro execution to improve protection without negatively impacting computer performance.
  • The network telemetry collects the actual destination IP when a computer connects to the Internet via a proxy server. Getting the actual IP allows us to check our telemetry against IP-type IOCs (Indicators of Compromise) on our Collective Intelligence platform.
  • Detection and blocking of attempted attacks making use of DCSync and DCShadow techniques with our DPIF (Deep Packet Inspection Firewall).
  • Improved Anti-Tamper protection: Anti-Tamper protection for the communications agent and other protection services. Additionally, we prevent processes required by the protection from being suspended. These measures are extremely important against hackers trying to stop our services and processes.
  • Password-based uninstallation prevention and Anti-Tamper protection enabled by default in the default settings for new customers and in new settings for all customers.
  • Patch Management. The ‘Available patches’ list indicates patches that need a restart after having been installed, thus preventing administrators from re-creating installation tasks for those patches.
  • Patch Management. The ‘Available patches’ list displays the release date of patches, thus providing administrators with another criterion to evaluate the criticality of patches.
  • Data Control. The Settings screen options have been rearranged. Two new sections have been added: Rule-based monitoring of files and Advanced indexing options, the latter containing the indexing scheduler. The General section is now Personal data (inventory, searches, and monitoring).
  • Data Control. The section Personal data (inventory, searches, and monitoring) provides the ability to configure the monitoring of personal data in email and configure exclusions.
  • Data Control. The section Rule-based monitoring of files provides the ability to specify the default file extensions to which monitoring will be applied.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific files extensions. If any of those extensions is not included in the default list of extensions, the user is given the option to add it automatically to the list.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific file names. All files with the entered names will be monitored.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific file paths. All files in the entered path will be monitored.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific file contents for those files whose contents can be interpreted by Data Contro.
  • Data Control. The section Rule-based monitoring of files provides the ability to apply AND/OR operators when creating rule conditions.
  • Data Control. The section Rule-based monitoring of files provides the ability to group conditions, creating nesting levels related to one another with the logical operators AND/OR.
  • Data Control. The section Rule-based monitoring of files provides the ability to edit and delete rules.
  • Data Control. The section Rule-based monitoring of files provides the ability to select whether you want to monitor files on disk or in email. Monitored operations for files on disk are stored in the usrrules table in Advanced Visualization Tool. The monitoring of files in email applies to attachments included in inbound and outbound email in Outlook 2013 and 2016 for Exchange. Monitored operations are stored in the usrrulesmail table in Advanced Visualization Tool.
  • Data Control. Fixed performance issue when displaying the list of files with personal data for customers with a high volume of files. We have removed the ability to filter files by computer in the list of PII files; nevertheless, it is still possible to view a computer’s PII files from the list of computers with PII files. We have also removed the ability to sort the list of PII files by computer. The list of PII files displays a maximum of 1,000 records, sorted by last connection date.
  • Group picker in the Web console to temporarily restrict the data displayed in dashboards and reports to the computers selected by the user. This allows administrators managing hundreds or thousands of computers to be able to focus on one or multiple specific computer groups at any one time; for example, the server group or all computers at a particular location.
  • Ability to filter computers by IP address range.
  • Ability to filter computers by group. This returns all computers in a group and all its subgroups.
  • Ability to filter computers by the “Last proxy used” property. This enables you to view which computers communicate with which proxy.
  • Email notifications in all languages supported by the Web console.
  • Hardware inventory. The hardware inventory now displays the BIOS serial number for Windows computers (in the Web console and in the ‘Hardware inventory’ exported file).
  • More control and details during the installation process. The URLs that could not be accessed during the installation process on endpoints are displayed in the local console, agent logs, Event Viewer, and Web console. New step added at the end of the installation process: verification of communications between the protection and servers (Glauka, SRF, Cyren).
  • The role permission ‘Modify computer tree’ is now independent of the permissions to edit settings and run tasks. Therefore, any changes made to those permissions won’t affect the ‘Modify computer tree’ permission.
  • Agent updates are now more robust: auto-recovery in the event of an error.
  • Computers with errors downloading the installer are not displayed as ‘Installing’, but as ‘Installation error’.
  • The customer ID is displayed in the Web console, making it easier to identify the customer account.
  • New fonts and styles in the Web console following Marketing guidelines.
  • New Linux distributions supported: Ubuntu 20.04 and RedHat 8.2. For more information about all supported Linux distributions, click here.
  • Patch Management. Ability to access, from the ‘Available patches’ list, a new Web page with information about high and critical severity vulnerabilities for which exploits are available.
  • Patch Management. Ability to install a specific patch on the computers included in any of the existing filters on the COMPUTERS screen.
  • Patch Management. Improved cancellation of patch installation tasks. Now, cancellation becomes effective on all computers but those where the installation process has already started.
  • Added detailed information (computer, computer group, etc.) in software inventory exports.
  • The ‘Malware run’ and ‘PUPs run’ lists are no longer created by default in new accounts.
  • If upgrades are disabled in a settings profile and a computer is pending a restart to perform the upgrade, the upgrade is aborted on that computer.
  • Advanced protection on Linux systems. Added the ability to detect malicious activity on Linux systems using contextual detections. Contextual detections allow us to proactively detect and prevent malware and malwareless attacks. Malicious actions detected are not blocked by default to avoid possible inconvenience on certain machines. This additional protection layer on Linux systems requires the Linux protection version to be 3.00.00.0000 or later.
  • Advanced protection on Linux systems. Ability to change the configuration of contextual detections on Linux. New options are available (‘Do not detect’, ‘Audit’, and ‘Block’) in the “Detect malicious activity (Linux only)” setting of the advanced protection. This additional protection layer for Linux systems requires the Linux protection version to be 3.00.00.0000 or higher.
  • Ability to install the Linux protection without dependencies.The Linux protection installs by default with dependencies. This means that it makes use of certain system libraries for some of the protection features. However, with Linux servers not connected to the Internet, we recommend that you install the Linux protection without dependencies, thereby avoiding making changes to the system or updating components. See this FAQ for more information about how to install the Linux protection without dependencies. Installing the protection without dependencies requires the Linux agent version to be 1.10.06.0050 or higher and the Linux protection version to be 3.00.00.0050 or higher.
  • Newly created lists do not preload data by default. Data is loaded only after the user selects the appropriate filters. This way, we prevent data loads which, in the case of customers with thousands of computers, can take minutes.
  • Users receiving email notifications from our Aether-based products can now opt out of those messages (unsubscribe).

