The Intelligent Sandbox updated content packages for versions 4.8, 4.10, 4.12, 4.14, 5.0, and 5.2 are now available.
The detection packages add detection updates to Intelligent Sandbox. The updates include the following changes:
- Rules to detect 3DES encryption.
- Rules to detect certificate addition in root.
- Rules to detect Peter and RIP ransomware.
- Rules to detect querying the Windows Registry to gather information about the system, configuration, and installed software.
- Rules to detect starting a new /existing service using executables.
- Rules to detect multiple attempts to map a network drive using multiple credentials.
For more details on changes and fixes, read the Release Notes.
Package details by version are as follows:
- atd-detection-img-5.2.0.230210-5.2.0.x86_64.rpm
- atd-detection-img-5.0.0.230210-5.0.0.x86_64.rpm
- atd-detection-img-4.14.2.230210-4.14.2.x86_64.rpm
- atd-detection-img-4.12.4.230210-4.12.4.x86_64.rpm
- atd-detection-img-4.10.2.230210-4.10.2.x86_64.rpm
- atd-detection-img-4.8.2.230210-4.8.2.x86_64.rpm
Customers can update to the detection package using the following two options:
- Product UI: Access on the Intelligent Sandbox/ATD UI at: Manage, Image & Software, Content Update, Detection Pkg.
- Product Downloads site: Customers can download the content updates, behind appropriate grant numbers, from the Product Downloads site.