Adaptive Defense 360 on Aether Platform

What's new in Adaptive Defense 360

Release Notes

XIII

05/10/2022

Aether Platform-based products: Release XIII (05/10/2022)

Adaptive Defense 360: 4.10.00

Agent and protection versions

  • Windows protection: 8.00.20.0001
  • MacOS protection: 2.00.10.0000 and 3.01.00.0000 for Catalina, Big Sur, and Monterey
  • Linux protection: 3.01.00.0003
  • Android agent and protection: 3.7.0
  • iOS agent and protection: 2.01.11
  • Windows agent: 1.19.01.0000
  • MacOS agent: 1.10.12.0001
  • Linux agent: 1.10.10.0001

New features

  • Click here to download a presentation showing what’s new in the new version.
  • Support for iOS devices. You can centrally manage smartphones and tablets running iOS 13 or higher to work and browse safely. Requirements for installing the solution on iOS devices.
  • The protection for iOS mobile devices is called WatchGuard Mobile Security. The iOS app is customized based on the platform where your solution is integrated (Panda, Cytomic, or WatchGuard).
  • Anti-theft module for iOS devices with the following features: geolocation, remote wipe, remote lock, snap the thief, and remote alarm in the event of theft or loss of the device.
  • URL filtering for iOS devices. Ability to deny access to pages belonging to tens of categories on the selected days at the selected times. Ability to add URLs to the allowlist or blocklist. Requires that the iOS device be in supervised mode. The product guides provide steps for enabling supervised mode.
  • Web protection for iOS devices. Ability to filter malicious URLs and phishing. Requires that the iOS device be in supervised mode. The product guides provide steps for enabling supervised mode.
  • Hardware and software inventory for iOS devices. This information is available in the web console.
  • You can install the iOS protection with the MDM solution incorporated onto our platform. This is the recommended option because it enables all features. You can also install it without an MDM solution, in which case only the following features are available: geolocation, remote alarm, and hardware inventory.
  • You can also install the iOS protection with a third-party MDM solution, that is, with the MDM solution already used by your organization. In this case, only the following features are available: geolocation, remote alarm, hardware inventory, web protection, and URL filtering. For more information about how to install our iOS protection using your organization’s MDM solution, see the product guides.
  • The protection for Android mobile devices is called WatchGuard Mobile Security from version 3.7.0. The app icon and name always indicate WatchGuard Mobile Security. For Android 11 or higher, the app is customized based on the platform where your solution is integrated (Panda, Cytomic, or WatchGuard).
  • If the end user does not grant all permissions required to enable the protection features on iOS and Android mobile devices, an error message appears on the device details page. Information about the permissions that have not been granted is also provided in the protection status section.
  • You can centrally manage Shadow Copies from the product web console. Shadow Copies is a technology included in Microsoft Windows that enables you to restore previous versions of files. This feature is particularly useful in the event of a ransomware infection. It is supported on Windows Vista or higher and Windows Server 2003 or higher. Requires Windows protection version 8.00.20.0001 or higher.
  • You enable the Shadow Copies feature from the product web console. You can specify the percentage of disk space you want to dedicate to shadow copies (10% by default).
  • When the Shadow Copies feature is enabled, Windows creates a shadow copy every 24 hours. The Panda software retains up to 7 copies at a given time.
  • The Shadow Copies feature is protected against ransomware attacks by our anti-tamper protection. Ransomware can delete all backup copies on affected devices before encrypting all files on the system.
  • We have incorporated Decoy Files technology to detect attacks based on behavior. This technology detects changes to files stored on computers as bait. Requires Windows protection version 8.00.20.0001 or higher.
  • We have added deep learning technologies as an additional machine learning technique in the protection model. Requires Windows protection version 8.00.20.0001 or higher.
  • Integration with the VPN enforcement feature of WatchGuard Firebox solutions. Secures VPN access from computers with our protection installed and running.
  • New optimized protection for macOS computers with a Catalina operating system or higher. Includes a new local console and uses Network Extension technology to intercept network traffic. This new technology replaces SQUID, which has been removed in our macOS protection (version 3.00.00.0000 or higher).
  • The new macOS protection (version 3.00.00.0000 or higher) for computers running Catalina or higher can also intercept traffic when connected via VPN, so web protection and URL filtering are available when using any VPN.
  • You must allow the new Network Extension technology included in our protection on all macOS computers. You need to allow it the first time that it is installed, or when we update the macOS protection to version 3.00.00.0000 or higher. For more information about the required permissions, click here.
  • You can now select the type of device where you want to run scan tasks: laptop, workstation, server, or mobile device.
  • You can now select the type of device where you want to run patch installation tasks: laptop, workstation, server, or mobile device.
  • We have added a new column to the list of detections made by the antivirus. This column shows the number of detections of the reported attack.
  • If an error occurs installing the Linux and macOS protections, detailed information is shown in the protection status section.
  • The protection status section shows information about the status of the advanced protection for Linux systems.
  • Ability to export, sort, and filter the list of users with access to the product web console. This feature improves efficiency when you manage accounts with tens or hundreds of users. Relevant information is included, such as user role or 2FA enforcement.
  • The computer details page now shows the public IP address of the device (Windows, macOS, Linux), even of mobile devices.
  • Patch Management. New tile with information on computers with most vulnerabilities. You can filter the information in the tile by criticality, computer type, and patch type (operating system patches or third-party software patches).
  • Patch Management. New tile with information on most available patches for computers in the organization. You can filter the information in the tile by criticality, computer type, and patch type (operating system patches or third-party software patches).
  • Patch Management. The number of computers that are pending a restart to finish installing patches is shown in the main tile on the Patch Management dashboard.
  • Patch Management. New filter that shows operating system patches and third-party software patches. This filter is available from the available patches and installation history lists.
  • Full Encryption. Ability to search for recovery keys by using the encrypted device ID. These searches are particularly useful for USB devices (it is easy to forget on which computer they were encrypted), and computers that are difficult to identify.
  • We have improved the process to validate the certificates required to communicate with certain domains safely. Requires Windows protection version 8.00.20.0001 or higher.
  • We have improved the anti-tamper protection by leveraging the ELAM (Early Launch Anti-Malware) technology included on Windows 10 and Server 2019 or higher operating systems. Requires Windows protection version 8.00.20.0001 or higher.
  • We have limited the list of detections made by the Device Control module to the last seven days to speed up data loading.
  • We have optimized the Linux protection performance. Linux protection version 3.01.00.0003 and higher include multiple performance improvements that are particularly noticeable on servers with heavy workloads.
  • Support for the latest versions of the supported Linux distributions (Fedora 35, Red Hat 8.6, and Ubuntu 22.04). More information about all supported Linux distributions. Requires Linux protection version 3.01.00.0003 or higher.

Bug fixes

  • Fixed a bug in scheduled scans on Android devices so that detections are reported only when the task runs correctly.
  • Hardware and detected threats reports were not emailed when they had been modified by users with restricted privileges.
  • When exporting the computers list, if the user had read-only permissions, information for some computers was not exported.
  • Patch Management. Improved reporting of patch installation tasks on computers with an incorrect date and computers where the time was changed.
  • In silent installations, the First Installation window appeared when there was a temporary error updating signatures.
  • When you tried to install the protection with the option to update signature files disabled in the settings, the installation froze.
  • Exclusions for the permanent protection now apply to Windows AMSI (AntiMalware Scan Interface) as well.
  • Added significant performance improvements when opening Microsoft Access files.
  • Fixed BSOD errors with inconsistent network packets.
  • Fixed BSOD errors that occurred if you opened Outlook when scanning inconsistent network packets.
  • Fixed a bug in the way URLs in blocklists were managed.
  • Fixed a POP3 bug that prevented connections from being made when the email protection was active.
  • IPv6 public IP addresses were not fully shown in the web console.
  • If you installed patches that required a restart and user consent and several days went by without a response, when you tried to install new patches that required a restart, the communications agent crashed.
  • If you installed the agent on an ARM-based Windows 11 Education computer, the protection failed to install.
  • When you tried to install the protection on extremely slow computers, there was a double installation attempt which uninstalled the installed antivirus and caused an unnecessary restart.
  • The new macOS protection (version 3.00.00.0000 or higher) for systems running Catalina or higher includes a new network interceptor that optimizes browsing speed and enables you to open URLs which, in TLS 1.3 connections, could not be opened with the SQUID technology.
  • The new macOS protection (version 3.00.00.0000 or higher) for systems running Catalina or higher eliminates problems when you log in to online services such as OneDrive or Google Drive.
  • Fixed a bug updating kernel modules in SUSE.

