Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Dell Endpoint Security Suite Enterprise Release Notes

Summary: This article contains release notes for Dell Data Protection Endpoint Security Suite Enterprise.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Symptoms

Note:

Affected Products:

Dell Endpoint Security Suite Enterprise

Affected Operating Systems:

Windows
Mac
Linux


Cause

Not applicable.

Resolution

Customers leveraging Dell Endpoint Security Suite Enterprise can enable autoupdate using their Dell Security Management Server’s WebUI to receive this update and it to be applied to all their endpoints. For more information, reference the Dell Endpoint Security Suite Enterprise Advanced Installation Guide from https://www.dell.com/support/home/product-support/product/dell-dp-endpt-security-suite-enterprise/docs.

If you cannot enable autoupdate, then an offline update package can be requested from Dell ProSupport.

Version Legend:

  • Versions ending in 1 (example: 2.0.1491.xx) - Dell Endpoint Security Suite Enterprise - Generally available release
  • Versions ending in 5 (example: 2.0.1495.xx) - Dell Endpoint Security Suite Enterprise - Patch release
Note: Updates may not properly apply if the proper root certificates are not present within the Operating System that the updates are being installed on. The root certificate used to generate the SSL certificate for update.cylance.com was changed in mid 2018 to be signed by a root with the thumbprint a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c5436. This root certificate was added in Microsoft updates:
  • KB4054518 for Windows 7
  • KB4054519 for Windows 8.1
  • KB4054517 for Windows 10

Launch Date - March 3, 2022

Changes in this release:

New Features

  • Memory protection enhancements
    • Memory Protection now uses a new code base and methodology that generates more events.
    • The Dangerous VBA Macro event (RunMacroScript) is now a memory protection event, not a script control event. This event prevents dangerous implementations within a macro. This event is not related to running scripts.

Bug Fixes

  • Microsoft SQL Server 2008 R2 stopped responding on startup.
  • Fixed an issue with WideOrbit servers and Protect Desktop script control.
  • Fixed an issue with Microsoft Dynamics and Protect Desktop script control.
  • An error occurred when launching VisionApp Remote Desktop 2011 with script control enabled.
  • Resolved an issue with LSASS Read for memory protection.
  • The 1565 agent did not properly log an action that is taken for the Remote APC Scheduled violation.

Launch Date - January 6, 2021

Changes in this release:

Upgrade File Size (approximate):

Windows: 65 MB

New Features

  • Not applicable.

Bug Fixes

  • Fixed an issue where device User accounts had certain permissions that could be leveraged by using SQLite to compromise the endpoint.
  • Fixed an issue where a blue screen would occur due to a disconnect between the driver and updater service.
  • Fixed an issue when memory protection was enabled where the process exit callback did not allow the process exit routine to complete resulting in the server stopping responding.
  • Device User accounts had certain permissions that could be leveraged by using SQLite to compromise the endpoint. This agent version has modified permissions that are implemented to resolve the issue.
  • Fixed an issue where Syslog notifications for past threats were reported after upgrading to agent 1560.

Known Issues:

  • If a signed file in a bundle is determined to be bad and quarantined, the file is not removed from quarantine when the certificate is added to the Global Safelist.

Workaround: Manually waive the file.

  • The Cylance service intermittently gets stuck in a "StopPending" state when cycling between a stopped and running state.

Launch Date - July 29, 2020

Changes in this release:

Upgrade File Size (approximate):

Windows: 70 MB

New Features

Unified Driver

Dell is announcing a re-architected driver for Advanced Threat Prevention that will help to facilitate future improvements.

Caution: If you are updating the agent from 1531.1 or lower to 1561.1, all previously detected files that were scored as Unsafe or Abnormal are reanalyzed. All previously detected files that were scored as Safe are not reanalyzed. This occurs due to a change seen in Agent version 1540.
 
Note: The introduction of a unified driver is a significant change to the agent architecture. Downgrading from Agent 1560 to a previous version is not recommended due to this significant change. Be aware of this change before you upgrade.

Memory Protection Wildcard Exclusions for Windows

From the Memory Actions tab (Settings > Device Policy > add/edit policy > Memory Actions), the following enhancements have been added when Excluding Executable Files:

Additional Path Support

On Windows, you can now specify the absolute file path and the previously supported relative path.

Correct: C:\Application\Subfolder\application.exe

Correct: \Application\Subfolder\application.exe

Additional Special Character Support

On Windows, the following additional special characters are also supported:

  • Any letter value followed by a colon (C:)
  • Asterisk (*)

Bug Fixes

  • Resolved an issue on Windows where the uninstaller did not remove the application folder.
  • Resolved a memory handle leak.
  • Resolved an issue where the Cylance Service requesting read access, caused a third-party product update to fail.
  • Resolved an issue where a file safe listed by certificate was initially blocked by Execution Control, and then allowed to run.
Note: This resolves issues with launching GoToAssist/GoToMeeting, where GoToAssist/GoToMeeting is safe listed by certificate.
  • Resolved an issue with some environments where file execution should not be blocked for subsequent executions when a safe cloud score is returned.
  • Resolved an issue where a network issue caused devices to not send system information initially, and the agent did not attempt to resend the system information.
  • Resolved an issue where a failure when creating the client bus connection resulted in a resource leak (for example, threads and fds).
  • Resolved an issue where an archive containing a threat had an incorrect file name.

Launch Date - September 18, 2019

Changes in this release:

Upgrade File Size (approximate):

Windows: 63 MB

New Features

  • Portable Executable (PE) Model Update
    • Extra anti-tampering features that further protect the integrity of model decisions have also been added.
    • Agent updates to 1540 have all Unsafe and Abnormal files reanalyzed.
    • Files previously scored as Safe are not rescored.

Bug Fixes

  • Not applicable.

Known Issues:

  • Not applicable.

Launch Date - August 14, 2019

Changes in this release:

Upgrade File Size (approximate):

Windows: 55 MB

New Features

  • Not applicable.

Bug Fixes

  • Resolved an issue with local executable parsing, allowing bypass of the local scoring engine.
  • Resolved an issue where the size of the Agent UI window would shrink if the DPI was set to a value other than 100%.
  • Removed case sensitivity for remote certificate validation when comparing InstallTrustedSuffix and DNS Name entries.
  • Resolved a race condition where the Advanced Threat Prevention service registered a notification callback function to add/remove devices before the object required to process add/remove notifications was constructed.
  • Resolved an issue where the agent did not detect and quarantine a hash using the local math model when the online Cloud score was unknown.
  • Resolved an order of precedence conflict that might cause a file to switch between safe/quarantined unexpectedly.
  • Updates to Cylog.log File: The Cylog.log file now has a size limit of 150 MB per log file.
    • Once a log file reaches the 150 MB limit, the log is rolled over to a new log file. Only five old log files are retained in addition to the current log file. Log level settings such as Error, Verbose, and so on are now correctly applied to the log file.

Known Issues:

  • Not applicable.

Launch Date - April 16, 2019

Changes in this release:

Upgrade File Size (approximate):

Windows: 55 MB

New Features

  • Not applicable.

Bug Fixes

  • Resolved an issue where unhydrated PowerShell scripts were not detected by Script Control when the unhydrated script file was run.
  • Fixed an issue where a locally waived network file could not be locally quarantined or added to the global quarantine list.
  • Fixed an issue where device information was delayed in being written to the status.json file, such as threat information.
  • Script Control will not block macros in a specific edge case.
  • Fixed an issue where .txt files could not be deleted if Application Control was enabled in a policy.
  • Fixed an issue where the Advanced Threat Prevention service would stop responding when the Indexing Service placed a lock on the Agent log file while the Advanced Threat Prevention service was also attempting to open the agent log file.
  • Fixed an issue when running Windows Defender along with Advanced Threat Prevention. Issues included:
    • If Auto-Quarantine and Watch For New Files was enabled, you could not install Windows applications from the Microsoft Store.
    • When running Windows Defender along with Advanced Threat Prevention, you could experience performance-related issues.
    • If the Microsoft Anti-malware Real-Time Protection feature and Memory Protection were enabled, Outlook would stop responding and crash on Windows 8.1.

Known Issues:

  • Not applicable.