Bug fixes

  • Fixed bug in the firewall technology that caused a Blue Screen of Death (BSOD) with certain DHCP packets that didn’t meet the required standard.
  • Fixed installation issue when changing the license or applying a private-label version (error 1627).
  • Fixed protection update issue (error 1603).
  • Computers moved from one group to another in Active Directory changed groups in Aether too, but didn’t inherit the settings of the new group.
  • When a customer configured scheduled reports in a specific language, they sometimes received them in a different language.
  • The content of scheduled reports sent via email is now compressed to minimize delivery issues due to exceeding the maximum size allowed.
  • If the user chose to view data from the last 24 hours, the Web monitoring counters showed no data.
  • Fixed Internet connection issues via proxy with some specific passwords on RHEL 6.x and CentOS 6.x systems.
  • Fixed an issue that prevented the protection from installing on certain CentOS 6.x systems.
  • The communications agent was uninstalled when upgrading the version.
  • Computers with new versions of Windows 10 Pro Education and Encryption enabled were not encrypted.
  • Computers with the Encryption module enabled and very fast SSD drives gave rise to a sync issue at boot that caused the computer to keep asking for a restart.
  • When upgrading the protection, if two restarts were required, the second one was requested after 4 hours instead of immediately.
  • If the scheduled time for a protection version upgrade coincided with the Daylight Saving Time or Standard Time change time, the scheduled time was dismissed and the task was never run.
  • Fixed an issue that caused the Internet connection to be lost on macOS systems when using SSL VPN and IKEv2 connections.
  • Fixed an issue on macOS systems when accessing certain URLs with certain applications such as Teams, Google Sync, BOX, and iTunes.
  • On macOS systems, the information displayed in the local console was sometimes not refreshed properly.
  • On macOS systems, it wasn’t possible to connect to Collective Intelligence if the proxy was configured with a password and the password had symbols.
  • The Linux protection froze randomly when scanning very large files.
  • Fixed an issue that caused the Internet connection to be lost on macOS systems when using a Fortinet VPN client.
  • Linux workstations/servers were always restarted after 60 seconds regardless of the time selected in the Aether Web console.
  • The Panda Full Encryption module attempted to encrypt the sandboxes created with Windows Sandbox on Windows 10. Now, those drives are detected correctly and are not encrypted.