XII

07/12/2021

Aether Platform-based products: Release XII (07/12/2021)

Adaptive Defense 360: 4.01.00

Agent and protection versions

  • Windows protection: 8.00.19.0010
  • macOS protection: 2.00.10.0000 and 2.00.10.1000 for Catalina, Big Sur, and Monterey
  • Linux protection: 3.01.00.0001
  • Android agent and protection: 3.6.7
  • Windows agent: 1.18.02.0000
  • macOS agent: 1.10.11.0000
  • Linux agent: 1.10.10.0001

New features

  • Click here to download a presentation showing what’s new in the new version.
  • Support for Android 12
  • Support for Windows 11. Requires Windows protection version 8.00.19.0000 or higher.
  • Support for Windows 2022. Requires Windows protection version 8.00.19.0000 or higher.
  • Support for macOS Monterey. Requires macOS protection version 2.00.10.1000 or higher.
  • Threat Hunting Service. New dashboard providing visibility into the indicators of attack (IOA) detected through the Threat Hunting Service included at no extra cost in our EDR products. Indicators of attack (IOA) are anomalous behaviors detected on computers which are very likely to belong to an attack. The continuous monitoring of the actions performed on computers enables us to provide this service.
  • Threat Hunting Service. Widgets with the number of events, indicators, and indicators of attack. Events are the number of actions monitored by the EDR solution, indicators are anomalous behaviors detected on the network, and indicators of attack are indicators which are very likely to be an attack.
  • Threat Hunting Service. Indicators of attack (IOA) mapped to the MITRE. matrix. Each indicator of attack is mapped to a tactic and technique of the MITRE matrix. This enables organizations to easily identify the stage of the attack and its characteristics. This information also provides organizations with customized response recommendations and enables them to take containment and remediation actions with the required urgency.
  • Threat Hunting Service. View of indicators of attack by indicator type to easily identify the most common types of attacks suffered by the organization and prioritize preventive measures to prevent future attacks.
  • Threat Hunting Service. View of indicators of attack by computer to easily identify computers with a high probability of being compromised.
  • Threat Hunting Service. Ability to archive indicators of attack that have already been managed to easily identify indicators that are pending management. These appear in red in widgets.
  • Threat Hunting Service. Detailed information about each indicator of attack: date, risk, attack type description, containment and remediation recommendations if the attack is confirmed, and full description of the attack type based on the mapping of the tactic and technique used by the adversary to the MITRE database.
  • Threat Hunting Service. Direct access to extended information about an indicator of attack from its Details page. Click the MITRE, tactic and technique links to open the MITRE website with detailed information that helps remediate the attack and reduce the attack surface.
  • Threat Hunting Service. Advanced attack investigation. Accessible from the Details page of an indicator of attack. This investigation automatically reports the compromised users and computers, helps determine the root cause of the attack, provides information such as the URLs and IP addresses involved in the attack, and gives a view of the overall impact of the attack on the entire organization.
  • Threat Hunting Service. Attack graph. Accessible from the Details page of an indicator of attack. This view is a graphical display of all the items involved in the attack, aiding the investigation of the root cause of the attack, its impact, etc.
  • Threat Hunting Service. Attack graph. The nodes in the graph show the classification of files. Orange nodes indicate unknown files and PUPs, whereas red nodes indicate malware. Additionally, node icons are those of popular applications, making identification easier.
  • Threat Hunting Service. Attack graph. You can interact with graph items and even take action on multiple nodes simultaneously.
  • Threat Hunting Service. Attack graph. The graph enables you to view activity details of specific processes.
  • Threat Hunting Service. Attack graph. The graph shows the sequence of events triggered by a process for identification of all events occurred over time. Each edge is assigned a sequential number based on the date when the event occurred.
  • Threat Hunting Service. Detect and contain brute force attacks on the RDP protocol. Ability to manually end containment mode on computers.
  • Threat Hunting Service. Configure indicators of attack and select the action to take, set a list of trusted IP addresses, and disable any indicator of attack that is generating false positives on any computer in the organization.
  • Threat Hunting Service. Added a new permission to roles to control who can modify indicators of attack settings.
  • Threat Hunting Service. Added a new alert type to the “My alerts” settings to send email notifications when indicators of attack are detected.
  • Threat Hunting Service. Added information about indicators of attack to executive reports.
  • New Detections tab on the Details page of computers. This tab shows all detections, unpatched vulnerabilities, indicators of attack, etc. The information displayed depends on the contracted product and modules.
  • Ability to cancel and delete multiple tasks in one step.
  • More granular, flexible task scheduling You can schedule scans or patching tasks to run on any day of the week, on the last Friday of the month at the time you select, etc. There are many other options that make the task scheduling process more flexible. Especially suitable for installing patches through Patch Management.
  • Ability to delete blocked programs in the process of classification. Administrators can delete blocked programs from the list of blocked items. This option is useful when there are blocked files that could not be sent to the cloud because they are too large or are no longer available. The status of the file is shown in the list of blocked programs. All actions taken are logged in the activity log and in the history of blocked items.
  • Ability to perform searches in the computer group tree.
  • Ability to schedule the sending of a full or summary version of the lists that allow exporting detailed information (for example, the software inventory list).
  • New column in the “Protection status” list. This column shows the status of computer communications with the Collective Intelligence platform servers and the servers used for URL classification. This feature is currently implemented for Windows computers.
  • New column in the “Protection status” list export. This column shows the status of the advanced protection (Audit, Hardening, or Lock).
  • The anti-exploit protection is now enabled and in Block mode by default. The anti-exploit protection settings created prior to this release are not modified, although it is recommended to enable the protection in all settings profiles.
  • The advanced protection for Linux is now in Block mode by default. This way, all malicious actions detected by the behavior scanner are blocked, providing maximum protection.
  • The contextual detections of the advanced protection for Linux are updated dynamically when necessary.
  • Better integration with the Windows 10 AntiMalware Scan Interface (AMSI). The use of AMSI provides our solutions with telemetry and additional information about script and macro execution, improving protection without negatively impacting computer performance.
  • Scanning of programs launched on Windows startup to make sure that all programs loaded in memory are trusted.
  • Optimizations on the Web Access Control module cache to reduce cloud queries when classifying URLs.
  • IPv6 traffic filtering for all protocols supported by the firewall technology incorporated into all our products.
  • Ability to show notifications in the web console. These notifications are informational and are also used to notify customers of the availability of new versions, enabling them to upgrade their account to the latest version. Each user of the web console can disable the notifications they want, without affecting other users.
  • Support for the latest versions of the supported Linux distributions (Fedora, Red Hat, CentOS, etc.). More information about all supported Linux distributions.
  • Support for SUSE 11 SP2 and above, SUSE 12, and SUSE 15.
  • Support for Oracle Linux 6.X, 7.X y 8.X.
  • Monitoring of network events on Linux to get more context information for run applications. The final objective is to provide the EDR features included in the Linux protection with more visibility and therefore more detection capabilities.
  • Improved process monitoring on Linux to enrich telemetry with more process execution data. This provides the EDR features included in the Linux protection with more visibility and therefore more detection capabilities.
  • New parameter in the Linux agent installation to include proxy settings.
  • Automatic upgrade of the Linux protection when necessary after an upgrade of the Linux kernel or distribution installed.
  • Linux protection performance improvements applicable to very specific distributions where management of multiple threads was not optimal.
  • When selecting “Custom range” in “Web access” lists, no data or incorrect data was returned. Now, it is not possible to select more than one month of data.
  • The Exchange Server protection has reached its end of life (EOL) and is no longer available for new customer accounts. It will remain available for existing customers until June 2024 (End of Maintenance, EOM).
  • Enabled IPv6 traffic scanning in the firewall technology.
  • To optimize performance, Windows protection communications now use WinHTTP.
  • Scanning of compressed files on macOS systems when you launch an on-demand or scheduled scan.
  • “Snap the thief” feature on devices with Android 11 or higher. Because of system constraints, photos can be taken only when the screen is unlocked.
  • New permission required (“All files access”) on devices with Android 11 or higher in order to scan external storage devices.
  • Ability to select "Last 7 days" and "Last month" in the Patch Management installation history so that partners can inform customers about the patches installed in the last 7 days or in the last month as part of the managed service provided to them.
  • In Patch Management, patches shared using cache computers can now be shared across network segments.
  • Ability to set an expiration date for downloaded installers so that you can control their use.
  • Ability to set exclusions by IP address or IP address ranges in the IDS module of the firewall protection. Requires Windows protection version 8.00.19.0010 or higher.
  • On Windows Legacy operating systems (Windows Vista, Windows 7, and Windows Server 2008), only SHA-256 signed drivers are allowed. To install a protection version higher than 8.00.19.0001, the Windows Legacy operating system of the target computer must be up to date and compatible with SHA-256 driver signing. For more information, click here.
  • The advanced protection classifies files included in MSI installers signed with a trusted digital signature as trusted files.
  • Improved Anti-tampering protection by leveraging the ELAM (Early Launch Anti-Malware) technology included in Windows 10 and Server 2019 or higher operating systems.
  • Included the last 4 digits in the protection and agent versions reported in the “About…” section of the local console on Windows devices.
  • Patch Management goes into EOL (End of Life) for the following operating systems: Windows XP, Windows Vista, and Windows Server 2003.