Launch Date - February 18, 2019

Changes in this release:

Upgrade File Size (approximate):

Windows: 22 MB

New Features

Advanced Threat Prevention can now use Active Directory to identify endpoints when installed on primary images that are domain connected. If the primary image is AD connected and the subsequently created pool of workstations are AD connected, you can use the command-line argument AD=1 during installation as a method to identify all devices, including the primary image.

  • When enabled, the agent queries the endpoint for the unique identifier that is assigned by AD and use it as a method to fingerprint the device.
Note: AD fingerprinting takes precedence over the VDI= installation parameter.

Bug Fixes

  • Resolved an issue where Safelist by Certificate only checked certificate information once the file was analyzed. Now, Advanced Threat Prevention attempts to collect as much certificate information as possible when initially checking whether the file is allowlisted by certificate, then collects additional information and supplements that initial certificate information.
  • Resolved an issue where the Advanced Threat Prevention service could be uninstalled on Windows.
  • Resolved an issue were duplicate Script Control events displayed for Windows macros.
  • Resolved a Memory Protection conflict with a Windows 10 LSASS dump file.
  • Added more detail to Blue Screen log errors related to convicted files.
  • Resolved a Background Threat Detection conflict with excluded folders during a Windows device restart.
  • Resolved an issue where the Advanced Threat Prevention client would continuously display "PendingManager Detected tamper" in debug logging.
  • Resolved an issue with database sanitization with the Advanced Threat Prevention agent database.
  • Resolved a Blue Screen on Windows that was related to Watch for New Files and Application Control.
  • Resolved a Memory Protection conflict with Invincea on Windows.
  • Resolved an issue where a message incorrectly showed that a scan was complete in the Advanced Threat Prevention agent UI on Windows even though the scan was not yet complete.
  • Resolved an issue with file upload on Windows causing conflict with the Advanced Threat Prevention directory.

Known Issues:

  • Script Control is not blocking Macro execution.

Launch Date - January 17, 2019

Changes in this release:

Upgrade File Size (approximate):

Windows: 19 MB

New Features

  • Microsoft’s October 2018 Update, commonly known as Windows 10 build 1809, is now supported.

Bug Fixes

  • Resolved an issue in which some devices experienced high memory usage when the Advanced Threat Prevention service was active. This occurred even when the device was assigned to a passive policy.
  • Resolved an issue where ATP attempted to scan dehydrated files on Windows 10 if Watch for New Files was enabled and the files were in a OneDrive folder that was moved.
  • Resolved an issue where a file added to the Global Quarantine List in alert mode could be executed for several seconds on Windows.
  • Resolved an issue with a Blue Screen on Windows Server 2012.

Known Issues:

  • Not applicable.

Launch Date - November 6, 2018

Changes in this release:

Upgrade File Size (approximate):

Windows: 14 MB

Bug Fixes

  • Fixed an issue with the quarantine table not properly rebuilding when database corruption is detected.
  • Fixed an issue with detecting if a file contains a certificate that results in an exception due to a long file path.
  • Fixed an issue where uninstalling caused a Blue Screen reboot loop.
  • Fixed an issue where safelist by certificate for script control fails for network paths.
  • Resolved an issue with an indefinite file lock which caused an application to stop responding on a Windows computer.
  • Fixed an issue with a Windows 10 Fall Creators Update (1709) computer experiencing a Blue Screen when using a preinstalled smartcard reader and waking the device from sleep.
  • Fixed an issue with a centroid version mismatch when the Agent database is manually deleted.
  • Fixed an issue causing delays when running a build process when files are on a network share.
  • Resolved an issue with the Microsoft Monitoring Agent and excessive script control events being created locally in the Application Event Log.

Known Issues:

  • Not applicable.

Launch Date - September 26, 2018

Changes in this release:

Upgrade File Size (approximate):

Windows: 53 MB

Bug Fixes

  • Fixed a driver issue causing Microsoft Windows apps to stop responding. This appeared to affect Microsoft Word and Microsoft Excel.
  • Resolved an issue when using a Dell Universal Dock D6000 with Device Control enabled. This would result in a Blue Screen.

Known Issues:

  • A corrupt quarantine table may not be rebuilt when auto-delete for quarantined files is enabled. Impacted devices are still protected.
  • Impacted devices see quarantine actions that are looping repeatedly and quarantined files are created with a *.quarantine.quarantine.quarantine.quarantine (and so on) extension. This issue is under investigation by Dell and its partners.

Launch Date - July 5, 2018

Changes in this release:

New Features:

VDI Fingerprinting for Non-Persistent Virtual Machines

With the increased adoption of virtual desktops, the ability to consistently identify nonpersistent devices with a unique fingerprint has been introduced. This enables the ability to run your pool of clones knowing that as each one is refreshed; Dell Endpoint Security Suite Enterprise or Dell Threat Defense will retain the device identification.

When installing Dell Threat Defense version 149x (or later) on a primary Image, use the install parameter VDI=1 to inform the Agent during install that it will be running in a pool of cloned images. This enables the Agent to recognize each clone as a unique device and persist their identification when they refresh.

Dell Endpoint Security Suite Enterprise managed devices should follow the suggestions that are outlined within How to incorporate Dell Encryption / Dell Data Protection Encryption in a Windows sysprepped image for VDI Usage and Endpoint Security Suite Enterprise Support for VDI v1.3 from https://www.dell.com/support/home/product-support/product/dell-dp-endpt-security-suite-enterprise/docs.

Note: The VDI fingerprinting for nonpersistent virtual machines is designed for VMware products and works with Windows endpoints.

Script Control - Using Wildcards in Exceptions

Adding exceptions for dynamic scripts that are run from a specific directory location or for a script that is run from multiple different user folders is now possible with the addition of using wildcards in Script Control exceptions. As an example for both, you can use the token "*" in the exception path to ensure it covers your variants.

/users/*/temp covers:
     \users\john\temp
     \users\jane\temp

/program files*/app/script*.vbs covers:
    \program files(x86)\app\script1.vbs
    \program files(x64)\app\script2.vbs
    \program files(x64)\app\script3.vbs

For more information about using wildcards in Script Control exceptions, see How to Add Exclusions in Dell Endpoint Security Suite Enterprise.

Enhancements

Windows 10 Version 1803 (Redstone 4) Support. The agent is now compatible to install and run on Windows 10 devices with version 1803 (April 2018 Update), code named "Redstone 4."

Upgrade File Size (approximate):

Windows: 137 MB

Bug Fixes

  • Fixed OneDrive local folder analysis issue.
  • Fixed Global Quarantine list issue on Windows.
  • Resolved Windows issue with Azure VM agent installation.
  • Fixed file path issue for Quarantine.
  • Fixed process injection on Windows.
  • Resolved Windows 10 Agent UI crash.
  • Resolved a CylanceSvc crash due to a service automatic restart failing.
  • Fixed a driver filename function on Windows which caused a Blue Screen.
  • Fixed a service restart due to proxy connection time-out.

Known Issues

A corrupt quarantine table may not be rebuilt when auto-delete for quarantined files is enabled. Impacted devices are still protected. Impacted devices see quarantine actions that are looping repeatedly and quarantined files are created with a *.quarantine.quarantine.quarantine.quarantine (and so on) extension. This issue is under investigation by Dell and its partners.

Launch Date - June 18, 2018

Resolved Issues

Resolved an issue with an Escalation of Privileges Vulnerability within the Advanced Threat Prevention component. More information is available here: Dell Endpoint Security Suite Enterprise and Dell Threat Defense Escalation of Privileges Vulnerability.

Launch Date - May 2, 2018

Changes in this release:

New Features:

Windows 10 version 1709 (Fall Creators Update)

The Agent is now compatible to install and run on Windows 10 devices with version 1709 (Fall Creators Update), codenamed Redstone 3. Windows began the roll-out of the Windows 10 Creators Update in October 2017. While earlier versions of the ATP Agent supported Windows 10 version 1709, we are announcing compatibility by adding detection for OneDrive files.

