An updated content package for Trellix Intelligent Sandbox (TIS) 4.10, 4.12, 4.14, 5.0, and 5.2 is now available.
This detection package adds detection updates to TIS. This update includes the following changes:
New Rules:
- Coverage for NineRAT Trojan.
- Rules to detect Trojan behavior such as creating scheduled tasks, masquerading within Microsoft services, and placing library files within Windows directories
- Rules to detect file creation from resource sections using cryptographic APIs
- Rules to detect downloading attempts of malicious shellcode over a command and control (C2)
This detection package is released using the common detection package format. To install and apply a common detection package, either use TIS 5.2.2 or a newer version, or install a patch of KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package if you have TIS 5.2.0 or earlier installed.
See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for details about the common detection package format.
See KB96550 - How to enable support for the Intelligent Sandbox and Advanced Threat Defense common detection package for details about the common detection package format.
Package build number: 5.2.4.240111
Customers can update to the detection packages using the following two options:
- Product UI: Access on the TIS (ATD) UI at Manage > Image & Software > Content Update > Detection Pkg
- Download Server: Customers can download the content updates, behind appropriate grant numbers, from the Download Server
For more information, see the Release Notes.