Bug fixes

  • Fixed a bug to avoid BSOD errors with inconsistent DNS network packets.
  • Fixed a bug to avoid BSOD errors under certain circumstances when using the “Automatically detect the network type” feature.
  • When selecting the “All” filter in the list of blocked items, only items from the last month were shown. This has been fixed so that all items are shown.
  • When a filter was created that included hardware and software fields, you could not select multiple computers.
  • If protection upgrades were disabled in the settings, an upgrade error was displayed in the Details page of computers instead of indicating that upgrades were disabled.
  • If there were multiple groups at the first level of the group tree and one of them was collapsed, the rest of groups appeared with no name.
  • On the Licenses tab, if there was more than one license contract and any of them was close to expiring, it was incorrectly reported that all contracts were close to expiring.
  • Clicking the VirusTotal link did not take you to the page for the specific malware but to a search page.
  • After upgrading the protection and restarting the computer, the user was incorrectly prompted to restart their computer again to complete the upgrade.
  • Windows 10 version 21H1 was not correctly detected.
  • Sometimes, the Windows protection status was incorrectly reported in the web console for a short period of time.
  • Fixed an issue starting the Windows protection service in very specific scenarios in some languages.
  • The local alerts shown when a computer is isolated were displayed incorrectly when you customized the alert text.
  • BSOD error restoring Active Directory on Windows systems.
  • The macOS protection stopped starting if multiple errors occurred in a short period of time. From version 2.00.10.0000 of the macOS protection, the protection service starts correctly after multiple errors if it is started on demand or after restarting the computer.
  • On Android devices with signature files older than one year, scans failed. Requires version 3.6.7 of the Android protection.
  • On Android devices with Android 7 or lower versions, the signature file was not updated. Requires version 3.6.7 of the Android protection.
  • In very specific situations, users were not prompted to enter the device name on Android systems.
  • Performance improvements at system startup on Android devices.
  • Windows 11 computers are now correctly identified as Windows 11 in the web console.
  • Ability to install the protection on Windows 11 computers with an ARM processor (used on Surface devices and some specific laptops). Requires Windows protection version 8.00.19.0010 or higher.
  • Fixed an issue that caused a BSOD error when you installed the NeuShield software. Requires Windows protection version 8.00.19.0010 or higher.
  • Fixed an issue that caused a BSOD error when the SSL header of a message was fragmented into multiple network packets. Requires Windows protection version 8.00.19.0010 or higher.
  • Fixed an issue in which the defined configuration was lost, leading to Internet connectivity loss, when you enabled the network discovery feature in the firewall.
  • When you installed patches that required a restart, the pending restart notification never disappeared.
  • When you created a weekly report, the dates shown in the report schedule were one day before the configured dates.
  • The Automatic proxy discovery using Web Proxy Autodiscovery Protocol (WPAD) setting was not applied correctly.

XI

01/12/2021

Aether Platform-based products: Release XI (01/12/2021)

Adaptive Defense 360: 3.72.00

Agent and protection versions

  • Windows protection: 8.00.18.0003
  • macOS protection: 2.00.08.0000 and 2.00.08.1000 for Catalina and Big Sur
  • Linux protection: 3.00.00.0050
  • Android agent and protection: 3.5.33
  • Windows agent: 1.17.01.0000
  • macOS agent: 1.10.08.0000
  • Linux agent: 1.10.06.0050

New features

  • Software authorization. Ability to configure, in the settings, rules that prevent the advanced protection for Windows from blocking unknown processes. Authorized software is continuously monitored and is prevented from running if classified as malware. Therefore, software authorization is a secure method to allow the execution of unknown processes. These rules can be based on the hash (MD5) or other attributes of files (digital signature, name, path, and version), which can be combined with each other.
  • Software authorization. If exclusions are being used to prevent unknown processes from being blocked, we recommend that you move extension, file, and folder exclusions to software authorization rules. For security reasons, exclusions should only be used when it is necessary to avoid all kinds of scans due to performance problems or incompatibility with other applications.
  • Software authorization. Added new permissions to user roles in order to allow users to configure or just view this feature.
  • Minimize blocking of unknown processes. The new protection version includes a local goodware cache to prevent goodware (legitimate software) from being blocked in case the protected computer cannot connect to the Collective Intelligence platform.
  • Removed the ability to unblock items reclassified as goodware as they are already unblocked.
  • Windows on ARM. Compatibility with computers running this operating system included in Microsoft Surface devices and some laptops. Now, you can install our Windows protection on both Intel-based and ARM-based Windows computers.
  • Windows on ARM. All features provided by our solutions work on this new operating system with the exception of the anti-exploit protection and Patch Management, which works partially since patches for ARM-based operating systems are not detected; nevertheless, patches for third-party applications are detected.
  • Windows on ARM. New ‘Windows ARM’ filter that shows computers with Windows on ARM.
  • Support for Big Sur, the latest version of the macOS operating system, on Intel-based Macs. Requires version 2.00.07.100 or later of the macOS protection.
  • Support for Big Sur, the latest version of the macOS operating system, on ARM Macs (M1). For our macOS protection to work on ARM-based Big Sur computers, Rosetta is used. This is a macOS emulator that enables ARM Macs to run Intel applications. Requires version 2.00.08.1000 or later of the macOS protection.
  • Support for System Extensions on macOS. System Extensions is the latest standard recommended by macOS for execution interception. Systems Extensions were first introduced in Catalina.
  • For the permanent protection to be active and running on macOS Catalina and later systems, Systems Extensions (SEXT) and Full Disk Access (FDA) must be enabled for our protection. If they are not enabled, the user will be reminded every 2 hours of the need to do so in order to be protected. For more details, see this FAQ.
  • Improved scan times on macOS when performing on-demand or scheduled scans. Mapped network drives are not scanned. Also, the scanner is prevented from scanning the same file twice.
  • Advanced protection on Linux systems. Added the ability to detect malicious activity on Linux systems using contextual detections. Contextual detections allow us to proactively detect and prevent malware and malwareless attacks.
  • Advanced protection on Linux systems. Ability to change the configuration of contextual detections on Linux. New options are available (‘Do not detect’, ‘Audit’, and ‘Block’) in the ‘Detect malicious activity (Linux only)’ setting of the advanced protection. The default option is ‘Audit’ (malicious actions detected are not blocked), although we recommend that you change the setting to ‘Lock’ if, after some weeks, you see that the detections made by the advanced protection for Linux are malicious actions in all cases.
  • Exclusions in the anti-exploit technology. If an exploit detection turns out to be a false positive, you can add an exclusion for the exploit technique detected in the affected program.
  • Exclusions in the anti-exploit technology. Exclusions added to the anti-exploit technology are displayed in the ‘Programs allowed by the administrator’ widget, from where they can be deleted at any time.
  • More details about exploit detections. This version shows the exploit technique in the list of detections and in the detection details. Also, the exploit technique links to a support article with additional information. Finally, the detected exploit’s activity graph is now displayed by default in hierarchical format.
  • New URL filtering technology. Added a new URL filtering technology with new URL categories. The existing categories have been mapped to the new ones so that, after the version update, the old URL filtering capabilities are maintained, using the equivalent categories in the new technology. The new categories require that the latest version of the protection (8.00.18 or later) be installed.
  • New technology for malicious URLs and phishing. The new version includes a new technology for detecting malicious URLs (‘Web browsing antivirus’ option in the Antivirus settings) and phishing. This new technology requires that the latest version of the protection (8.00.18 or later) be installed.
  • New URL filtering technology. The new URL filtering technology requires access to the following URL: https://rp.cloud.threatseeker.com. For more information about the URLs our solutions need to access, see this support article.
  • Ability to disable the URL filtering local alerts. Added an option to disable the local alerts shown by the Web access control feature (URL filtering) when access to an HTTPS page is blocked.
  • Data Control. New policy for controlling writing to removable storage devices. Ability to allow write to removable storage devices (USB drives) only when the drive is encrypted with BitLocker. It is not necessary for the drive to have been encrypted with the Full Encryption module.
  • Full Encryption. Removable storage drive encryption. Removable storage drive encryption using BitLocker. The authentication method supported is key authentication. All volumes on the same USB device are encrypted with the same key. Only used space is encrypted.
  • Full Encryption. Centralized management of removable storage drive encryption policies. Ability to configure USB drive encryption policies from the Aether management console. These encryption policies enable you to select on which machines the end user will be prompted to encrypt the USB drives connected to them.
  • Full Encryption. Centralized storage of recovery keys in the Aether console.
  • Full Encryption. Recovery key availability. Recovery keys are stored on the machine where the USB drive was encrypted. They are available in the computer details.
  • Support for Android 11.
  • On Android 11 and later, users cannot change the lock password through the protection. Therefore, when using the lock option, the password set on the device will be used.
  • The Android protection only installs on devices with Android 5 or later.
  • Improved permission requests on Android: users are asked to grant required permissions only when necessary.
  • Improvements to the status information of Windows computers. The new version shows more accurate information about the status of protected computers.
  • Now, a computer’s details page in the web console indicates if its settings have been temporarily modified by the administrator from the computer’s local console. A computer’s settings can be modified locally if the administrator knows the password configured in the ‘Per-computer settings.’
  • Improved usability. Ability to easily copy/paste to/from the clipboard any tags selected by the user in the settings.