 

 

IX

01/20/2020

Aether Platform-based products: Release IX (01/20/2020)

Adaptive Defense: 3.61.00

Agent and protection versions

  • Windows protection: 8.00.16.0010
  • macOS protection: 2.00.05.0000
  • Linux protection: 2.00.05.0000
  • Windows agent: 1.15.00.0002
  • macOS agent: 1.10.04.0000
  • Linux agent: 1.10.04.0000

New features

  • Ability to reinstall the agent. Administrators can now remotely repair computers with agents that don’t communicate with the server. In any event, it is advisable to first contact Support to find the source of the problem and avoid having to continuously reinstall agents.
  • Ability to configure multiple proxies in the same settings profile so that, if one fails, the solution will try the next one in the list and so on. The proxy list can include Panda proxies, corporate proxies, etc.
  • 2FA enforcement. Administrators with Full Control permissions can force all users to use 2FA (Two Factor Authentication) in order to reduce the risk of unauthorized access by hackers or insiders.
  • Added a list showing duplicate computers. When migrating operating systems or restoring computer images, duplicate computers may be generated in the console that use licenses and make computer identification more difficult. This new list identifies duplicate computers, showing those computers that have been offline for the longest time so that administrators can safely delete them in one click.
  • Added a new filter that allows administrators to find computers whose name matches any of the names included in a list of names separated by carriage returns. This new filter is very useful as it allows you to quickly find computers you may want to move, delete, etc.
  • Ability to select the storage drive (C:, D:, etc.) on cache computers.
  • Patch Management: Deployment of non-downloadable patches. Some patches cannot be downloaded because they require user registration or for other reasons. The new version allows you to download those patches manually and copy them to the cache computers on your network for centralized deployment from Aether.
  • Patch Management: The ‘Available patches’ exported file now provides information about each computer’s operating system.
  • Data Control: Executive report . Administrators can now include Data Control KPIs and charts in executive reports.
  • Data Control: Ability to schedule the indexing operations required to generate inventories and perform searches. Administrators can now select when indexing operations must be performed easily and intuitively through a weekly calendar.
  • Data Control: Stop&Continue for full disk scans. Up to now, if a disk scan was not completed (for example, because the machine was shut down), the scanning process stopped and started again from scratch. With Stop&Continue, the scan will resume from the point where it stopped, causing less impact on machines and speeding up the process.
  • Data Control: Simpler configuration. The main options to enable inventories, personal data monitoring, and searches have been placed together in the same section.
  • Data Control: Fixed the 'Not indexed' status. In earlier versions, the ‘Not indexed’ counter counted all machines with Data Control installed, including those machines that did not require indexing because they didn’t have the inventory and searches features enabled. After this fix, the solution counts only those machines that require indexing based on the configured settings but have not been indexed yet.
  • Wildcard characters (* and ?) are now supported when configuring name-based exclusions in the ‘Workstations and servers' settings. These exclusions are used to prevent certain files from being blocked by the advanced protection or scanned due to compatibility issues. It is advisable to minimize the use of exclusions due to the security problems they can cause.
  • The issue reporting software (PSInfo) is included in the agent installer. This way, we make sure it is present on all computers on the network, regardless of whether or not there are problems to download it based on the existing permissions on customers’ networks.
  • The ‘Proxy and language’ settings have been renamed as ‘Network settings.’
  • Changed the description of the Advanced Protection’s 'Hardening' mode in order to indicate that the protection also blocks unknown programs coming from other computers on the network.
  • (Windows protection 8.00 16.0010) Protection with our universal agent against potential attacks exploiting the CVE-2020-0601 vulnerability concerning the correct identification of digitally signed files.
  • (Windows protection 8.00 16.0010) Possibility of seeing the detection report from the local console.

Bug fixes

  • Patch Management: Service Packs were installed in all cases, regardless of the patch installation task settings. This has been fixed so that Service Packs are installed where appropriate based on the task settings.
  • Patch Management: The ‘All’ node of the tree displaying the software to patch in patching tasks now appears as selected in tasks created with a previous version of the solution.
  • Patch Management: Fixed ability to update Windows 10. Feature Pack 1909 using the manual download option.
  • Patch Management: Fix to prevent stopping SQL Server instances when applying patches.
  • Patch Management: In Windows 10 LTSB / LTSC encryption did not work when incorrectly logging in to the operating system.
  • Data Control. Performance and stability: bug fixes and significant improvements aimed at resolving the top performance and stability issues seen in real environments.
  • Data Control: Deletion of temporary files (XLSTMPXXX) that remained after the scan performed by Data Control. Fixes in Windows protection 8.00.16.0010.
  • Installation of the required fonts for our application only in order to avoid interference with other applications.
  • The computer details window now shows the proper installation error code instead of a code for internal use.
  • The system event list now shows all events (no events are hidden at the bottom of the screen).
  • Fixed BSODs caused by the firewall technology in specific environments.
  • Fixed bandwidth loss caused by the firewall technology on computers with high volumes of traffic (servers).
  • Fix (included in Windows protection 8.00.16.0010) for a memory leak on getting telemetry from the login of the users created. This could particularly affect computers/servers that don’t restart for weeks and where there is a large amount of user logins, such as Terminal Servers.
  • Fix to maintain real-time communications after enabling communication via WPAD.