Resolved Issues:

  • Resolved an Agent service startup issue on Windows.
  • Resolved a slow boot time issue with Memory Protection.
  • Fixed a black screen issue during boot up on Windows devices.
  • Resolved an incorrect filename issue with Japanese language filenames in the Agent logs.
  • Resolved an issue with analyzing files using a temporary folder by moving the analysis to folders in the Cylance directory.
  • Resolved a Memory Protection issue with Windows Modern Applications.
  • Resolved Disconnected Mode issue related to Script Control being disabled.
  • Fixed the ability to delete a read-only file from the quarantine folder.
  • Resolved a WMI registration issue when installing the Agent on a Windows device.
  • Resolved an incorrect Threat Status information from a WMI query.
  • Fixed a local database issue with updating file certificate information.
  • Resolved a Flash Application Player issue with Memory Protection.
  • Fixed incorrect Italian language translations in the Agent user interface.
  • Resolved an Application Control exclusion path issue.
  • Fixed an issue with re-analysis of a remote file when a copy does not exist locally.
  • Resolved an issue with Google Drive File Stream with Script Control enabled.
  • Device name may be displayed as "Unknown" in the Dell Security Management Server while in Disconnected Mode.
  • Fixed waiving files as an Administrator in the Agent UI.
  • Resolved Disconnected Mode issue when quarantining a threat file hash using the command line.
  • Resolved re-analysis by file type during a local model update.
  • Resolved a policy issue with Disconnected Mode on Windows.
  • Running executables from a network location with Fusion ioVDI on Windows VDI devices may result in a "Windows cannot access the specified device, path, or file." error message.
  • Fixed Disconnected Mode displaying on the system tray icon when reconnected to the Management Console and cloud.
  • Resolved an issue with Memory Protection and SysWow64 applications.

Technical Advisories:

  • For Windows 10 version 1709 (Fall Creators Update), the Watch For New Files feature does not work with OneDrive when file statuses change from "Online-only file" to "Locally available file."

Launch Date - April 16, 2018

Changes in this release:

New Features:

  • Safelist Scripts by hash and certificate.
    1. Log in to the Dell Data Security console.
    2. Go to Populations -> Enterprise -> Advanced Threats
    3. Select the "Scripts" tab.
    4. Select one or more scripts from the list.
    5. Click Safe. These scripts are now added to the Global Safelist.

Resolved Issues:

  • Added functionality to exclude _unknown_document_path_ from being blocked by Script Control.
  • Fixed an issue with slow boot times if a device is unregistered and offline.
  • Added additional_file_info field information for quarantined files by adding the file hash to the Global List.
  • Fixed an issue with device being offline.
  • Fixed an issue with Copy File Samples with a long file path.
  • Fixed an issue with the Policy Last Updated date and time that is displayed in the About message on the Agent.
  • Fixed the Agent UI where Category and Event displayed English instead of Japanese for the localized user-interface.
  • Fixed an issue where turning on Watch For New Files would cause Windows Explorer folder renaming to intermittently fail.
  • Fixed an issue with the threat file hash not being removed from the user information when the threat is quarantined.
  • Fixed an issue with a long boot delay when the Agent is installed on a Windows 7 system.
  • Resolved an inconsistent communication issue to the Console after a service restart on Windows devices.
  • Fixed a log entry duplication issue on Windows devices.
  • Fixed an issue with Windows driver caching.
  • Resolved a SysWow64 application crash on Windows 10 devices.
  • Fixed an installation error on Windows devices due to an incorrect registry value.
  • Resolved a policy name display issue when it contains a large number of characters.
  • Resolved duplicate Windows 10 devices in the Console due to an operating system update changing the operating system SerialNumber.
  • Fixed an invalid memory access issue on Windows Server 2012 R2 devices.
  • Resolved a local database issue causing services to not start on Windows Server 2012 R2 devices.
  • Fixed an issue when adding a certificate and enabling Executable and Script in the settings.

Technical Advisories:

  • Advanced Threat Prevention does not support scanning hydrated files from Microsoft OneDrive. Dell and its vendors are working on adding support for files that are hydrated on the device from OneDrive and expect this feature to be added in an upcoming release.
    • Hydrated files pertain to files downloaded with the OneDrive On-Demand feature on the computer, introduced in Windows 10 1709 (Fall Creators Update).
  • Due to enhancements introduced in this release, some 32-bit applications may require Compatibility Mode if Memory Protection or Script Control are enabled. For more information about Compatibility Mode, reference this KB article: How to Enable Compatibility Mode for Application Issues with Dell Threat Defense and Dell Endpoint Security Suite Enterprise.
  • Dell has seen reports from the field that a Blue Screen of Death can occur when Dell's Advanced Threat Prevention 1471 and Trend Micro OfficeScan 11.0 Service Pack 1 Critical Patch 6054 are installed and Dell's Advanced Threat Prevention Memory Protection, Script Control, or both are enabled. Analysis is showing a bug check of INVALID_PROCESS_DETACH_ATTEMPT related to Trend Micro drivers (tmcomm, tmactmon, tmevtmgr) being present in the stack. Dell's Advanced Threat Prevention drivers are not present in the stack. Compatibility Mode resolves this issue if Memory Protection or Script Control are enabled. Reports from the field indicate that Trend Micro is recommending customers upgrade the OfficeScan product to a version that is certified for Windows 10. For more information about Compatibility Mode, go to this link: How to Enable Compatibility Mode for Application Issues with Dell Threat Defense and Dell Endpoint Security Suite Enterprise.

Launch Date - Starting December 18, 2017

Changes in this release:

Fixes:

  • Resolved a Memory Defense issue with Windows operating systems and LSASS.
  • Fixed Copy Files Sample issue on Windows 10 devices.
  • Fixed an issue with an unsafe file being allowed by the Windows Catalog.
  • Fixed misspelling Quarantined in the Windows log entry.
  • Added improved error logging for offline updater failing due to Windows corrupted temp folder.
  • Resolved an Application Control Exclusion issue with Windows POSReady7.
  • Resolved a performance impact on Windows devices when using Memory Protection or Script Control and Oracle Smart View.
  • Created a log entry warning for a driver mismatch situation.
  • Resolved an Alert value error in Windows Event Log reporting.
  • Fixed attachment method for Windows VirtualBox device driver volume configuration.
  • Resolved an issue within Kill Unsafe Processes for a quarantined file.
  • Resolved a Safelist by Certificate thumbprint issue.
  • Resolved an issue with Memory Protection Stack Pivot detection.
  • Fixed an issue with slow copying of files over the network on Windows devices.
  • Resolved a failed x64 process start after an Agent update on Windows devices.
  • Resolved an intermittent issue preventing Offline Mode after reboot with the network connection disabled.
  • Fixed an issue with logs being resent to the Management Console after Windows restarts.
  • Resolved an issue with the Agent EXE installer requiring .NET Framework 4.0 to be installed on the device. The Agent requires .NET Framework 3.5 or higher.
  • Fixed an issue with long file path quarantines on Windows devices.
  • Resolved an issue with Memory Protection not reporting an event (on first time) if the service restarts.
  • Fixed Windows Memory Protection to respect file exclusions set in a policy.
  • Fixed an issue where it would take an extended period to reach the Windows login screen. During that time only a black screen appears.

Technical Advisories:

  • Advanced Threat Prevention does not support scanning hydrated files from Microsoft OneDrive. Dell and its vendors are working on adding support for files that are hydrated on the device from OneDrive. Expect this feature to be added in an upcoming release.
    • Hydrated files pertain to files downloaded with the OneDrive On-Demand feature on the computer, introduced in Windows 10 1709 (Fall Creators Update).

Launch Date - August 28, 2017

Changes in this release:

Note: This Agent update contains a new model which triggers a rescore of all files on a device.
 
Note: This is a relaunch of the 2.0.1451 client due to a stop-ship issue. Dell pulled the 2.0.1451.6 client due to an rare workflow that could cause a black screen on a new install. New installs were not offered with 2.0.1451.6, and the issue was identified before it could have been experienced.

Enhancements:

  • The 1450 release contains a new local model in addition to what is currently available in the cloud. This enables Dell Endpoint Security Suite Enterprise to scan and act on files with the latest model, regardless of connectivity to the cloud.

Fixes:

  • Resolved an issue with re-uploading log files after a device restart.
  • Resolved an issue with Fusion ioVDI on Windows VDI devices when attempting to execute a file from a network share.
  • Fixed an issue with a cache file growing when there are files without a cloud model score.
  • Resolved an issue with the device fingerprint.
  • Resolved an issue with a Memory Protection LSASS read violation.
  • Fixed the silent install providing a dialog box to device user.
  • Added Prevent Service Shutdown from Device log message to the Informational log on a Windows device.
  • Fixed an issue with GoLang 1.8, PostgreSQL, and Terraform.
  • Resolved an issue with the config.xml file causing memory consumption issues.

