The Intelligent Sandbox updated content package for versions 4.10, 4.12, 4.14, 5.0, and 5.2 are now available.
This detection package adds detection updates to Intelligent Sandbox. This update includes the following changes:
New Rules:
- Coverage for Agenda ransomware
- Coverage for Benioku ransomware
- Rules to detect malicious LNK files leveraging PowerShell and Explorer.exe for content on port 80
- Rules to detect malicious load execution behavior in files
- Rules to detect DLL loaders in startup applications with legitimate names
- Rules to detect attempts of unpacking Windows credentials into plain text
- Rules to detect attempts of disabling Windows task Manager
For more details on changes and fixes, please read the Release Notes.
This detection package is released using common detection package format. To install and apply a common detection package, either use Intelligent Sandbox 5.2.2 or newer version, or install a patch of KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package if your Intelligent Sandbox is version 5.2.0 or older. See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for details about the common detection package format.
Package build number: 5.2.4.231110
Customers can update to the detection packages using the following two options:
- Product UI: Access the Intelligent Sandbox (ATD) UI at Manage > Image & Software > Content Update > Detection Pkg.
- Download Server: Customers can download the content updates, behind appropriate grant numbers, from the Download Server.
For more information, see the Release Notes.