The Intelligent Sandbox updated content packages for versions 4.8, 4.10, 4.12, 4.14, 5.0, and 5.2 are now available.
This detection package adds detection updates to Intelligent Sandbox. This update includes the following changes:
- Coverage for Cylance ransomware.
- Coverage for Dark power ransomware.
- Rules to detect usage of NetUserEnum.
- Rules to detect modification of Driver Signature Enforcement.
- Rules to detect file deletion and service removal from Windows.
- Rules to detect kernel exploits.
- Rules to detect resource addition into Virtual memory.
- Rules to detect disabling server certificate check for file transfer.
- Rules to detect using PowerShell web request cmdlets for Exfiltration.
For more details on changes and fixes, read the Release Notes.
Package details by version are as follows:
- atd-detection-img-5.2.0.230410-5.2.0.x86_64.rpm
- atd-detection-img-5.0.0.230410-5.0.0.x86_64.rpm
- atd-detection-img-4.14.2.230410-4.14.2.x86_64.rpm
- atd-detection-img-4.12.4.230410-4.12.4.x86_64.rpm
- atd-detection-img-4.10.2.230410-4.10.2.x86_64.rpm
- atd-detection-img-4.8.2.230410-4.8.2.x86_64.rpm
Customers can update to the detection package using the following two options:
- Product UI: Access on the Intelligent Sandbox/ATD UI at: Manage, Image & Software, Content Update, Detection Pkg.
- Product Downloads site: Customers can download the content updates, behind appropriate grant numbers, from the Product Downloads site.