Bug fixes

  • Fix to the multiple selection feature in the list of duplicate machines. If the user tried to select all computers in the list of duplicate machines, in reality only one more computer than was displayed was selected, instead of all computers.
  • Patch Management. If some computers reported that a patch could not be installed, it was impossible to install it on any computer, regardless of whether the selected computers had all the information required for the patch to be properly installed.
  • Full Encryption. Successfully encrypted computers reporting an “error” status did not show recovery keys in the console.
  • Non-persistent virtual machines were not automatically deleted when the maximum configured number of machines was reached.
  • Correct detection of virtual machines running under the QEMU emulator.
  • Laptops connected to a dock are now correctly reported.
  • Improvements to the status information of Windows computers. The protection has been improved in order to report the status of the protections installed on computers more accurately, even when the protection service is not responding.
  • Fixed a bug to avoid blue screen of death (BSOD) errors if there are continuous restarts of the protection service.
  • Additional checks in the firewall technology to avoid double context flows that could cause a blue screen of death (BSOD) error.
  • If the Power Nap feature of macOS systems was enabled, the protection sometimes reported an incorrect status. This could generate an email alert informing of an incorrect status of the protection.
  • The MAC address of macOS computers was not sent correctly.
  • When installing the protection, if external software deleted the installation configuration file, the protection was not installed and the generic uninstaller was erroneously launched.
  • In very exceptional cases on 64-bit machines, protection updates failed because a file could not be copied.
  • The protection was not installed if it was not possible to uninstall the existing security product from the computer. This was always the case regardless of whether the “Automatically uninstall protections from other vendors” option was enabled or disabled.
  • The option to export blocked programs did not export all available data. Data such as computer names was missing.
  • Now it is not possible to enter more than 15 characters in the “Password required to perform advanced management tasks locally from computers” field of the “Per-computer settings” section.
  • Fixed an issue that caused a BSOD error when using 4G or 5G connections on Windows computers with ARM processors.
  • Fixed an issue with the Android protection when we scanned APK files from unknown sources but didn’t have permission to access the file directly.
  • Updated the Play Core library used by the Android protection to the latest version to fix a vulnerability in versions prior to 1.7.2.

X

07/23/2020

Aether Platform-based products: Release X (07/23/2020)

Adaptive Defense 360: 3.71.00

Agent and protection versions

  • Windows protection: 8.00.17.0001
  • macOS protection: 2.00.06.0006
  • Linux protection: 3.00.00.0050
  • Android agent and protection: 3.5.8
  • Windows agent: 1.16.11.0000
  • macOS agent: 1.10.05.0001
  • Linux agent: 1.10.06.0050

New features

  • Visibility of the activity of the malware and PUPs detected on macOS and Linux systems, including activity details and activity graphs.
  • Visibility of the malware and PUPs detected on macOS and Linux systems in Advanced Reporting Tool (Alerts table).
  • Visibility of the monitoring of macOS and Linux systems in Advanced Reporting Tool (Ops and Install tables).
  • Continuous improvement and adaptation of the Windows protection included in Adaptive Defense/Adaptive Defense 360. Added new sensors to detect in-process privilege escalation attacks, domain controller spoofing, port opening, DNS tunneling, processes launching tasks from the WMI, and attempts to delete items protected by the shield. All these events are included in the collected telemetry to enrich our Intelligence and classify malware and malwareless attacks even faster.
  • Greater integration with the Windows 10 AMSI (AntiMalware Scan Interface). The use of AMSI provides Adaptive Defense with telemetry and additional information about script and macro execution to improve protection without negatively impacting computer performance.
  • The network telemetry collects the actual destination IP when a computer connects to the Internet via a proxy server. Getting the actual IP allows us to check our telemetry against IP-type IOCs (Indicators of Compromise) on our Collective Intelligence platform.
  • Detection and blocking of attempted attacks making use of DCSync and DCShadow techniques with our DPIF (Deep Packet Inspection Firewall).
  • Improved Anti-Tamper protection: Anti-Tamper protection for the communications agent and other protection services. Additionally, we prevent processes required by the protection from being suspended. These measures are extremely important against hackers trying to stop our services and processes.
  • Password-based uninstallation prevention and Anti-Tamper protection enabled by default in the default settings for new customers and in new settings for all customers.
  • Patch Management. The ‘Available patches’ list indicates patches that need a restart after having been installed, thus preventing administrators from re-creating installation tasks for those patches.
  • Patch Management. The ‘Available patches’ list displays the release date of patches, thus providing administrators with another criterion to evaluate the criticality of patches.
  • Device control. Ability to assign an alias to blocked devices, either from the ‘Blocked devices’ list or from the exclusions defined in the ‘Workstations and servers’ settings.
  • Data Control. The Settings screen options have been rearranged. Two new sections have been added: Rule-based monitoring of files and Advanced indexing options, the latter containing the indexing scheduler. The General section is now Personal data (inventory, searches, and monitoring).
  • Data Control. The section Personal data (inventory, searches, and monitoring) provides the ability to configure the monitoring of personal data in email and configure exclusions.
  • Data Control. The section Rule-based monitoring of files provides the ability to specify the default file extensions to which monitoring will be applied.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific files extensions. If any of those extensions is not included in the default list of extensions, the user is given the option to add it automatically to the list.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific file names. All files with the entered names will be monitored.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific file paths. All files in the entered path will be monitored.
  • Data Control. The section Rule-based monitoring of files provides the ability to create monitoring rules based on specific file contents for those files whose contents can be interpreted by Data Contro.
  • Data Control. The section Rule-based monitoring of files provides the ability to apply AND/OR operators when creating rule conditions.
  • Data Control. The section Rule-based monitoring of files provides the ability to group conditions, creating nesting levels related to one another with the logical operators AND/OR.
  • Data Control. The section Rule-based monitoring of files provides the ability to edit and delete rules.
  • Data Control. The section Rule-based monitoring of files provides the ability to select whether you want to monitor files on disk or in email. Monitored operations for files on disk are stored in the usrrules table in Advanced Visualization Tool. The monitoring of files in email applies to attachments included in inbound and outbound email in Outlook 2013 and 2016 for Exchange. Monitored operations are stored in the usrrulesmail table in Advanced Visualization Tool.
  • Data Control. Fixed performance issue when displaying the list of files with personal data for customers with a high volume of files. We have removed the ability to filter files by computer in the list of PII files; nevertheless, it is still possible to view a computer’s PII files from the list of computers with PII files. We have also removed the ability to sort the list of PII files by computer. The list of PII files displays a maximum of 1,000 records, sorted by last connection date.
  • Group picker in the Web console to temporarily restrict the data displayed in dashboards and reports to the computers selected by the user. This allows administrators managing hundreds or thousands of computers to be able to focus on one or multiple specific computer groups at any one time; for example, the server group or all computers at a particular location.
  • Ability to filter computers by IP address range.
  • Ability to filter computers by group. This returns all computers in a group and all its subgroups.
  • Ability to filter computers by the “Last proxy used” property. This enables you to view which computers communicate with which proxy.
  • Email notifications. Computer information is displayed in email notifications when the alert refers to a single computer.
  • Email notifications in all languages supported by the Web console.
  • Android: Android device renames in the Web console are applied to all features provided by the solution, even the alerts sent to users via the ‘Snap the thief’ feature.
  • Hardware inventory. The hardware inventory now displays the BIOS serial number for Windows computers (in the Web console and in the ‘Hardware inventory’ exported file).
  • More control and details during the installation process. The URLs that could not be accessed during the installation process on endpoints are displayed in the local console, agent logs, Event Viewer, and Web console. New step added at the end of the installation process: verification of communications between the protection and servers (Glauka, SRF, Cyren).
  • The role permission ‘Modify computer tree’ is now independent of the permissions to edit settings and run tasks. Therefore, any changes made to those permissions won’t affect the ‘Modify computer tree’ permission.
  • Agent updates are now more robust: auto-recovery in the event of an error.
  • Computers with errors downloading the installer are not displayed as ‘Installing’, but as ‘Installation error’.
  • The customer ID is displayed in the Web console, making it easier to identify the customer account.
  • New fonts and styles in the Web console following Marketing guidelines.
  • New Linux distributions supported: Ubuntu 20.04 and RedHat 8.2. For more information about all supported Linux distributions, click here.
  • Patch Management. Ability to access, from the ‘Available patches’ list, a new Web page with information about high and critical severity vulnerabilities for which exploits are available.
  • Patch Management. Ability to install a specific patch on the computers included in any of the existing filters on the COMPUTERS screen.
  • Patch Management. Improved cancellation of patch installation tasks. Now, cancellation becomes effective on all computers but those where the installation process has already started.
  • Added detailed information (computer, computer group, etc.) in software inventory exports.
  • The ‘Malware run’ and ‘PUPs run’ lists are no longer created by default in new accounts.
  • If upgrades are disabled in a settings profile and a computer is pending a restart to perform the upgrade, the upgrade is aborted on that computer.
  • SQUID technology is disabled by default on macOS computers. Web browsing antivirus and the phishing detection feature won’t be enabled on macOS computers unless the URL Filtering feature is enabled.
  • Advanced protection on Linux systems. Added the ability to detect malicious activity on Linux systems using contextual detections. Contextual detections allow us to proactively detect and prevent malware and malwareless attacks. Malicious actions detected are not blocked by default to avoid possible inconvenience on certain machines. This additional protection layer on Linux systems requires the Linux protection version to be 3.00.00.0000 or later.
  • Advanced protection on Linux systems. Ability to change the configuration of contextual detections on Linux. New options are available (‘Do not detect’, ‘Audit’, and ‘Block’) in the “Detect malicious activity (Linux only)” setting of the advanced protection. This additional protection layer for Linux systems requires the Linux protection version to be 3.00.00.0000 or higher.
  • Ability to install the Linux protection without dependencies.The Linux protection installs by default with dependencies. This means that it makes use of certain system libraries for some of the protection features. However, with Linux servers not connected to the Internet, we recommend that you install the Linux protection without dependencies, thereby avoiding making changes to the system or updating components. See this FAQ for more information about how to install the Linux protection without dependencies. Installing the protection without dependencies requires the Linux agent version to be 1.10.06.0050 or higher and the Linux protection version to be 3.00.00.0050 or higher.
  • Newly created lists do not preload data by default. Data is loaded only after the user selects the appropriate filters. This way, we prevent data loads which, in the case of customers with thousands of computers, can take minutes.
  • Users receiving email notifications from our Aether-based products can now opt out of those messages (unsubscribe).

