The Intelligent Sandbox updated content package for versions 4.8, 4.10, 4.12, 4.14, 5.0, and 5.2 are now available.
This detection package adds detection updates to Intelligent Sandbox. This update includes the following changes:
New Rules:
- Coverage for kanti ransomware
- Coverage for Trojan romGenric
- Rules to detect process injection attempts involving reflective DLL loading
- Rules to detect suspicious system32 processes.
For more details on changes and fixes, please read the release notes.
This detection package is released using common detection package format. To install and apply a common detection package, either use Intelligent Sandbox 5.2.2 or later, or install a patch if your Intelligent Sandbox is 5.2.0 or older. See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for the details about the common detection package format.
Package build number is: 5.2.2.230907
Customers can update to the detection packages using the following two options:
- Product UI: Access on the Intelligent Sandbox (ATD) UI at: Manage > Image & Software > Content Update > Detection Pkg.
- Download Server: Customers can download the content updates, behind appropriate grant numbers, from the Product Downloads site.