We are pleased to announce that our latest Trellix Endpoint Detection and Response with Forensics (EDRF) Cloud threat detection update for March 2026 is now available.
This cumulative report summarizes our February 2026 release, delivering 76 new detections and 85 rule enhancements to strengthen your environment.
Key threat coverage:
- Expanded wiper and stealer coverage: We have added new protections against SantaStealer, DynoWiper, and LazyWiper.
- Advanced technique detection: We have added coverage for Muddled Libra actors and Bring Your Own Vulnerable Driver (BYOVD) attacks that attempt to disable EDR tools.
- DCRat campaign analysis: We have implemented detection for active spear-phishing campaigns utilizing malicious .svg attachments.
These updates are fully compatible with all EDR and EDRF client versions. There is no action required on your part.
For more details and a complete list of the changes, see the release details in the Knowledge Base article Trellix EDRF Cloud Threat Detection Updates – March 2026.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.