Bug fixes

  • Fixed bug in the firewall technology that caused a Blue Screen of Death (BSOD) with certain DHCP packets that didn’t meet the required standard.
  • Fixed installation issue when changing the license or applying a private-label version (error 1627).
  • Fixed protection update issue (error 1603).
  • Computers moved from one group to another in Active Directory changed groups in Aether too, but didn’t inherit the settings of the new group.
  • When a customer configured scheduled reports in a specific language, they sometimes received them in a different language.
  • The content of scheduled reports sent via email is now compressed to minimize delivery issues due to exceeding the maximum size allowed.
  • If the user chose to view data from the last 24 hours, the Web monitoring counters showed no data.
  • Fixed Internet connection issues via proxy with some specific passwords on RHEL 6.x and CentOS 6.x systems.
  • Fixed an issue that prevented the protection from installing on certain CentOS 6.x systems.
  • The communications agent was uninstalled when upgrading the version.
  • Computers with new versions of Windows 10 Pro Education and Encryption enabled were not encrypted.
  • Computers with the Encryption module enabled and very fast SSD drives gave rise to a sync issue at boot that caused the computer to keep asking for a restart.
  • When upgrading the protection, if two restarts were required, the second one was requested after 4 hours instead of immediately.
  • If the scheduled time for a protection version upgrade coincided with the Daylight Saving Time or Standard Time change time, the scheduled time was dismissed and the task was never run.
  • Fixed an issue that caused the Internet connection to be lost on macOS systems when using SSL VPN and IKEv2 connections.
  • Fixed an issue on macOS systems when accessing certain URLs with certain applications such as Teams, Google Sync, BOX, and iTunes.
  • On macOS systems, the information displayed in the local console was sometimes not refreshed properly.
  • On macOS systems, it wasn’t possible to connect to Collective Intelligence if the proxy was configured with a password and the password had symbols.
  • The Linux protection froze randomly when scanning very large files.
  • Fixed an issue that caused the Internet connection to be lost on macOS systems when using a Fortinet VPN client.
  • Linux workstations/servers were always restarted after 60 seconds regardless of the time selected in the Aether Web console.
  • The Panda Full Encryption module attempted to encrypt the sandboxes created with Windows Sandbox on Windows 10. Now, those drives are detected correctly and are not encrypted.

IX

01/20/2020

Aether Platform-based products: Release IX (01/20/2020)

Adaptive Defense 360: 3.61.00

Agent and protection versions

  • Windows protection: 8.00.16.0010
  • macOS protection: 2.00.05.0000
  • Linux protection: 2.00.05.0000
  • Android agent and protection: 3.5.8
  • Windows agent: 1.15.00.0002
  • macOS agent: 1.10.04.0000
  • Linux agent: 1.10.04.0000

New features

  • Ability to reinstall the agent. Administrators can now remotely repair computers with agents that don’t communicate with the server. In any event, it is advisable to first contact Support to find the source of the problem and avoid having to continuously reinstall agents.
  • Ability to configure multiple proxies in the same settings profile so that, if one fails, the solution will try the next one in the list and so on. The proxy list can include Panda proxies, corporate proxies, etc.
  • 2FA enforcement. Administrators with Full Control permissions can force all users to use 2FA (Two Factor Authentication) in order to reduce the risk of unauthorized access by hackers or insiders.
  • Added a list showing duplicate computers. When migrating operating systems or restoring computer images, duplicate computers may be generated in the console that use licenses and make computer identification more difficult. This new list identifies duplicate computers, showing those computers that have been offline for the longest time so that administrators can safely delete them in one click.
  • Added a new filter that allows administrators to find computers whose name matches any of the names included in a list of names separated by carriage returns. This new filter is very useful as it allows you to quickly find computers you may want to move, delete, etc.
  • Ability to select the storage drive (C:, D:, etc.) on cache computers.
  • Patch Management: Deployment of non-downloadable patches. Some patches cannot be downloaded because they require user registration or for other reasons. The new version allows you to download those patches manually and copy them to the cache computers on your network for centralized deployment from Aether.
  • Patch Management: The ‘Available patches’ exported file now provides information about each computer’s operating system.
  • Data Control: Executive report . Administrators can now include Data Control KPIs and charts in executive reports.
  • Data Control: Ability to schedule the indexing operations required to generate inventories and perform searches. Administrators can now select when indexing operations must be performed easily and intuitively through a weekly calendar.
  • Data Control: Stop&Continue for full disk scans. Up to now, if a disk scan was not completed (for example, because the machine was shut down), the scanning process stopped and started again from scratch. With Stop&Continue, the scan will resume from the point where it stopped, causing less impact on machines and speeding up the process.
  • Data Control: Simpler configuration. The main options to enable inventories, personal data monitoring, and searches have been placed together in the same section.
  • Data Control: Fixed the 'Not indexed' status. In earlier versions, the ‘Not indexed’ counter counted all machines with Data Control installed, including those machines that did not require indexing because they didn’t have the inventory and searches features enabled. After this fix, the solution counts only those machines that require indexing based on the configured settings but have not been indexed yet.
  • URL Filtering. Added 3 new URL categories: Personal Storage, File Repositories, and Spam Sites.
  • Wildcard characters (* and ?) are now supported when configuring name-based exclusions in the ‘Workstations and servers' settings. These exclusions are used to prevent certain files from being blocked by the advanced protection or scanned due to compatibility issues. It is advisable to minimize the use of exclusions due to the security problems they can cause.
  • Ability to enable/disable the sending of Linux/macOS telemetry. The ‘Advanced protection’ option in the ‘Advanced protection’ section of the ‘Workstations and servers’ settings applies now to Linux and macOS computers as well. These computers will stop sending telemetry if this option is cleared.
  • Support for new Linux distributions: RedHat 7.X (64-bit), RedHat 8.X (64-bit), CentOS 7.X (64-bit), CentOS 8.X (64-bit), Linux Mint 18.X, and Linux Mint 19.X. For a list of all supported Linux distributions, refer to this FAQ.
  • A single installer is now downloaded for Linux systems from the Web console, instead of having to choose between an .rpm or a .deb package. This installer then downloads and installs all other necessary items. This simplifies and optimizes the process as the installer downloads only what is required for each distribution.
  • The issue reporting software (PSInfo) is included in the agent installer. This way, we make sure it is present on all computers on the network, regardless of whether or not there are problems to download it based on the existing permissions on customers’ networks.
  • Support for Android 9 and Android 10.
  • Once installed, the protection for Android devices integrates into Aether before asking the end user to grant the necessary permissions. This enables administrators to manage Android devices from Aether even if the end user has not granted all necessary permissions. In that case, the protection will be shown in Aether with an error so that the administrator is aware of the situation and can act accordingly. The device’s protection will periodically ask the user to grant the denied permissions.
  • New language supported by the Android protection: Danish.
  • The ‘Proxy and language’ settings have been renamed as ‘Network settings.’
  • Changed the description of the Advanced Protection’s 'Hardening' mode in order to indicate that the protection also blocks unknown programs coming from other computers on the network.
  • (Windows protection 8.00 16.0010) Protection with our universal agent against potential attacks exploiting the CVE-2020-0601 vulnerability concerning the correct identification of digitally signed files.
  • On macOS Catalina systems, in order to scan and protect the files that are accessed, downloaded, and run in user folders, instead of excluding the shell, you must now exclude our protection. For more details, please refer to the following FAQ. This change must be applied to all macOS Catalina systems in order to ensure complete protection. Change included in macOS protection version 2.00.05.0000.
  • Support for RedHat 6 and CentOS 6 in their 64-bit versions. Change included in Linux protection version 2.00.05.0000.
  • Support for new kernel versions for RedHat and CentOS 7. This is documented in the following FAQ.
  • Removed the URL Filtering feature for Linux systems since it didn’t provide any value on Linux servers. This way, we simplify the solution and make it more robust. Change included in Linux protection version 2.00.05.0000.