 

 

VIII

09/17/2019

Aether Platform-based products: Release VIII (09/19/2019)

Adaptive Defense: 3.60.00

Agent and protection versions

  • Windows protection: 8.00.15.0030
  • macOS protection: 2.00.02.0000 and 2.00.03.0000 on Catalina
  • Linux protection: 2.00.02.0000
  • Windows agent: 1.14.03.0000
  • macOS agent: 1.10.01.0000
  • Linux agent: 1.10.01.0000

New features

  • Patch Management: Ability to exclude specific patches for a specific computer or the entire organization.
  • Patch Management: Ability to exclude specific software (for example, Java) or entire software families (for example, Adobe or Windows).
  • Full Encryption: Executive reports now include information about the encryption status of computers in the organization.
  • Windows 10’s Fast Startup feature is automatically disabled during protection updates. This way we make sure the protection is updated even on computers with Fast Startup enabled. The Hibernation feature is disabled on computers with updates pending for more than 15 days in order to force users to restart their computers.
  • Ability to block unknown and unwanted applications (basic application control) to stop unwanted applications, reduce bandwidth consumption and comply with regulatory requirements. Applications can be blocked by hash or process name. Blocked applications are displayed in a new widget in the security dashboard.
  • Ability to enable email notifications for blocked applications in the Alerts settings.
  • Ability to associate computers to one or multiple computers with the CACHE role.
  • If a customer doesn't have any licenses available, and an end user launches an installation directly on their computer, they will be periodically informed in the progress screen that there are no licenses available for that computer. The agent installed on the computer will be integrated into Aether, but the protection will be disabled.
  • The PSINFO tool is now downloaded in compressed format so as not to be blocked by the perimeter protection used by many customers.
  • Ability to reinstall the protection from the web console on computers with protection errors. This option can be accessed by right-clicking any Windows computer from any list in the console.
  • Ability to hide the icon displayed in the Notification area of managed computer from the ‘Per-computer settings’ section.
  • Ability to view the user that is currently logged in to a computer from its ‘DETAILS’ tab.
  • Ability to select visible columns from the ‘COMPUTERS’ tab.
  • Ability to add and integrate computers into groups based on their IP address (IP-based integration).
  • Support for WPAD (Web Proxy Auto-Discovery Protocol). You can specify the URL from which to download the proxy policy file for your organization. Otherwise, the Aether agent will launch a discovery scan to automatically obtain the proxy.
  • Ability to schedule periodic tasks to send the executive report and any list or COMPUTERS view in the console to the specified email addresses.
  • If protection installation fails, more details are provided along with the error code.
  • If the status of a customer is ‘expired’ after the grace period is over, no messages will be accepted from the customer’s computers, and all tasks related to the account will be stopped.
  • If messages are received from the agents installed on the computers of a customer that has been deleted because all of their licenses expired days ago, a command will be sent to automatically uninstall all agents.
  • Added new options to filter computers by last connection date.
  • Added new filters (Security - Advanced protection mode, and Computer - Reinstalling protection and Pending restart).
  • Administrators can detect agent deployment problems and check the status of installed agents with their management tools or directly on computers by accessing their Event Log.
  • Use of AMSI (Antimalware Scan Interface) technology in Windows 10 in our protection for Windows. The use of AMSI allows us to obtain telemetry and extra information in Adaptive Defense in the execution of scripts and macros in order to improve the protection without impacting the performance of the computer.

Bug fixes

  • Patch Management: When installing SQL Server patches, it wasn’t clear whether all SQL Server instances on the target computers needed to be patched.
  • Customers’ Software lists displayed duplicate records.
  • Scheduled reports continued to be sent to customers whose licenses had expired.
  • If a Discovery computer sent more than 100 discovered computers, computers in excess of that number were not checked against already integrated computers, which could result in duplicate records.
  • If there was an error updating the protection, the protection status was incorrectly reported.

