To provide quality improvements and general enhancements related to malware detection, Trellix Guest Images (GI) Release 24.0101 will be made available for download from our Dynamic Threat Intelligence (DTI) as per the Download Schedule detailed below.
Trellix strongly recommends enabling auto-update for GI releases and always using the latest GI release to ensure optimal security efficacy.
Download schedule
- 10 December 2024: Email Security – Server (EX), Malware Analysis (AX), File Protect (FX)
- 12 December 2024: Network Security (NX), Virtual Execution - Server (VX)
For Trellix offline GI updates and one-way license customers, Trellix GI Release 24.0101 will be available on the Offline Portal (OLP) no later than 20 December 2024.
Release summary
Enhancements in GI Release 24.0101:
-
Significant detection and performance improvements on Windows 10. This feature includes improved support for the following aspects:
- Reporting of code injection
- Logging low level API
- Command line output capture support
- Monitoring and reporting of PowerShell event
- Secondary phase analysis for executables
- Keylogger detection
- Reporting of WMIC baseboard query check
- Detection enhancement for DLL files
- URL extraction from active memory regions
- HTML based attack detection
- Script file attacks detection
- Default Windows 10 profile for 64-bit PEs
- Detection of malicious Qakbot samples
- Enhanced reporting of events related to sandbox evasion
- Evasion handling for memory check samples and OS resolution
- Detection for python based executables
- Sample submission through-put improvements
- Improvement detection for ransomware samples
- Detection enhancement for samples requiring elevated privileges
- Enhanced support for memory dump extraction
- Added support and classification for ~23 different MITRE ATT&CK tactics
- Improved browser support
Notes: The above Trellix OS releases enable automatic GI updates by default. The update to GI Release 24.0101 will therefore occur automatically on these systems unless automatic GI updates have been disabled.
A minimum of 200GB of free space in the /data partition is recommended prior to upgrading. Use the show file system command to verify free space. If you use offline GI updates or have a one-way license, you may need to create more disk space before updating GI 24.0101. GI 24.0101 is compatible with OS Releases 9.1.x and 10.x of the appliance build. The latest version of Security Content must be installed on the appliance.
Modifying file associations will affect the performance and detection capability of GIs. Trellix recommends that users do not modify file associations.
For further details on upgrading, please log in to the Documentation Portal and refer to the document: Guest Images 24.0101 Release Notes.