Launch Date - July14, 2017

Fixes in this release:

Enhancements:

  • Support for Windows 10 Creator Update (version 1703 - Redstone 2). Agent 1440 supports the Windows 10 Creator Update.

Fixes:

  • Resolved a Windows CPU usage spike when Memory Protection is enabled.
  • Fixed a Memory Protection compatibility issue with the CyFIR product when CyFIR is running in secure mode.
  • Fixed a Memory Protection issue that terminated a Java-based application running from a web browser.
  • Resolved unknown Microsoft Word macro path when the document is not stored locally.
  • Fixed a SysWow64 injection issue on Windows when Compatibility Mode is enabled.
  • Resolved an unknown path issue when Script Control is enabled with Windows Macros set to Block.
  • Resolved a Windows detection issue for threats located inside long file path directories.
  • Fixed an issue with too many 429 responses from the Console when running the Agent or Centroid updaters.
  • Fixed an issue with a quarantined file not displaying on the Quarantine List in the Agent UI when the file is quarantined by hash using the command line.
  • Fixed an issue with the Agent not prompting the user to confirm uninstalling the product when using Uninstall a Program from the Control Panel.
  • Resolved a failed signature check on Windows.

Launch Date - May 31, 2017

Fixes in this release:

Enhancements:

  • Quarantine File Time Threshold - Console Administrators now have the ability to automatically delete quarantined files from an Agent after a specified number of days (the minimum being 14). When enabled, the Endpoint Security Suite Enterprise client automatically deletes these files after the designated time. The number of days starts with when the file was first quarantined. If this feature is not enabled, the quarantined files remain on the device until the quarantined files are manually deleted.
Note: This is configurable in a policy with the Dell Data Protection Server version 9.7 or later.

Fixes:

  • Fixed an issue with a steady memory increase on a Windows device when Memory Protection is enabled.
  • Resolved an issue with a Console server error when a Windows UUID is zero.
  • Resolved an issue with the Agent sending duplicate Syslog events to the Console.
  • Fixed an issue when recalculating the fingerprint for a Windows device.
  • Added the ability to quarantine a single hash from the Windows command line.
  • Fixed an issue with the Agent only using the local model to score files when a transparent proxy is detected, which can produce excessive log file sizes.
  • Resolved an issue with HitmanPro causing a Blue Screen.
  • Fixed a bad request to the Console that was causing events to not transmit.
  • Fixed the Application Control feature not functioning properly in Disconnected Mode on a Windows device.
  • Resolved a potential memory corruption issue in Windows that is related to Memory Protection.
  • Fixed an issue with a Windows native service during service start-up.
  • Fixed failed initialization of analysis due to a Windows exception.
  • Fixed a start-up driver issue that was causing a Windows exception.
  • Fixed an issue with Windows Security Center failing to turn off or on when the service stops or starts.
  • Fixed an issue causing waived threats to re-quarantine on Windows devices.

Launch Date - April 6, 2017

Fixes in this version:

Enhancements:

  • Transport Layer Security 1.2 - Agent version 1421 has been enhanced to support the latest authentication encryption standards. Device communication to the SaaS utilizes the methods for security as outlined in TLS 1.2, which is the latest web standard.
  • Important: Agent version 1421 only uses TLS 1.2 if the device used .NET Framework 4.5 or higher.
  • Script Control - Scripts that are commonly associated with the Microsoft Monitoring Agent are allowlisted in Agent version 1421. This reduces the volume of Script Control events, which enables customers to concentrate on unknown scripts that are running in their environment.

Fixes:

  • Fixed an issue where the Agent communicated using SSL 3.0 or TLS 1.0 only.
  • Fixed an issue with a Windows device failing to generate a fingerprint.
  • Resolved issue with Microsoft Word template file not being recognized when added to the allowlist.
  • Fixed an issue with the Windows operating system version incorrectly being reported to the Console.
  • Fixed an issue with the false detection of Nsight drivers on Windows devices.
  • Fixed an issue on Windows x64 devices where a malicious payload detection was causing crashes upon exit.
  • Fixed an issue with 64-bit Java applications crashing.
  • Fixed an issue where the CPU would spike with integration service on a Windows device.
  • Resolved an issue with an inconsistency on start-up on a Windows device.
  • Resolved Blue Screen due to exception issue with Device Control when using display port.
  • Resolved an issue with the Auto-Quarantine feature preventing the EventPro application user-interface from launching on a Windows device.
  • Resolved an issue with the Agent sending duplicate Syslog events to the Console.
  • Fixed an issue where the Agent could cause 32-bit Java applications to crash on Windows devices.
  • Fixed Script Control to not block a Microsoft Windows 10 script.
  • Fixed an issue where installing the Agent MSI package using the command line without including the installation token that is resulted in the Agent requiring an uninstall password and the Agent could not be uninstalled.
  • Fixed an issue where a USB device was not being blocked upon first use on Windows XP and Windows Server 2003 devices when Device Control was enabled and set to Block.
  • Fixed an issue with Device Control events to generate a serial number when a USB mass storage device is disabled then enabled on a Windows device.
  • Fixed duplication of Device Control events for iOS USB connection to a Windows device.
  • Fixed duplication of Device Control events for Android USB connection to a Windows device.
  • Fixed an issue with the event log on a Windows device to include the device serial number for iOS devices.
  • Fixed an issue with the Application Control folder exclusions to prevent portable executable (PE) files from manually being moved on a Windows device.
  • Fixed an issue that was causing threat files to be quarantined from a macOS Samba SMB-mounted drive.
  • Fixed an issue with the ability to recognize a trailing backslash in Application Control folder exclusions on a Windows device.
  • Fixed an Application Control issue with the ability to copy a file from a non-excluded folder to an excluded folder on a Windows device.
  • Fixed an issue with the Optics to only upload Windows logs that have not been uploaded before.
  • Fixed an issue with the ability to downgrade the local cloud model on macOS devices.
  • Fixed an issue with Device Control events to include the detection of USB floppy drives on Windows devices.
  • Fixed an issue with duplicated Device Control events being generated when connecting a USB drive to a Windows device.
  • Fixed an issue with the event log on a Windows device to include the device serial number when connecting a USB device to a VMware Workstation instance.
  • Fixed an issue with the event log on a Windows device to include the device serial number for an Apple iPad.
  • Fixed an issue with the event log on a Windows device to include the serial number for Canon cameras.
  • Fixed an issue with scanning folders that are externally mounted to a macOS device, where the file is not local.
  • Fixed an issue with the rate that the Agent checks the status of the cloud model when the Console communication is not responsive.
  • Fixed an issue with the Visual Studio App Simulator from being blocked as an exploit on macOS devices.
  • Fixed an issue with the timer to add a random buffer for checking in to the Console after a connection is reestablished.
  • Fixed a Windows issue where memory allocated to fields in DEVFLT_CONTEXT are not freed.
  • Fixed an issue where the uploader repeats when the upload limit is reached.
  • Updated the localization files to ensure translations work on OS X El Capitan.
  • Fixed a Windows boot issue when the Console is unavailable.
  • Fixed an issue where the uploader repeats when the upload limit is reached.
  • Updated the localization files to ensure translations work on OS X El Capitan.
  • Fixed a Windows boot issue when the Console is unavailable.
  • Fixed an issue with the macOS Sierra Beta build crashing the Agent UI.
Note: Web Proxies will be honored without having to manually set a proxy server by registry.

Auto-Update Launch Date - March 6, 2017

Download launch version and date - Not applicable.