 

 

VII

05/06/2019

Aether Platform-based products: Release VII (05/06/2019)

Adaptive Defense: 3.50.00

Agent and protection versions

  • Windows protection: 8.00.14.0002
  • macOS protection: 2.00.02.0000
  • Linux protection: 2.00.02.0000
  • Windows agent: 1.13.04.0000
  • macOS agent: 1.10.01.0000
  • Linux agent: 1.10.01.0000

New features

  • Patch Management: Ability to disable Windows Update to centrally manage all patches (operating system and third-party software).
  • Patch Management: Ability to isolate computers from the 'Available patches' list, making it easier to isolate computers based on a specific patch or CVE.
  • Patch Management: Added the following information to executive reports: Patch Management status, Top 10 most vulnerable computers, and Top 10 most critical patches.
  • Patch Management: New context menu for the tasks displayed in the 'Last patch installation tasks' widget. This menu allows you to cancel tasks or view their results.
  • Patch Management: If an error occurs, the error code is now displayed in the file obtained when exporting the installations list and on the page detailing the result of a patch installation task.
  • Data Control: Ability to delete files and restore them within 30 days after deletion. Charts showing deleted files, lists with filter options, and ability to export to CSV the list of files deleted in a given time period or historically.
  • Data Control: Ability to search for duplicate files by content.
  • Data Control: Ability to set exclusions by folder, file, and file extension for the inventory, search and monitoring features.
  • Data Control: Ability to perform searches not only by text, but also by numeric and alphanumeric content.
  • Data Control: New options to select the PII entities to look for in advanced searches: find files with all selected items ('and' logic) or with any of the selected items ('or' logic).
  • Data Control: New context menu for searches with the ability to relaunch and edit them.
  • Data Control: Ability to expand the chart of files with personal data, and use the chart legend to select/unselect the types of data displayed.
  • Data Control: Ability to get inventories filtered by computers from the list of computers with personal data.
  • Data Control: Support for CSV files.
  • Data Control in AVT: We have replaced the individual counters of PII entities with Yes/No values. Added a new field to display the estimated number of PII entities. This field will indicate the number of PII entities confirmed by the technology.
  • Full Encryption: Ability to fully encrypt/decrypt all disk drives using BitLocker.
  • Full Encryption: Support for multiple authentication methods, including two-factor authentication (TPM) and boot password.
  • Full Encryption: Central management of recovery keys from the console.
  • Full Encryption: Automatic installation of BitLocker on compatible servers.
  • Full Encryption: Automatic creation of the unencrypted system partition required for startup.
  • Full Encryption: TPM activation.
  • Full Encryption: Full visibility of the organization's encryption status through a dedicated dashboard and filter-based lists.
  • Full Encryption: Central management of settings from Aether. Enforcement of administrator policies over local user settings.
  • Full Encryption: Encryption date for each computer, as required by certain regulations.
  • Full Encryption: Granular permissions.
  • Support for non-persistent VDI environments. Requires following the procedure described here.
  • Automatic disinfection (instead of blocking) of all types of known, unknown and zero-day threats, as well as attacks with or without malicious executables, in-memory attacks (exploits), and even fileless attacks using administrative tools.
  • Software list detailing the software installed across the entire network (name, publisher and version). Ability to see, for each software package detected, the number of computers that have it installed and access details of those computers.
  • Hardware list detailing the hardware installed across the entire network (disk, CPU and available memory information).
  • Ability to deploy the Aether agent remotely from the list of discovered computers for computers with the traditional platform agent installed (which will be uninstalled).
  • Ability to select all computers in the Computers list at once without having to do so page by page. This allows you to take bulk actions on a large number of computers (isolate, scan, etc.) in one go.
  • Now, the searches performed from the Computers list also search the description field (comments) and IP addresses.
  • Improvements to make finding settings easier: ability to sort the settings created in ascending or descending order by creation date and name.
  • Ability to maintain, for each user of the management console, the state of the group and filter tree between sessions.
  • Agent and protection certification on Windows 10 RS6.
  • Dozens of console improvements aimed at improving usability without affecting granularity or flexibility.
  • The ‘Users’ list now shows an icon next to users with Two-Factor Authentication (2FA) enabled in their profile.
  • The ‘Details’ tab for Windows computers displays the date and time when the computer settings were last checked.
  • The generic uninstaller, used when required during protection upgrades, is now downloaded in compressed format so as not to be blocked by perimeter protections.

Bug fixes

  • From this version on, users are prevented from editing or deleting the settings assigned to those computers not visible to them.
  • Automatic execution of the generic uninstaller if a protection update fails because the target computer is shut down in the middle of the process or for another reason.
  • Ability to keep the cache after updating the protection. This change will take effect in protection updates from this version and later.
  • Patch Management: Non-downloadable patches were shown on the list of available patches, despite those patches were filtered out.
  • Patch Management: Several fixes to patch installation.