Bug fixes

  • Patch Management: Service Packs were installed in all cases, regardless of the patch installation task settings. This has been fixed so that Service Packs are installed where appropriate based on the task settings.
  • Patch Management: The ‘All’ node of the tree displaying the software to patch in patching tasks now appears as selected in tasks created with a previous version of the solution.
  • Patch Management: Fixed ability to update Windows 10. Feature Pack 1909 using the manual download option.
  • Patch Management: Fix to prevent stopping SQL Server instances when applying patches.
  • Patch Management: In Windows 10 LTSB / LTSC encryption did not work when incorrectly logging in to the operating system.
  • Data Control. Performance and stability: bug fixes and significant improvements aimed at resolving the top performance and stability issues seen in real environments.
  • Data Control: Deletion of temporary files (XLSTMPXXX) that remained after the scan performed by Data Control. Fixes in Windows protection 8.00.16.0010.
  • Installation of the required fonts for our application only in order to avoid interference with other applications.
  • The computer details window now shows the proper installation error code instead of a code for internal use.
  • The system event list now shows all events (no events are hidden at the bottom of the screen).
  • Fixed BSODs caused by the firewall technology in specific environments.
  • Fixed bandwidth loss caused by the firewall technology on computers with high volumes of traffic (servers).
  • Fix (included in Windows protection 8.00.16.0010) for a memory leak on getting telemetry from the login of the users created. This could particularly affect computers/servers that don’t restart for weeks and where there is a large amount of user logins, such as Terminal Servers.
  • Fix (included in Windows protection 8.00.16.0010) for an incident in Exchange Server that caused mail detected as SPAM not to be sent to the folder specified in the settings.
  • Fix to maintain real-time communications after enabling communication via WPAD.
  • Fixed loss of Internet connection on macOS systems when switching from one hotspot/network to another. Change included in macOS protection version 2.00.05.0000.
  • Now, the Exchange Server protection is only registered and installed after it is enabled. This is to ensure it doesn’t interfere with the Exchange Server unless it is enabled. Change included in Windows protection version 8.00.16.0010.

VIII

09/17/2019

Aether Platform-based products: Release VIII (09/19/2019)

Adaptive Defense 360: 3.60.00

Agent and protection versions

  • Windows protection: 8.00.15.0030
  • macOS protection: 2.00.02.0000 and 2.00.03.0000 on Catalina
  • Linux protection: 2.00.02.0000
  • Android agent and protection: 3.4.4
  • Windows agent: 1.14.03.0000
  • macOS agent: 1.10.01.0000
  • Linux agent: 1.10.01.0000

New features

  • Patch Management: Ability to exclude specific patches for a specific computer or the entire organization.
  • Patch Management: Ability to exclude specific software (for example, Java) or entire software families (for example, Adobe or Windows).
  • Full Encryption: Executive reports now include information about the encryption status of computers in the organization.
  • The firewall protection now has full support for IPv6 environments. Ability to create firewall rules based on IPv4 and IPv6 addresses.
  • Ability to automatically detect if computers are connected to a public or private network (location awareness). Ability to create firewall rules for public networks, private networks or both. Rules will be applied based on the network the target computer is connected to.
  • Significant increase in the number of phishing detections thanks to the incorporation of an updated detection engine.
  • Ability to configure a whitelist of trusted URLs and domains that won’t be scanned for phishing or malware.
  • Windows 10’s Fast Startup feature is automatically disabled during protection updates. This way we make sure the protection is updated even on computers with Fast Startup enabled. The Hibernation feature is disabled on computers with updates pending for more than 15 days in order to force users to restart their computers.
  • Ability to block unknown and unwanted applications (basic application control) to stop unwanted applications, reduce bandwidth consumption and comply with regulatory requirements. Applications can be blocked by hash or process name. Blocked applications are displayed in a new widget in the security dashboard.
  • Ability to enable email notifications for blocked applications in the Alerts settings.
  • Ability to associate computers to one or multiple computers with the CACHE role.
  • The option ‘Run a background scan every time there is a knowledge update’ has been disabled in the default settings.
  • If a customer doesn't have any licenses available, and an end user launches an installation directly on their computer, they will be periodically informed in the progress screen that there are no licenses available for that computer. The agent installed on the computer will be integrated into Aether, but the protection will be disabled.
  • The PSINFO tool is now downloaded in compressed format so as not to be blocked by the perimeter protection used by many customers.
  • Ability to reinstall the protection from the web console on computers with protection errors. This option can be accessed by right-clicking any Windows computer from any list in the console.
  • Ability to hide the icon displayed in the Notification area of managed computer from the ‘Per-computer settings’ section.
  • Ability to view the user that is currently logged in to a computer from its ‘DETAILS’ tab.
  • Ability to select visible columns from the ‘COMPUTERS’ tab.
  • Ability to add and integrate computers into groups based on their IP address (IP-based integration).
  • Support for WPAD (Web Proxy Auto-Discovery Protocol). You can specify the URL from which to download the proxy policy file for your organization. Otherwise, the Aether agent will launch a discovery scan to automatically obtain the proxy.
  • Ability to schedule periodic tasks to send the executive report and any list or COMPUTERS view in the console to the specified email addresses.
  • If protection installation fails, more details are provided along with the error code.
  • If the status of a customer is ‘expired’ after the grace period is over, no messages will be accepted from the customer’s computers, and all tasks related to the account will be stopped.
  • If messages are received from the agents installed on the computers of a customer that has been deleted because all of their licenses expired days ago, a command will be sent to automatically uninstall all agents.
  • Added new options to filter computers by last connection date.
  • Added new filters (Security - Advanced protection mode, and Computer - Reinstalling protection and Pending restart).
  • Administrators can detect agent deployment problems and check the status of installed agents with their management tools or directly on computers by accessing their Event Log.
  • Use of AMSI (Antimalware Scan Interface) technology in Windows 10 in our protection for Windows. The use of AMSI allows us to obtain telemetry and extra information in Adaptive Defense in the execution of scripts and macros in order to improve the protection without impacting the performance of the computer.

Bug fixes

  • Patch Management: When installing SQL Server patches, it wasn’t clear whether all SQL Server instances on the target computers needed to be patched.
  • Customers’ Software lists displayed duplicate records.
  • Scheduled reports continued to be sent to customers whose licenses had expired.
  • If a Discovery computer sent more than 100 discovered computers, computers in excess of that number were not checked against already integrated computers, which could result in duplicate records.
  • If there was an error updating the protection, the protection status was incorrectly reported.

VII

05/06/2019

Aether Platform-based products: Release VII (05/06/2019)

Adaptive Defense 360: 3.50.00

Agent and protection versions

  • Windows protection: 8.00.14.0002
  • macOS protection: 2.00.02.0000
  • Linux protection: 2.00.02.0000
  • Android agent and protection: 3.4.4
  • Windows agent: 1.13.04.0000
  • macOS agent: 1.10.01.0000
  • Linux agent: 1.10.01.0000