Fixes in this version:

  • macOS Sierra Support
  • Memory Protection enhancements
  • Resolved a compatibility issue between Memory Protection and Windows 10 Credential Guard.
  • Fixed an issue where Windows Security Center registration fails when installing the Agent using GPO.
  • Fixed an issue where files add to the Global Safelist were not properly waived by the Agent.
  • Fixed an issue to ensure that the quarantined files remain quarantined, even if multiple copies of the file in question get copied to the computer.
  • Fixed an issue where the ScriptCache folder was consuming too much disk space if Script Control for Office Macros was enabled. Office documents are no longer cached as part of ScriptCache; only ActiveScript and PowerShell scripts are cached.
  • Fixed an issue to ensure that on-demand scans are using both the Local model and Cloud lookups, as with background scans.
  • Resolved a compatibility issue between Memory Protection and Remote Desktop on Windows 8 systems.
  • Fixed an issue where the Agent does not attempt to redeliver device system information to the Console if the send operation times out.
  • Fixed an issue to allow Script Control exceptions for web-based locations.
  • Fixed an issue to ensure that the Background Threat Detection status is accurately reported.
  • Fixed an issue where the Agent may not properly send the file hash to the Console, resulting in an error in the Console.
  • Fixed an issue where the Agent does not properly register with the Console if the Agent is installed without network access.
  • Resolved a compatibility issue between Memory Protection and Passport.
  • Resolved a compatibility issue between Memory Protection and NVIDIA Nsight.
  • Fixed an issue where Agents that are deleted from the Console would still attempt to connect to the Console to upload Agent logs.
  • Resolved a compatibility issue between Memory Protection, Auto-Quarantine (AQT) and Novell Zenworks Logger.
  • Fixed an issue where the ATP service was not properly starting on devices using .NET 4 Client Profile.
  • Fixed an issue where the macOS Agent and Windows installation would not accept the Installation Token if the device is offline.
  • Fixed an issue where the macOS Agent blocked the Xcode debugger from running.
  • Fixed an issue where the Windows operating system version was incorrectly reported, causing issues with Zone Rules.
  • Fixed an issue to ensure that Auto-Update properly updates both the Agent and Optics.
  • Resolved an issue where the Agent was not updating Optics with the Device ID if Optics was installed before Agent registration with the Console.
  • Fixed an issue to ensure that Local models are fully loaded before scanning files.
  • Fixed an issue to ensure that USB devices encrypted with BitLocker can be accessed.
  • Fixed an issue where Optics was not properly updating the product version number in Add/Remove Programs.
  • Fixed an issue where macOS Agents will repeatedly try to upload a file to the Console even if the file is too large to upload.
  • Fixed an issue where the Windows theme would crash when the device starts.
  • Fixed an issue where Watch For New Files was not properly working for long file paths on macOS computers.
  • Fixed an issue where Watch For New Files was incorrectly scanning mounted network drives on macOS computers.
  • Resolved a compatibility issue with macOS Sierra and Time Machine on non-Apple network attached storage.
  • Fixed an issue where certain file paths were causing issues for Script Control exclusions.
  • Fixed an issue where Memory Protection was not working properly on macOS computers.
  • Resolved an issue in Windows 8 where ATP would appear as expired under certain circumstances.

Auto-Update Launch Date - February 2, 2017

Download launch version and date - Dell Endpoint Security Suite Enterprise 1.6.0 - February 2, 2017.

Fixes in this version:

  • Fixed an issue where the user-interface notifications were not properly working for archived files.
  • Fixed an issue with updating the Agent.
  • Fixed an issue where Alternate Data Streams (ADS) filenames were not properly handled.
  • Fixed an issue where some Memory Protection and Script Control events were not properly sent to the Console.
  • Fixed an issue where the Agent UI would display erroneous text that is caused by the localization language folders not deploying correctly to the Cylance directory and being absent from the directory.
  • Increased the detail available in the debug logs.
  • Fixed an issue to properly waive files contained within archives.
  • Fixed an issue where files that are allowlisted by certificate are incorrectly labeled as "catalog."
  • Fixed an issue where a portable executable (PE) file could be copied onto a device with Application Control enabled.
  • Fixed an issue where threats are blocked but not properly terminated (killed) in some OS X environments.
  • pdated Memory Protection to include support for Metro Apps.
  • Fixed an issue that caused a crash on the Windows Vista operating system.

Auto-Update Launch Date - October 14, 2016

Download launch version and date - Available in Auto-Update Only.

Fixes in this version:

  • Added a Zone parameter to the ATP installer. Use VENUEZONE="zone_name", where zone_name is the name of the zone you want the device to be associated with. If the zone name does not exist, it is created. The device is assigned to this zone, and the Default policy is applied.
  • Added Script Control for Office Macros (Alert or Block).
  • Allow organizations to change the Help/FAQ URL in the Agent UI.
  • Added additional information to the Agent status file. The file now includes: Last Background Scan, Drivers Scanned and Last Communicated Timestamp
  • Added support for detecting 32-bit PowerShell and Active Script processes on 64-bit operating systems.
  • Improved the Agent LDAP lookup query.
  • Fixed an Agent installation error when the Installation Token contains spaces.
  • Reduced the frequency of WMI state logs in Not Verbose mode.
  • Include archive files in the Daily Upload Limit and only log one upload limit exceeded message per day, once the threshold is met.
  • Fixed an issue where a high volume of Script Control events coming from thousands of devices placed an extreme load on domain controllers.
  • Fixed an issue with Memory Protection incompatibilities with BeyondTrust PowerBroker and AppSense.
  • Fixed an issue with Microsoft PowerPoint 2016 not launching on a Windows 10 computer when Memory Protection is enabled.
  • Fixed an issue with Citrix users unable to log on after installing ATP on the server.
  • Default PowerShell install folders are now excluded by default.
  • Local Model for OS X introduced (previously it was cloud-only).
  • Support for File-Based Write Filters
  • Localized client UI
  • Addressed an issue where enabling Memory Protection on Windows Server 2012 with vShield resulted in a black screen on Remote Desktop (RDP) login or logout.
  • Fixed an issue where the OS X Agent would terminate processes due to a DYLD injection trigger.
  • Increased the details for OS X Memory Protection events for information mode logging.
  • Addressed an issue where attaching Microsoft Word files to email messages took longer than expected when Watch for New Files was enabled.
  • Fixed an issue to properly report the Background Threat Detection status in the Agent UI and Console.
  • Improved verbose logging details for certificate checking on OS X Agents.
  • Addressed conflicts with the Luminex driver.
  • Addressed an issue to handle a corrupt database gracefully.
  • Fixed an issue to prevent file execution before the ATP service starts up and that renaming the ATP directory cannot be used as a method to prevent ATP from starting.
  • Fixed an issue where Memory Protection prevented OS X apps from running in Xcode.
  • Addressed an issue to better normalize file paths for Memory Protection.
  • Improved the signature verification process.
  • Fixed an issue with process IDs (PID).
  • Fixed an issue with MiraCast Wi-Fi Direct on a Microsoft Windows 10 computer running the Agent.
  • Fixed an issue when removing a Logitech webcam from a computer running the Agent.
  • Fixed an issue with the OS X Agent where some threats in the Global List were not properly terminated.
  • Fixed an issue with the Microsoft Windows 10 Anniversary Edition (build 1607) and the Agent.
  • Fixed an issue where no event was reported to the Console for remote script execution.
  • Fixed an issue where changing the Copy File Samples path in a policy in the Console would not update the path in the Agent.
  • Fixed an issue where the OS X Agent UI would not show the file path when Background Threat Detection was enabled.
  • Fixed an issue where Agents in Disconnected Mode were not properly updating.
  • Fixed an issue where enabling Memory Protection would cause a black screen to display when a user logged in to the device.
Note: This version includes a change to the math model that is used for the detection and conviction of malware and threats. For more information about these changes, reference:
Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.
For more information about how to understand what these changes have done, reference:
Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.

Auto-Update Launch Date - July 27, 2016

Download launch version and date - DDP | ESSE 1.4.0 - July 27, 2016.

Fixes in this version:

  • Updated the ATP Windows installer (.msi and .exe) to bypass anti-virus registration and allows running ATP and Microsoft Defender on the same device.
  • Fixed an issue where users could not use Remote Desktop Protocol (RDP) when RemoteFX was enabled.
  • Fixed an issue where the Agent log file would grow in size due to excessive logging. This issue occurred when a tenant reached its daily file upload limit and the Agent would continue to attempt to upload, failing, and causing the log file to grow with excessive entries. Now when the daily upload limit is reached, the Agent will attempt to upload the file the next day.
  • Fixed an issue where Safelist by Certificate was not working if the file was compressed (zipped).
  • Fixed an issue with Watch For New Files and saving files to a network share.
  • Fixed an issue with Distributed File System Replication (DFSR) and Remote Differential Compression (RDC) running on the same device that is also running ATP.
  • Changed the default setting for threat popups to Disabled.
  • Fixed an issue with the OS X Agent getting stuck in a loop while trying to update.
Note: This version includes a change to the math model that is used for the detection and conviction of malware and threats. For more information about these changes, reference:
Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.
For more information about how to understand what these changes have done, reference:
Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.