 

 

VI

10/22/2018

Aether Platform-based products: Release VI (10/22/2018)

Adaptive Defense: 3.41.00

Agent and protection versions

  • Windows protection: 8.00.12.0002
  • macOS protection: 1.02.02.0000
  • Linux protection: 1.02.01.0000
  • Windows agent: 1.12.03.0000
  • macOS agent: 1.07.04.0000
  • Linux agent: 1.07.03.0000

New features

  • Patch Management: New details screen for installed and uninstalled patches, accessible from the installation history and from the results of a patch installation task.
  • Patch Management: Ability to roll back (uninstall) patches for those programs that support this feature. This option is available on the details page of installed patches.
  • Patch Management: Non-security patches are not displayed as Critical and are not installed by default in patch installation tasks.
  • Patch Management: Added a new widget that provides quick access to End-of-Life (EOL) software: software currently in EOL, software that is currently in EOL or will be in EOL in a year, and software with a known EOL date.
  • Patch Management: Ability to restart servers without a logged-in user that require a restart to finish installing a patch.
  • Patch Management: Update of the 'Available patches' information after restarting a computer.
  • Data Control. Status dashboard: New widget to show what features are active in the endpoints and servers: advanced search, inventory and / or monitoring and capacity to obtain its lists.
  • Data Control. Status dashboard: Redesign of the Data Control Status widget that now represents more clearly the Deployment Status.
  • Data Control. Inventory: KPI with the number of PII files and evolution chart.
  • Data Control. Inventory: KPI with the number of computers with PII files and evolution chart.
  • Data Control. Inventory: Chart showing the number of PII files by personal data type (e.g. number of PII files with credit card numbers).
  • Data Control. Inventory: List of PII files with ability to search, filter, add lists to the 'My list' panel and export lists
  • Data Control. Inventory: List of computers with PII files, with the ability to see the evolution of the number of PII files found between two dates.
  • Data Control. Inventory Settings: Ability to change settings to enable inventory generation.
  • Data Control. Granular permissions: New permission to control the ability to view inventories.
  • Data Control. Advanced search: Improved usability by selecting the personal data to search for through checkboxes.
  • Data Control: Available in Spain, Germany, UK, Sweden, France, Italy, Portugal, the Netherlands, Finland, Denmark, Switzerland, Norway, Austria, Belgium and Hungary.
  • Advanced Reporting Tool. Greater granularity of permissions: Two new permissions to separate the information available to IT/Security managers and to personal data processors. More specifically, you can configure access to the Data Access Control application, which collects particularly sensitive information (in the monitoredopen table).
  • Greater details in executive reports. More information available in executive reports: top 10 computers with most detections, 10 latest malware, PUP and exploit detections, and greater details in different sections.
  • The first Windows computer where the protection is installed is designated as discovery computer to automatically discover unprotected computers on the network.
  • Dozens of console improvements aimed at improving usability without affecting granularity or flexibility.
  • Agent and protection certification on Windows RS5 and Windows Server 2019.

Bug fixes

  • Fixed bug in executive reports scheduled to be sent by email and created by partners by accessing clients' consoles via Single Sign-On.
  • Added new option (Disinfect) to the details screen of detected PUPs.
  • Added the ability to exclude detections resulting from a disinfection task.
  • Fixes for potential BSoDs caused by firewall drivers
  • Fixed bugs in protection updates

 

 

V

08/06/2018

Aether Platform-based products: Release V (08/06/2018)

Adaptive Defense: 3.40.00

Agent and protection versions

  • Windows protection: 8.00.10.0001
  • macOS protection: 1.02.01.0000
  • Linux protection: 1.02.01.0000
  • Windows agent: 1.11.00.0000
  • macOS agent: 1.07.03.0000
  • Linux agent: 1.07.03.0000