New features

  • Patch Management: Ability to disable Windows Update to centrally manage all patches (operating system and third-party software).
  • Patch Management: Ability to isolate computers from the 'Available patches' list, making it easier to isolate computers based on a specific patch or CVE.
  • Patch Management: Added the following information to executive reports: Patch Management status, Top 10 most vulnerable computers, and Top 10 most critical patches.
  • Patch Management: New context menu for the tasks displayed in the 'Last patch installation tasks' widget. This menu allows you to cancel tasks or view their results.
  • Patch Management: If an error occurs, the error code is now displayed in the file obtained when exporting the installations list and on the page detailing the result of a patch installation task.
  • Data Control: Ability to delete files and restore them within 30 days after deletion. Charts showing deleted files, lists with filter options, and ability to export to CSV the list of files deleted in a given time period or historically.
  • Data Control: Ability to search for duplicate files by content.
  • Data Control: Ability to set exclusions by folder, file, and file extension for the inventory, search and monitoring features.
  • Data Control: Ability to perform searches not only by text, but also by numeric and alphanumeric content.
  • Data Control: New options to select the PII entities to look for in advanced searches: find files with all selected items ('and' logic) or with any of the selected items ('or' logic).
  • Data Control: New context menu for searches with the ability to relaunch and edit them.
  • Data Control: Ability to expand the chart of files with personal data, and use the chart legend to select/unselect the types of data displayed.
  • Data Control: Ability to get inventories filtered by computers from the list of computers with personal data.
  • Data Control: Support for CSV files.
  • Data Control in AVT: We have replaced the individual counters of PII entities with Yes/No values. Added a new field to display the estimated number of PII entities. This field will indicate the number of PII entities confirmed by the technology.
  • Full Encryption: Ability to fully encrypt/decrypt all disk drives using BitLocker.
  • Full Encryption: Support for multiple authentication methods, including two-factor authentication (TPM) and boot password.
  • Full Encryption: Central management of recovery keys from the console.
  • Full Encryption: Automatic installation of BitLocker on compatible servers.
  • Full Encryption: Automatic creation of the unencrypted system partition required for startup.
  • Full Encryption: TPM activation.
  • Full Encryption: Full visibility of the organization's encryption status through a dedicated dashboard and filter-based lists.
  • Full Encryption: Central management of settings from Aether. Enforcement of administrator policies over local user settings.
  • Full Encryption: Encryption date for each computer, as required by certain regulations.
  • Full Encryption: Granular permissions.
  • Support for non-persistent VDI environments. Requires following the procedure described here.
  • Anti-theft protection for Android devices. Geolocation to locate lost or stolen devices, remote lock, remote wipe to delete all sensitive information from devices, ability to turn on the device's camera to take a photo of the potential thief and email it, and ability to trigger an alarm to locate your device or discourage the thief.
  • Native support for Android 8.
  • Software list detailing the software installed across the entire network (name, publisher and version). Ability to see, for each software package detected, the number of computers that have it installed and access details of those computers.
  • Hardware list detailing the hardware installed across the entire network (disk, CPU and available memory information).
  • Ability to deploy the Aether agent remotely from the list of discovered computers for computers with the traditional platform agent installed (which will be uninstalled).
  • Ability to select all computers in the Computers list at once without having to do so page by page. This allows you to take bulk actions on a large number of computers (isolate, scan, etc.) in one go.
  • Now, the searches performed from the Computers list also search the description field (comments) and IP addresses.
  • Improvements to make finding settings easier: ability to sort the settings created in ascending or descending order by creation date and name.
  • Ability to maintain, for each user of the management console, the state of the group and filter tree between sessions.
  • Support for Exchange Server 2019, the new version of Exchange Server.
  • Agent and protection certification on Windows 10 RS6.
  • Dozens of console improvements aimed at improving usability without affecting granularity or flexibility.
  • The ‘Users’ list now shows an icon next to users with Two-Factor Authentication (2FA) enabled in their profile.
  • The ‘Details’ tab for Windows computers displays the date and time when the computer settings were last checked.
  • The option to send email notifications when a malware URL, phishing threat or intrusion attempt is detected or access to a device is blocked has been disabled in the default settings.
  • The generic uninstaller, used when required during protection upgrades, is now downloaded in compressed format so as not to be blocked by perimeter protections.
  • Telemetry is sent from our protections for macOS and Linux to both ART and the SIEM solutions used by customers who contract SIEMFeeder.
  • Support for Debian 8, 9 and 10.
  • Support for new Ubuntu versions: 18.04 and 19.04.
  • Support for new Fedora versions: 26, 27, 28, 29 and 30.

Bug fixes

  • From this version on, users are prevented from editing or deleting the settings assigned to those computers not visible to them.
  • Automatic execution of the generic uninstaller if a protection update fails because the target computer is shut down in the middle of the process or for another reason.
  • Ability to keep the cache after updating the protection. This change will take effect in protection updates from this version and later.
  • Patch Management: Non-downloadable patches were shown on the list of available patches, despite those patches were filtered out.
  • Patch Management: Several fixes to patch installation.
  • Browsing problems on macOS computers with IP addresses outside the IPv4 ranges specified in the RFC 1918.

VI

10/22/2018

Aether Platform-based products: Release VI (10/22/2018)

Adaptive Defense 360: 3.41.00

Agent and protection versions

  • Windows protection: 8.00.12.0002
  • macOS protection: 1.02.02.0000
  • Linux protection: 1.02.01.0000
  • Android agent and protection: 3.2.4
  • Windows agent: 1.12.03.0000
  • macOS agent: 1.07.04.0000
  • Linux agent: 1.07.03.0000

New features

  • Patch Management: New details screen for installed and uninstalled patches, accessible from the installation history and from the results of a patch installation task.
  • Patch Management: Ability to roll back (uninstall) patches for those programs that support this feature. This option is available on the details page of installed patches.
  • Patch Management: Non-security patches are not displayed as Critical and are not installed by default in patch installation tasks.
  • Patch Management: Added a new widget that provides quick access to End-of-Life (EOL) software: software currently in EOL, software that is currently in EOL or will be in EOL in a year, and software with a known EOL date.
  • Patch Management: Ability to restart servers without a logged-in user that require a restart to finish installing a patch.
  • Patch Management: Update of the 'Available patches' information after restarting a computer.
  • Data Control. Status dashboard: New widget to show what features are active in the endpoints and servers: advanced search, inventory and / or monitoring and capacity to obtain its lists.
  • Data Control. Status dashboard: Redesign of the Data Control Status widget that now represents more clearly the Deployment Status.
  • Data Control. Inventory: KPI with the number of PII files and evolution chart.
  • Data Control. Inventory: KPI with the number of computers with PII files and evolution chart.
  • Data Control. Inventory: Chart showing the number of PII files by personal data type (e.g. number of PII files with credit card numbers).
  • Data Control. Inventory: List of PII files with ability to search, filter, add lists to the 'My list' panel and export lists
  • Data Control. Inventory: List of computers with PII files, with the ability to see the evolution of the number of PII files found between two dates.
  • Data Control. Inventory Settings: Ability to change settings to enable inventory generation.
  • Data Control. Granular permissions: New permission to control the ability to view inventories.
  • Data Control. Advanced search: Improved usability by selecting the personal data to search for through checkboxes.
  • Data Control: Available in Spain, Germany, UK, Sweden, France, Italy, Portugal, the Netherlands, Finland, Denmark, Switzerland, Norway, Austria, Belgium and Hungary.
  • Advanced Reporting Tool. Greater granularity of permissions: Two new permissions to separate the information available to IT/Security managers and to personal data processors. More specifically, you can configure access to the Data Access Control application, which collects particularly sensitive information (in the monitoredopen table).
  • Greater details in executive reports. More information available in executive reports: top 10 computers with most detections, 10 latest malware, PUP and exploit detections, and greater details in different sections.
  • New category added to the Web access control feature: Cryptocurrency Mining. This protection blocks all URLs designed to attack workstations and servers in order to mine cryptocurrencies, using up CPU resources and seriously affecting computer performance.
  • The first Windows computer where the protection is installed is designated as discovery computer to automatically discover unprotected computers on the network.
  • Dozens of console improvements aimed at improving usability without affecting granularity or flexibility.
  • Agent and protection certification on Windows RS5 and Windows Server 2019.
  • Support for Mojave, the newest version of the macOS operating system.

Bug fixes

  • Fixed bug in executive reports scheduled to be sent by email and created by partners by accessing clients' consoles via Single Sign-On.
  • Fixes for potential BSoDs caused by firewall drivers
  • Fixed bugs in protection updates

V

08/06/2018

Aether Platform-based products: Release V (08/06/2018)

Adaptive Defense 360: 3.40.00

Agent and protection versions

  • Windows protection: 8.00.10.0001
  • macOS protection: 1.02.01.0000
  • Linux protection: 1.02.01.0000
  • Android agent and protection: 3.2.4
  • Windows agent: 1.11.00.0000
  • macOS agent: 1.07.03.0000
  • Linux agent: 1.07.03.0000