Auto-Update Launch Date - Not applicable.

Download launch version and date - DDP | ESSE 1.0.0 - April 14, 2016.

Fixes in this version - Not applicable - Product Launch Version

Launch Date - January 6, 2021

Changes in this release:

Upgrade File Size (approximate):

macOS: 49 MB

New Features

  • macOS Catalina Support
    • 10.15, all editions

Bug Fixes

  • [CHP-7143] - Fixed an issue where events were not cleared on macOS computers after the CylanceUI process was restarted.
  • [CHP-7542, CHP-7732] - Fixed an issue with some environments where file execution should not be blocked for subsequent executions when a safe cloud score is returned.
  • [CHP-7547] - Fixed an issue where a network issue caused devices to not send system information initially, and the Agent did not attempt to resend the system information.
  • [CHP-7571] - Fixed an issue with reporting inconsistencies to the Console for threats found on a device.
  • [CHP-7815] - Fixed an issue where an archive containing a threat had an incorrect file name.

Known Issues:

  • [CHP-8091] - Potential network slowness while launching application remotely through a network share.
  • [CHP-8082] - After upgrading to 1560 previous threat events may be relayed to your SIEM receiver.
  • [CHP-7509] - On macOS Catalina devices, the Cylance logo may not display on the Cylance UI About page or Installation Token prompt dialog box.
  • [CHP-8014] - On older releases of macOS, updating from Agent 1541 releases to Agent 1561 succeeds, but there is a bug that causes the Agent 1560 UI to be nonfunctional. This issue is resolved in Agent 1581.
    • Affects: El Capitan - 10.11, Yosemite - 10.10, Mavericks -10.9

Launch Date - November 6, 2020

Changes in this release:

Upgrade File Size (approximate):

macOS: 49 MB

New Features

  • macOS Catalina Support
    • 10.15, all editions

Bug Fixes

  • [CHP-7143] - Fixed an issue where events were not cleared on macOS computers after the CylanceUI process was restarted.
  • [CHP-7542, CHP-7732] - Fixed an issue with some environments where file execution should not be blocked for subsequent executions when a safe cloud score is returned.
  • [CHP-7547] - Fixed an issue where a network issue caused devices to not send system information initially, and the Agent did not attempt to resend the system information.
  • [CHP-7571] - Fixed an issue with reporting inconsistencies to the Console for threats found on a device.
  • [CHP-7815] - Fixed an issue where an archive containing a threat had an incorrect file name.

Known Issues:

  • [CHP-8091] - Potential network slowness while launching application remotely through a network share.
  • [CHP-8082] - After upgrading to 1560 previous threat events may be relayed to your SIEM receiver.
  • [CHP-7509] - On macOS Catalina devices, the Cylance logo may not display on the Cylance UI About page or Installation Token prompt dialog box.
  • [CHP-8014] - On older releases of macOS, updating from Agent 1541 releases to Agent 1561 succeeds, but there is a bug that causes the Agent 1560 UI to be nonfunctional. This issue is resolved in Agent 1581.
    • Affects: El Capitan - 10.11, Yosemite - 10.10, Mavericks -10.9

Launch Date - February 7, 2020

Changes in this release:

Upgrade File Size (approximate):

macOS: 49 MB

New Features

  • macOS Catalina Support
    • 10.15, all editions

Bug Fixes

  • Fixed an issue where a floppy drive on a VMware environment caused the Cylog.log file to grow.
  • Fixed an issue where a virtual machine would experience high memory and WAN use when the device UUID was null.
  • Fixed an issue when the CyProtectDrv failed initialization, it could not be stopped.
  • Fixed an issue where the Powershell Alert and Block feature did not work properly after upgrading to the Agent 1535(Dell Endpoint Security Suite Enterprise)/1536(Dell Threat Defense) security upgrade release.
  • Fixed an issue where file samples were not copied to a network share when "Copy File Samples" was enabled in Protection Settings under Device Policy. Dell Threat Defense ONLY
  • Fixed an issue where performing actions on a network share was reported to be very slow.

Known Issues:

  • If a signed file in a bundle is determined to be bad and quarantined, the file is not removed from quarantine when the certificate is added to the Global Safelist. This can be worked around by manually waiving the file.
  • On macOS Catalina devices, the Advanced Threat Prevention logo may not display on the Dell Endpoing Security Suite Enterprise or Dell Threat Defense UI About page or Installation Token prompt dialog box.

Launch Date - September 18, 2019

Changes in this release:

Upgrade File Size (approximate):

macOS: 43 MB

New Features

  • Portable Executable (PE) Model Update
    • Additional anti-tampering features that further protect the integrity of model decisions have also been added.
    • Agent updates to 1540 have all Unsafe and Abnormal files reanalyzed.
    • Files previously scored as Safe are not rescored.

Bug Fixes

  • Not applicable.

Known Issues:

  • Not applicable.

Launch Date - August 2, 2019

Changes in this release:

Upgrade File Size (approximate):

macOS: 22 MB

New Features

  • Not applicable.

Bug Fixes

  • On macOS, a CylanceDesktopRemoteFile folder is no longer generated during service startup. This folder was not used by these platforms.
  • Resolved an issue where an application was in the exclusion list but Memory Protection did not check the list, before reporting the DYLD injection.
  • Removed case sensitivity for remote certificate validation when comparing InstallTrustedSuffix and DNS Name entries.
  • Resolved an issue where the agent did not detect and quarantine a hash using the local math model when the online Cloud score was unknown.
  • Resolved an order of precedence conflict that might cause a file to switch between safe and quarantined unexpectedly.
  • Updates to Cylog.log File:
  • The Cylog.log file now has a size limit of 150 MB per log file. Once a log file reaches the 150 MB limit, the log is rolled over to a new log file. Only five old log files are retained in addition to the current log file. Log level settings such as Error, Verbose, and so on are now correctly applied to the log file.

Known Issues:

  • Not applicable.

Launch Date - April 16, 2019

Changes in this release:

Upgrade File Size (approximate):

macOS: 24 MB

New Features

  • Not applicable.

Bug Fixes

  • Fixed an issue where a locally waived network file could not be locally quarantined or added to the global quarantine list.
  • Fixed an issue where device information was delayed in being written to the status.json file, such as threat information.

Known Issues:

  • Not applicable.

Launch Date - February 18, 2019

Changes in this release:

Upgrade File Size (approximate):

macOS: 33 MB

New Features

  • Not applicable.

Bug Fixes

  • Resolved an issue where the Advanced Threat Prevention agent service crashed after checking for updates on macOS.
  • When using Memory Protection with Microsoft Office on macOS, block events occur preventing the copying of data from document to document.
  • Resolved an issue where the Advanced Threat Prevention client would continuously display "PendingManager Detected tamper" in debug logging.
  • Resolved an issue with old threat events duplicating in the Advanced Threat Prevention client UI.

Known Issues:

  • Not applicable.

Launch Date - January 17, 2019

Changes in this release:

Upgrade File Size (approximate):

macOS: 34 MB

New Features

  • macOS Mojave is now supported. Agent version 1511 and later support running on Mojave devices.
  • With the 1511 release, the Advanced Threat Prevention agent is now a 64-bit binary. This supports Apple’s requirement for applications running on macOS to support 64-bit.

Bug Fixes

  • Resolved an issue in which some devices experienced high memory usage when the Advanced Threat Prevention service was active. This occurred even when the device was assigned to a passive policy.

Known Issues:

  • macOS Mojave (14.04) where Microsoft Outlook Insider crashes when launching if Memory Protection is enabled. This issue appears to be occurring due to Apple's new security implementation called "hardened runtime".

Launch Date - October 31, 2018

Changes in this release:

Upgrade File Size (approximate):

macOS: 32 MB

Bug Fixes

  • Fixed an issue with the quarantine table not properly rebuilding when database corruption is detected.
  • Fixed an issue with detecting if a file contains a certificate that results in an exception due to a long file path.
  • Fixed an issue where safelist by certificate for script control fails for network paths.
  • Fixed an issue with a centroid version mismatch when the Agent database is manually deleted.
  • Fixed an issue causing delays when running a build process when files are on a network share.
  • Resolved incompatibilities with Xcode NSTask on macOS.
  • Fixed a Proxy PAC file issue for macOS El Capitan and Sierra that affected proxy communication for the Agent.