New features

  • New Patch Management module: Patching of Windows operating systems and hundreds of third-party applications (Java, Adobe, Firefox, etc.)
  • New Patch Management module: Dashboards showing the patch status of the corporate network (outdated computers, missing patches, etc.)
  • New Patch Management module: Customizable lists and filters to find computers missing security patches, non-security patches and Service Packs
  • New Patch Management module: Ability to search for patches by computer, program, patch name or CVE
  • New Patch Management module: Ability to find programs in End-Of-Life (EOL) stage
  • New Patch Management module: History of all patching activity
  • New Patch Management module: Visibility into missing patches by computer and group
  • New Patch Management module: Configuration of patch searches (frequency, patch types to find, etc.)
  • New Patch Management module: Combined with Adaptive Defense, ability to isolate computers with critical vulnerabilities and patch them once isolated
  • New Patch Management module: Manual patching in real time
  • New Patch Management module: Ability to schedule patching tasks
  • New Patch Management module: Ability to configure computer restarts if required
  • New Patch Management module: Automatic management of patch interdependencies
  • New Patch Management module: Centralized storage of downloaded patches on cache computers
  • New Patch Management module: Roles with granular permissions to control access to the Patch Management features
  • Data Control: Dashboard showing the Data Control status of the network (computers without a license, offline computers, outdated computers, unindexed computers, etc.)
  • Data Control: Ability to perform quick and advanced searches on files by content, file name and extension. Two types of advanced searches are supported: free searches and guided searches with the ability to configure searches by file type, target computer, and search timeout
  • Data Control: Ability to perform up to 10 simultaneous searches on the network. Ability to cancel running searches at any time
  • Data Control: Ability to save and view recent searches. Ability to rename, relaunch and delete saved searches, as well as accessing search results
  • Data Control: List of files found during searches. Ability to filter results and export them to .CSV format
  • Data Control: Details on the files found during searches with information on the PII held (first and last names, ID card numbers, email addresses, etc.)
  • Data Control: List showing the status of the computers where personal data is searched for with the ability to filter information
  • Data Control: Added new granular permissions to search for personal data on network computers
  • Data Control: Predefined alerts in Advanced Visualization Tool to report anomalous activities on persona data files
  • Data Control: Available in Spain, Germany, UK, Sweden, France, Italy, Portugal, Netherlands, Finland, Denmark and Switzerland
  • Computer isolation. Now available for Windows servers as well. Ability to contain infections and potential infections by isolating specific computers, computer groups or the entire organization
  • Improvements to the local alerts displayed in multiuser environments
  • Advanced management settings for optimized performance on Gigabit Ethernet networks: ability to enable optimization settings on demand by contacting Support
  • Optimized performance with virtual adapters (Hyper-V, VMware, Citrix and VirtualBox): ability to enable optimization settings on demand by contacting Support
  • Improved integration with WDSC (Windows 10 RS2 or later)
  • Usability improvements: filters and search options for tasks, more details on cache computers, etc.

Bug fixes

  • Fixed bug to allow settings to be inherited when moving a computer to its Active Directory group
  • Fixed bug to display the 'Trusted programs' bar in scheduled reports
  • Fixed bug to allow computers that connect to the Internet via a Panda proxy to access cache computers
  • Improved compatibility with third-party drivers (Fortinet, CheckPoint, SonicWall and VPNs)
  • Fix for potential BSoDs caused by a driver used to collect network data from the operating system
  • Improved loading of the Outlook plug-in (PSINOlkAddIn)
  • Fixed bugs in protection updates

 

 

IV

03/20/2018

Aether Platform-based products: Release IV (03/20/2018)

Adaptive Defense: 3.30.00

Agent and protection versions

  • Windows protection: 8.00.01.0000
  • macOS protection: 1.02.00.0000
  • Linux protection: 1.02.00.0000
  • Windows agent: 1.10.00.0000
  • macOS agent: 1.07.02.0000
  • Linux agent: 1.07.02.0000

New features

  • New module: Data Control. Data Control finds, audits and monitors the personal data stored on endpoints and servers. This module assists organizations in complying with personal data protection laws such as the GDPR (General Data Protection Regulation), and is available in Spain, Germany, Sweden, United Kingdom, Italy and France.
  • Computer isolation. Ability to contain infections and potential infections by isolating specific computers, computer groups or the entire organization from the rest of the network. Computers are isolated in real time. Isolated computers will only be able to connect to Panda's servers in order to allow security administrators to change settings, launch disinfection tasks, etc.
  • Email alerts every time new unprotected computers are discovered
  • Ability to launch and schedule tasks for computer groups
  • Ability to uninstall the agent and the Windows protection from the Web console
  • More details about the most common protection installation errors
  • Access from the Recipients section to the list of all computers that a specific task or settings profile is applied to
  • Remote installation from any discovery computer, not only from the last computer that discovered an unmanaged device
  • New Anti-Tamper protection to prevent Panda Security's drivers and services from being stopped
  • Support for Windows 10 RS4
  • Support for Windows Server Core 2016
  • Aesthetic and usability improvements to the Web console

Bug fixes

  • Advanced management on Gigabit Ethernet networks (using NBLs) to optimize performance on these networks when Panda's firewall is on

