Trellix Operating System Release 11.0.0 for Email Security - Server, Intelligent Virtual Execution - Server, Malware Analysis, File Protect, and Central Management will be available for download today from our Dynamic Threat Intelligence (DTI) Cloud.
Trellix Network Security (NX) 11.0.0 is scheduled for release in the coming weeks, delivering enhanced security capabilities to strengthen enterprise security.
11.0.0 releases include various fixes in addition to the new features and enhancements described below; please refer to the appropriate Release Notes for a complete list of all the fixes.
Following new features and enhancements common to multiple products are included in this 11.0.0 release
- Base Platform upgrade to AlmaLinux 9.2 for security hardening, enhanced stability, and performance
- The OpenSSL library is upgraded to version 3.1.x to strengthen security, enhance performance, and extend cryptographic functionality
- Multiple vulnerabilities are addressed in the Release
- Ingestion of third-party threat intelligence feeds using TAXII on Email Security - Server, Malware Analysis, and File Protect
- Ability to query Private GTI on Email Security - Server, Malware Analysis, and File Protect in Release 11.0. pGTI integration is available on the IVX - Server from Release 10.0.2 onwards
- Support for regex pattern matching for URLs in custom allowed list and blocked list on Email Security - Server, Malware Analysis, and File Protect
New features and enhancements in Email Security - Server 11.0.0
- Support for URL regex pattern to ignore the rewrite of certain URLs
- Enhanced QR-code detection for QR codes present in PDF and DOCX
- Show QR-code based attacks
- Support for analyzing emails in case of bypass mode
- Sender based tracking protection
- Support for releasing emails from quarantine based on MD5 or URL
- Enhanced remediation support for Microsoft Exchange Server - On-premises
New features and enhancements in File Protect 11.0.0
- Configuring custom allowed and blocked lists via the WebUI
- WebUI support for on-premise S3 storage
New features and enhancements in Malware Analysis 11.0.0
- Enable VNC mode for all malware submissions via CLI and UI
- Add custom IOC feeds via the WebUI
New features and enhancements in Intelligent Virtual Execution - Server 11.0.0
- The enhanced VX web UI now provides a comprehensive view of file analysis across the IVX cluster, including all submission types (manual, API, and sensor), artifact downloads, a dashboard for key insights, and notifications for malicious submissions
- ICAP functionality on the IVX Server now supports REQMOD
- Exclude specific file types from being scanned during malware analysis using CLI commands
- Support for backing up and restoring submission records across clusters using CLI commands
- New CLIs to extend retention capabilities for malicious and non-malicious data reports and artifacts
- Auto Enable/Disable of Broker role in IVX Cluster operations when a user creates or deletes a cluster through the CLI
New features and enhancements in Central Management 11.0.0
- Alert triage bundles can now be fetched through the CMS web service API
- CMSHA support on Azure
- The 3rd Party Feeds page is now available on the Central Management System
- Allow users to enable VNC for submissions made through a malware repository from the Malware Analysis and Central Management System
Managed Defense Compatibility
If you are a Managed Defense customer interested in upgrading, please coordinate with your Managed Defense Consultant.
Notes:
The 11.0 releases require a reboot to take effect.
Trellix OS Releases 10.0 and 11.0 will not be supported on x400 appliances, NX 10550, and VX 12500 platforms.
You can upgrade your IVX appliance to version 11.0.0 from versions 9.1.x or later. However, you cannot upgrade clusters directly from versions 9.1.x or 10.0.x to 11.0.0. To upgrade, you must first dismantle the cluster and then upgrade each IVX standalone node individually to version 11.0.0.
You can upgrade your Email Security - Server, File Protect, Malware Analysis, and Central Management appliances to Trellix OS release 11.0 from version 9.1.0 or later. If your Email Security - Server, File Protect, Malware Analysis, or IVX appliances are managed by a Central Management appliance, the Central Management appliance must be running Trellix OS 11.0 before upgrading the managed appliance(s).
After the upgrade to version 11.0, certain processes will be in a pending state until new security content is downloaded and installed. The security content is downloaded and installed automatically for online customers. Offline customers must manually download and install the new security content after upgrading appliances to version 11.0.
Before upgrading your appliances to Trellix OS 11.0, modify any custom YARA rules to YARA 4.5.0.
Trellix strongly recommends automatic downloading of Guest Images in order to maintain the most recent version. Automatic downloading is enabled by default. The update to GI Bundle 24.0702 will therefore occur automatically on version 11.0 systems unless automatic GI updates are disabled. If automatic downloading is not enabled, enable it with the command fenet guest-images auto enable. Running an outdated version of Guest Images results in a loss of performance and detection capability.
For further details on the features and fixes included in this release, as well as for information on how to upgrade, please log in to the Trellix Customer Support Portal using your Trellix support credentials and refer to the documents Email Security - Server 11.0 Release Notes, Virtual Execution 11.0 Release Notes, Malware Analysis 11.0 Release Notes, File Protect 11.0 Release Notes, Central Management 11.0 Release Notes.