Known Issues:

  • Dell’s Advanced Threat Prevention Agent 1501 has limited compatibility with macOS Mojave (10.14). Memory Protection is not supported with this release.

Launch Date - October 4, 2018

Changes in this release:

Upgrade File Size (approximate):

macOS: 29 MB

Bug Fixes

  • Resolved a rescore issue from a centroid update.
  • Resolved an issue with a proxy PAC file on macOS.

Known Issues:

  • A corrupt quarantine table may not be rebuilt when auto-delete for quarantined files is enabled. Impacted devices are still protected.
  • Impacted devices see quarantine actions that are looping repeatedly and quarantined files are created with a *.quarantine.quarantine.quarantine.quarantine (and so on) extension. This issue is under investigation by Dell and its partners.

Launch Date - July 5, 2018

Changes in this release:

Upgrade File Size (approximate):

macOS: 26 MB

Bug Fixes

  • Fixed macOS Xcode issue with Agent.
  • Resolved macOS Kernel Memory usage incorrect value.
  • Fixed file path issue for Quarantine.
  • Fixed a macOS file upload issue for Safe files.
  • Fixed a service restart due to proxy connection time-out.

Known Issues

A corrupt quarantine table may not be rebuilt when auto-delete for quarantined files is enabled. Impacted devices are still protected. Impacted devices see quarantine actions that are looping repeatedly, and quarantined files are created with a *.quarantine.quarantine.quarantine.quarantine (and so on) extension. This issue is under investigation by Dell and its partners.

Launch Date - June 18, 2018

Changes in this release:

Resolved Issues

  • Fixed an issue that caused a kernel panic if the expected kernel.pid_max value is exceeded.

Launch Date - May 7, 2018

Fixes in this release:

Resolved Issues:

  • Fixed a gradual virtual memory increase issue on macOS.
  • Resolved a slow boot time issue with Memory Protection.
  • Resolved an incorrect filename issue with Japanese language filenames in the Agent logs.
  • Resolved an issue with analyzing files using a temporary folder by moving the analysis to folders in the Cylance directory.
  • Fixed the ability to delete a read-only file from the quarantine folder.
  • Fixed a local database issue with updating file certificate information.
  • Resolved a Flash Application Player issue with Memory Protection.
  • Fixed incorrect Italian language translations in the Agent user interface.
  • Fixed an issue with re-analysis of a remote file when a copy does not exist locally.
  • Resolved an issue with Google Drive File Stream with Script Control enabled.
  • Fixed waiving files as an Administrator in the Agent UI.
  • Resolved re-analysis by file type during a local model update.

Launch Date - March 29, 2018

Fixes in this release:

New Features:

  • The Agent 1471 release contains a new macOS local model in addition to what is currently available in the cloud. This enables Dell's Advanced Threat Prevention to scan and act on files with the latest model, regardless of connectivity to the cloud.
    • Support for centroid updates
    • Improved detection of 25+ classes and families of malware, including ransomware, backdoors, spyware, cryptocurrency miners, and fake security software.
Note: Due to the release of the new macOS local model, the Dell Advanced Threat Prevention agent re-analyzes all files that are present on the device. For more information about this, reference Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.
  • Safelist Scripts by hash and certificate.
    1. Log in to the Dell Data Security console.
    2. Go to Populations -> Enterprise -> Advanced Threats.
    3. Select the "Scripts" tab.
    4. Select one or more scripts from the list.
    5. Click Safe. These scripts are now added to the Global Safelist.

Resolved Issues:

  • Added functionality to exclude _unknown_document_path_ from being blocked by Script Control.
  • Fixed an issue with exception processing notifications for Memory Protection events on macOS.
  • Fixed an issue when cloning a remote repository with Memory Protection enabled on macOS.
  • Fixed an issue with slow boot times if a device is unregistered and offline.
  • Added additional_file_info field information for quarantined files by adding the file hash to the Global List.
  • Fixed an issue with device being offline.
  • Fixed an issue with Copy File Samples with a long file path.
  • Fixed an issue with the Policy Last Updated date and time that are displayed in the About message on the Agent.
  • Fixed the Agent UI where Category and Event displayed English instead of Japanese for the localized user-interface.
  • Fixed an issue with the threat file hash not being removed from the user information when the threat is quarantined.
  • Resolved a macOS Sierra file certificate validation issue.
  • Resolved a macOS service crash due to file upload to the Console.
  • Resolved a macOS deregistration issue.
  • Resolved a policy name display issue when it contains a large number of characters.
  • Fixed an issue when adding a certificate and enabling Executable and Script in the settings.

Launch Date - August 25, 2017

Fixes in this release:

Enhancements:

  • The macOS Agent version 1450 has been enhanced to support the latest authentication encryption standards. Device communications to the SaaS servers use the methods for security as outlined in TLS 1.2, which is the latest web standard.

Fixes:

  • Fixed a Memory Protection conflict with PostgreSQL on macOS computers.
  • Fixed an issue with a cache file growing when there are files without a cloud model score.
  • Resolved an issue with the device fingerprint.
  • Resolved an issue with the macOS Agent unregistering when Auto Delete Quarantine is enabled.
  • Fixed an exception issue with symlinks and the macOS Agent.
  • Resolved an issue with the config.xml file causing memory consumption issues.

Launch Date - July 14, 2017

Fixes in this release:

Fixes:

  • Fixed a Memory Protection issue that terminated a Java-based application running from a web browser.
  • Fixed an issue with too many 429 responses from the Console when running the Agent or Centroid updaters.
  • Fixed an issue with a quarantined file not displaying on the Quarantine List in the Agent UI when the file is quarantined by hash using the command line.
  • Fixed a tamper error when copying an archive containing a threat and adding the threat hash to the Global Quarantine list.

Launch Date - May 23, 2017

Fixes in this release:

Enhancements:

  • Quarantine File Time Threshold - Console Administrators now have the ability to automatically delete quarantined files from an Agent after a specified number of days (the minimum being 14). When enabled, the Endpoint Security Suite Enterprise client automatically deletes these files after the designated time. The number of days starts with when the file was first quarantined. If this feature is not enabled, the quarantined files remain on the device until the quarantined files are manually deleted.
Note: This is configurable in a policy with the Dell Data Protection Server version 9.7 or later.

Fixes:

  • Resolved an issue with the Agent sending duplicate Syslog events to the Console.
  • Fixed an issue with the Agent only using the local model to score files when a transparent proxy is detected, which can produce excessive log file sizes.
  • Fixed a bad request to the Console that was causing events to not transmit.
  • Fixed an issue with a Windows native service during service start-up.
  • Resolved an issue with waived threats causing the macOS Agent to display an unsafe status.

Launch Date - April 6, 2017

Fixes in this version:

Enhancements:

  • Transport Layer Security 1.2 - Agent version 1421 has been enhanced to support the latest authentication encryption standards. Device communication to the SaaS use the methods for security as outlined in TLS 1.2, which is the latest web standard.
  • Important: Agent version 1421 will only use TLS 1.2 if the device uses .NET Framework 4.5 or higher.
  • Script Control - Scripts that are commonly associated with the Microsoft Monitoring Agent are allowlisted in Agent version 1421. This reduces the volume of Script Control events, which enables customers to concentrate on unknown scripts that are running in their environment.