 

 

III

11/15/2017

Aether Platform-based products: Release III (11/15/2017)

Adaptive Defense: 3.20.00

Agent and protection versions

  • Windows protection: 7.70.02.0000
  • Linux protection: 1.00.00.0000
  • Windows agent: 1.09.00.0000
  • Linux agent: 1.07.00.0000

New features

  • New look and feel for the widgets displayed on the STATUS page. The new colors are associated with the risk and more data is displayed in less space
  • We have improved administrators' first experience using the product by guiding them through the process of installing the protection agent.
  • Button to access Panda Cloud, the page that allows customers to access the Panda Security products they have contracted
  • Automatic discovery of unprotected computers
  • Ability to remotely install from the Web console the agent and the protection on all unmanaged computers discovered
  • Merging of the custom and Active Directory trees, so that all actions that administrators can take on the custom tree (settings, etc.) can also be carried out in Active Directory
  • A message has been included in the Web console explaining that Adaptive Defense's Hardening mode blocks not only unknown programs coming from the Internet but also from external storage drives.
  • We have improved the malware/PUP activity alerts and blocked program notifications to show information in a clearer, more organized way
  • Improved malware/PUP activity alerts to include information about the command line and the parameters used to launch programs. Additionally, it is now possible to export to CSV the information about the lifecycle of all malware detected in the organization
  • Ability to send email alerts (malware and PUP detections, blocked program and unprotected computer notifications) to users based on the computers visible to them. These alerts can now be configured for each user of the Web console
  • For customers with the advanced protection in Lock mode, all untrusted programs run before the Panda protection was started are closed.
  • More powerful exclusions for blocked programs. Excluding a file with an .EXE or .COM extension will allow the execution of both the program and its libraries on all computers (unless they are known threats). These programs and libraries will continue to be monitored by our Collective Intelligence platform ad Threat Hunting Team in order to determine whether they are malware or goodware
  • Ability to disable real-time communication with computers (advanced option in the proxy settings) for those companies which don't want to have an open socket for each managed computer (this is required for real-time communication)
  • Time range picker to display CPU/memory usage in the last hour, last 3 hours, or last 24 hours
  • Ability to access the latest Release Notes from the product's Web console
  • Customers have the ability to give Panda Security's Support team access to their product console to speed up troubleshooting
  • New supported languages: Russian, Japanese and Finnish (in the latter case only the local console)

 

 

II

7/28/2017

Aether Platform-based products: Release II (7/28/2017)

Adaptive Defense: 3.10.00

Agent and protection versions

  • Windows protection: 7.70.02.0000
  • Linux protection: 1.00.00.0000
  • Windows agent: 1.08.02.0000
  • Linux agent: 1.07.00.0000

New features

  • Integration of the full portfolio of Panda's security solutions into Aether: Panda Endpoint Protection, Panda Endpoint Protection Plus, Panda Adaptive Defense and Panda Adaptive Defense 360
  • Updated the PROTECTION STATUS widget to include protected computers
  • Detailed information about the licenses contracted by customers
  • Centralized sending of email alerts regarding unprotected computers
  • Role-based computer visibility
  • Information about the patches installed on each computer
  • Ability to define the target (computers or groups) of settings when configuring them
  • Ability to define Repository/Cache computers to optimize bandwidth usage
  • Ability to notify a problem or incident to Panda directly from the Web management console
  • New widget on the STATUS page to show the activity of the exploits detected by the Anti-Exploit technology
  • New supported languages: Swedish, French, Italian, German, Portuguese and Hungarian
  • Online help in HTML format

Bug fixes

  • One-time bug installing the agent on certain Windows computers

 

 

I

5/16/2017

Aether Platform-based products: Release I (05/16/2017)

Release of Panda Adaptive Defense 360 on Aether, Panda Security's new and innovative management platform

  • Aether is Panda's new platform that integrates all of the company's endpoint solutions. Aether Platform's vision is to provide full security management capabilities from the cloud. With Aether Platform, organizations can centrally manage all of Panda's products with a single agent from a single Web console

Aether Platform: Key benefits and features

  • Ability to deploy settings and tasks in real time to hundreds or thousands of computers
  • Flexible computer organization: filters, customizable tree and Active Directory integration
  • Information about each computer's hardware and software components
  • Ability to track users' activity on the Web management console
  • User permissions (roles) to deny users particular actions
  • Ability to set up tasks independent from the general settings with advanced options such as maximum run time and expiration times
  • And many other new features that make Aether Platform the best platform to centrally manage Panda's security products