New features

  • New Patch Management module: Patching of Windows operating systems and hundreds of third-party applications (Java, Adobe, Firefox, etc.)
  • New Patch Management module: Dashboards showing the patch status of the corporate network (outdated computers, missing patches, etc.)
  • New Patch Management module: Customizable lists and filters to find computers missing security patches, non-security patches and Service Packs
  • New Patch Management module: Ability to search for patches by computer, program, patch name or CVE
  • New Patch Management module: Ability to find programs in End-Of-Life (EOL) stage
  • New Patch Management module: History of all patching activity
  • New Patch Management module: Visibility into missing patches by computer and group
  • New Patch Management module: Configuration of patch searches (frequency, patch types to find, etc.)
  • New Patch Management module: Combined with Adaptive Defense, ability to isolate computers with critical vulnerabilities and patch them once isolated
  • New Patch Management module: Manual patching in real time
  • New Patch Management module: Ability to schedule patching tasks
  • New Patch Management module: Ability to configure computer restarts if required
  • New Patch Management module: Automatic management of patch interdependencies
  • New Patch Management module: Centralized storage of downloaded patches on cache computers
  • New Patch Management module: Roles with granular permissions to control access to the Patch Management features
  • Data Control: Dashboard showing the Data Control status of the network (computers without a license, offline computers, outdated computers, unindexed computers, etc.)
  • Data Control: Ability to perform quick and advanced searches on files by content, file name and extension. Two types of advanced searches are supported: free searches and guided searches with the ability to configure searches by file type, target computer, and search timeout
  • Data Control: Ability to perform up to 10 simultaneous searches on the network. Ability to cancel running searches at any time
  • Data Control: Ability to save and view recent searches. Ability to rename, relaunch and delete saved searches, as well as accessing search results
  • Data Control: List of files found during searches. Ability to filter results and export them to .CSV format
  • Data Control: Details on the files found during searches with information on the PII held (first and last names, ID card numbers, email addresses, etc.)
  • Data Control: List showing the status of the computers where personal data is searched for with the ability to filter information
  • Data Control: Added new granular permissions to search for personal data on network computers
  • Data Control: Predefined alerts in Advanced Visualization Tool to report anomalous activities on persona data files
  • Data Control: Available in Spain, Germany, UK, Sweden, France, Italy, Portugal, Netherlands, Finland, Denmark and Switzerland
  • Computer isolation. Now available for Windows servers as well. Ability to contain infections and potential infections by isolating specific computers, computer groups or the entire organization
  • Improvements to the local alerts displayed in multiuser environments
  • Advanced management settings for optimized performance on Gigabit Ethernet networks: ability to enable optimization settings on demand by contacting Support
  • Optimized performance with virtual adapters (Hyper-V, VMware, Citrix and VirtualBox): ability to enable optimization settings on demand by contacting Support
  • Improved integration with WDSC (Windows 10 RS2 or later)
  • Device Control won't install until the module is enabled through the settings
  • Usability improvements: filters and search options for tasks, more details on cache computers, etc.

Bug fixes

  • Fixed bug to allow settings to be inherited when moving a computer to its Active Directory group
  • Fixed bug to display the 'Trusted programs' bar in scheduled reports
  • Fixed bug to allow computers that connect to the Internet via a Panda proxy to access cache computers
  • Improved compatibility with third-party drivers (Fortinet, CheckPoint, SonicWall and VPNs)
  • Fix for potential BSoDs caused by a driver used to collect network data from the operating system
  • Fixed bugs in URL filtering and categorization
  • Improved loading of the Outlook plug-in (PSINOlkAddIn)
  • Fixed bugs in protection updates
  • Fixed bugs in Linux protection
  • Fixed bugs in macOS protection

IV

03/20/2018

Aether Platform-based products: Release IV (03/20/2018)

Adaptive Defense 360: 3.30.00

Agent and protection versions

  • Windows protection: 8.00.01.0000
  • macOS protection: 1.02.00.0000
  • Linux protection: 1.02.00.0000
  • Android agent and protection: 3.2.4
  • Windows agent: 1.10.00.0000
  • macOS agent: 1.07.02.0000
  • Linux agent: 1.07.02.0000

New features

  • New module: Data Control. Data Control finds, audits and monitors the personal data stored on endpoints and servers. This module assists organizations in complying with personal data protection laws such as the GDPR (General Data Protection Regulation), and is available in Spain, Germany, Sweden, United Kingdom, Italy and France.
  • Computer isolation. Ability to contain infections and potential infections by isolating specific computers, computer groups or the entire organization from the rest of the network. Computers are isolated in real time. Isolated computers will only be able to connect to Panda's servers in order to allow security administrators to change settings, launch disinfection tasks, etc.
  • Email alerts for the detections made by the antivirus protection
  • Email alerts every time new unprotected computers are discovered
  • Ability to launch and schedule tasks for computer groups
  • Ability to uninstall the agent and the Windows protection from the Web console
  • More details about the most common protection installation errors
  • New features added to the protection for Linux and macOS systems (real-time communications, double-click installation, ability to launch scan tasks from the Web console, managed computer restarts, and settings management)
  • Access from the Recipients section to the list of all computers that a specific task or settings profile is applied to
  • Remote installation from any discovery computer, not only from the last computer that discovered an unmanaged device
  • New Anti-Tamper protection to prevent Panda Security's drivers and services from being stopped
  • Support for Windows 10 RS4
  • Support for Windows Server Core 2016
  • Aesthetic and usability improvements to the Web console

Bug fixes

  • Advanced management on Gigabit Ethernet networks (using NBLs) to optimize performance on these networks when Panda's firewall is on

III

11/15/2017

Aether Platform-based products: Release III (11/15/2017)

Adaptive Defense 360: 3.20.00

Agent and protection versions

  • Windows protection: 7.70.02.0000
  • Linux protection: 1.00.00.0000
  • Android agent and protection: 3.2.4
  • Windows agent: 1.09.00.0000
  • Linux agent: 1.07.00.0000

New features

  • New look and feel for the widgets displayed on the STATUS page. The new colors are associated with the risk and more data is displayed in less space
  • We have improved administrators' first experience using the product by guiding them through the process of installing the protection agent.
  • Button to access Panda Cloud, the page that allows customers to access the Panda Security products they have contracted
  • Automatic discovery of unprotected computers
  • Ability to remotely install from the Web console the agent and the protection on all unmanaged computers discovered
  • Merging of the custom and Active Directory trees, so that all actions that administrators can take on the custom tree (settings, etc.) can also be carried out in Active Directory
  • A message has been included in the Web console explaining that Adaptive Defense's Hardening mode blocks not only unknown programs coming from the Internet but also from external storage drives.
  • We have improved the malware/PUP activity alerts and blocked program notifications to show information in a clearer, more organized way
  • Improved malware/PUP activity alerts to include information about the command line and the parameters used to launch programs. Additionally, it is now possible to export to CSV the information about the lifecycle of all malware detected in the organization
  • Ability to send email alerts (malware and PUP detections, blocked program and unprotected computer notifications) to users based on the computers visible to them. These alerts can now be configured for each user of the Web console
  • For customers with the advanced protection in Lock mode, all untrusted programs run before the Panda protection was started are closed.
  • More powerful exclusions for blocked programs. Excluding a file with an .EXE or .COM extension will allow the execution of both the program and its libraries on all computers (unless they are known threats). These programs and libraries will continue to be monitored by our Collective Intelligence platform ad Threat Hunting Team in order to determine whether they are malware or goodware
  • Ability to disable real-time communication with computers (advanced option in the proxy settings) for those companies which don't want to have an open socket for each managed computer (this is required for real-time communication)
  • Time range picker to display CPU/memory usage in the last hour, last 3 hours, or last 24 hours
  • Ability to access the latest Release Notes from the product's Web console
  • Customers have the ability to give Panda Security's Support team access to their product console to speed up troubleshooting
  • New supported languages: Russian, Japanese and Finnish (in the latter case only the local console)

II

7/28/2017

Aether Platform-based products: Release II (7/28/2017)

Adaptive Defense 360: 3.10.00

Agent and protection versions

  • Windows protection: 7.70.02.0000
  • Linux protection: 1.00.00.0000
  • Android agent and protection: 3.2.3
  • Windows agent: 1.08.02.0000
  • Linux agent: 1.07.00.0000

New features

  • Integration of the full portfolio of Panda's security solutions into Aether: Panda Endpoint Protection, Panda Endpoint Protection Plus, Panda Adaptive Defense and Panda Adaptive Defense 360
  • Updated the PROTECTION STATUS widget to include protected computers
  • Detailed information about the licenses contracted by customers
  • Centralized sending of email alerts regarding unprotected computers
  • Role-based computer visibility
  • Information about the patches installed on each computer
  • Ability to define the target (computers or groups) of settings when configuring them
  • Ability to define Repository/Cache computers to optimize bandwidth usage
  • Ability to notify a problem or incident to Panda directly from the Web management console
  • New widget on the STATUS page to show the activity of the exploits detected by the Anti-Exploit technology
  • New supported languages: Swedish, French, Italian, German, Portuguese and Hungarian
  • Online help in HTML format

Bug fixes

  • One-time bug installing the agent on certain Windows computers

I

5/16/2017

Aether Platform-based products: Release I (05/16/2017)

Release of Panda Adaptive Defense 360 on Aether, Panda Security's new and innovative management platform

  • Aether is Panda's new platform that integrates all of the company's endpoint solutions. Aether Platform's vision is to provide full security management capabilities from the cloud. With Aether Platform, organizations can centrally manage all of Panda's products with a single agent from a single Web console

Aether Platform: Key benefits and features

  • Ability to deploy settings and tasks in real time to hundreds or thousands of computers
  • Flexible computer organization: filters, customizable tree and Active Directory integration
  • Information about each computer's hardware and software components
  • Ability to track users' activity on the Web management console
  • User permissions (roles) to deny users particular actions
  • Ability to set up tasks independent from the general settings with advanced options such as maximum run time and expiration times
  • And many other new features that make Aether Platform the best platform to centrally manage Panda's security products