Fixes:

  • Fixed an issue where the Agent communicated using SSL 3.0 or TLS 1.0 only.
  • Fixed an issue with a Windows device failing to generate a fingerprint.
  • Resolved issue with Microsoft Word template file not being recognized when added to the allowlist.
  • Fixed an issue with the Windows operating system version incorrectly being reported to the Console.
  • Fixed an issue with the false detection of Nsight drivers on Windows devices.
  • Fixed an issue on Windows x64 devices where a malicious payload detection was causing crashes upon exit.
  • Fixed an issue with 64-bit Java applications crashing.
  • Fixed an issue where the CPU would spike with integration service on a Windows device.
  • Resolved an issue with an inconsistency on start-up on a Windows device.
  • Resolved Blue Screen due to exception issue with Device Control when using display port.
  • Resolved an issue with the Auto-Quarantine feature preventing the EventPro application user-interface from launching on a Windows device.
  • Resolved an issue with the Agent sending duplicate Syslog events to the Console.
  • Fixed an issue where the Agent could cause 32-bit Java applications to crash on Windows devices.
  • Fixed Script Control to not block a Microsoft Windows 10 script.
  • Fixed an issue where installing the Agent MSI package using the command line without including the installation token resulted in the Agent requiring an uninstall password and the Agent could not be uninstalled.
  • Fixed an issue where a USB device was not being blocked upon first use on Windows XP and Windows Server 2003 devices when Device Control was enabled and set to Block.
  • Fixed an issue with Device Control events to generate a serial number when a USB mass storage device is disabled then enabled on a Windows device.
  • Fixed duplication of Device Control events for iOS USB connection to a Windows device.
  • Fixed duplication of Device Control events for Android USB connection to a Windows device.
  • Fixed an issue with the event log on a Windows device to include the device serial number for iOS devices.
  • Fixed an issue with the Application Control folder exclusions to prevent portable executable (PE) files from manually being moved on a Windows device.
  • Fixed an issue that was causing threat files to be quarantined from a macOS Samba SMB mounted drive.
  • Fixed an issue with the ability to recognize a trailing backslash in Application Control folder exclusions on a Windows device.
  • Fixed an Application Control issue with the ability to copy a file from a non-excluded folder to an excluded folder on a Windows device.
  • Fixed an issue with the Optics to only upload Windows logs that have not been uploaded before.
  • Fixed an issue with the ability to downgrade the local cloud model on macOS devices.
  • Fixed an issue with Device Control events to include the detection of USB floppy drives on Windows devices.
  • Fixed an issue with duplicated Device Control events being generated when connecting a USB drive to a Windows device.
  • Fixed an issue with the event log on a Windows device to include the device serial number when connecting a USB device to a VMware Workstation instance.
  • Fixed an issue with the event log on a Windows device to include the device serial number for an Apple iPad.
  • Fixed an issue with the event log on a Windows device to include the serial number for Canon cameras.
  • Fixed an issue with scanning folders that are externally mounted to a macOS device, where the file is not local.
  • Fixed an issue with the rate that the Agent checks the status of the cloud model when the Console communication is not responsive.
  • Fixed an issue with the Visual Studio App Simulator from being blocked as an exploit on macOS devices.
  • Fixed an issue with the timer to add a random buffer for checking in to the Console after a connection is re-established.
  • Fixed a Windows issue where memory allocated to fields in DEVFLT_CONTEXT are not freed.
  • Fixed an issue where the uploader repeats when the upload limit is reached.
  • Updated the localization files to ensure translations work on OS X El Capitan.
  • Fixed a Windows boot issue when the Console is unavailable.
  • Fixed an issue where the uploader repeats when the upload limit is reached.
  • Updated the localization files to ensure translations work on OS X El Capitan.
  • Fixed a Windows boot issue when the Console is unavailable.
  • Fixed an issue with the macOS Sierra Beta build crashing the Agent UI.

Auto-Update Launch Date - March 2, 2017

Download launch version and date - Available in Auto-Update Only.

Fixes in this version:

  • macOS Sierra Support
  • Memory Protection enhancements
  • Resolved a compatibility issue between Memory Protection and Windows 10 Credential Guard.
  • Fixed an issue where Windows Security Center registration fails when installing the Agent using GPO.
  • Fixed an issue where files added to the Global Safelist are not properly waived by the Agent.
  • Fixed an issue to ensure that the quarantined files remain quarantined, even if multiple copies of the file in question get copied to the computer.
  • Fixed an issue where the ScriptCache folder was consuming too much disk space if Script Control for Office Macros was enabled. Office documents are no longer cached as part of ScriptCache; only ActiveScript and PowerShell scripts are cached.
  • Fixed an issue to ensure that on-demand scans are using both the Local model and Cloud lookups, as with background scans.
  • Resolved a compatibility issue between Memory Protection and Remote Desktop on Windows 8 computers.
  • Fixed an issue where the Agent does not attempt to redeliver device system information to the Console if the send operation times out.
  • Fixed an issue to allow Script Control exceptions for web-based locations.
  • Fixed an issue to ensure that the Background Threat Detection status is accurately reported.
  • Fixed an issue where the Agent may not properly send the file hash to the Console, resulting in an error in the Console.
  • Fixed an issue where the Agent does not properly register with the Console if the Agent is installed without network access.
  • Resolved a compatibility issue between Memory Protection and Passport.
  • Resolved a compatibility issue between Memory Protection and NVIDIA Nsight.
  • Fixed an issue where Agents that are deleted from the Console would still attempt to connect to the Console to upload Agent logs.
  • Resolved a compatibility issue between Memory Protection, Auto-Quarantine (AQT) and Novell Zenworks Logger.
  • Fixed an issue where the ATP service was not properly starting on devices using .NET 4 Client Profile.
  • Fixed an issue where the macOS Agent and Windows installation would not accept the Installation Token if the device is offline.
  • Fixed an issue where the macOS Agent blocked the Xcode debugger from running.
  • Fixed an issue where the Windows operating system version was incorrectly reported, causing issues with Zone Rules.
  • Fixed an issue to ensure that Auto-Update properly updates both the Agent and Optics.
  • Resolved an issue where the Agent was not updating Optics with the Device ID if Optics was installed before Agent registration with the Console.
  • Fixed an issue to ensure that Local models are fully loaded before scanning files.
  • Fixed an issue to ensure that USB devices encrypted with BitLocker can be accessed.
  • Fixed an issue where Optics was not properly updating the product version number in Add/Remove Programs.
  • Fixed an issue where macOS Agents will repeatedly try to upload a file to the Console even if the file is too large to upload.
  • Fixed an issue where the Windows theme would crash when the device starts.
  • Fixed an issue where Watch For New Files was not properly working for long file paths on macOS computers.
  • Fixed an issue where Watch For New Files was incorrectly scanning mounted network drives on macOS computers.
  • Resolved a compatibility issue with macOS Sierra and Time Machine on non-Apple network attached storage.
  • Fixed an issue where certain file paths were causing issues for Script Control exclusions.
  • Fixed an issue where Memory Protection was not working properly on macOS computers.
  • Resolved an issue in Windows 8 where ATP would appear as expired under certain circumstances.

Auto-Update Launch Date - February 2, 2017

Download launch version and date - Dell 1.6.0 - February 2, 2017.

Fixes in this version:

  • Fixed an issue where the user-interface notifications were not properly working for archived files.
  • Fixed an issue with updating the Agent.
  • Fixed an issue where Alternate Data Streams (ADS) filenames were not properly handled.
  • Fixed an issue where some Memory Protection and Script Control events were not properly sent to the Console.
  • Fixed an issue where the Agent UI would display erroneous text that is caused by the localization language folders not deploying correctly to the Cylance directory and being absent from the directory.
  • Increased the detail available in the debug logs.
  • Fixed an issue to properly waive files contained within archives.
  • Fixed an issue where files that are allowlisted by certificate were incorrectly labeled as "catalog."
  • Fixed an issue where a portable executable (PE) file could be copied onto a device with Application Control enabled.
  • Fixed an issue where threats are blocked but not properly terminated (killed) in some OS X environments.
  • pdated Memory Protection to include support for Metro Apps.
  • Fixed an issue that caused a crash on the Windows Vista operating system.

Auto-Update Launch Date - November 15, 2016

Download launch version and date - 1.0.0.184 GA

Fixes in this version - Not applicable - Product Launch Version

Note: This version includes a change to the math model that is used for the detection and conviction of malware and threats. For more information about these changes, reference:
Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.
For more information about how to understand what these changes have done, reference:
Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method.

Launch Date - November 6, 2018

Changes in this release:

Upgrade File Size (approximate):

Linux: 22 MB

Bug Fixes

  • Fixed an issue with the quarantine table not properly rebuilding when database corruption is detected.
  • Fixed an issue with detecting if a file contains a certificate that results in an exception due to a long file path.
  • Fixed an issue where safelist by certificate for script control fails for network paths.
  • Fixed an issue with a centroid version mismatch when the Agent database is manually deleted.
  • Fixed an issue causing delays when running a build process when files are on a network share.

Known Issues:

  • Not applicable.

Launch Date - September 4, 2018

Changes in this release:

Upgrade File Size (approximate):

Linux: 85 MB

Bug Fixes

  • Fixed a driver issue causing Microsoft Windows apps to freeze. This appeared to affect Microsoft Word and Microsoft Excel.
  • Resolved an issue when using a Dell Universal Dock D6000 with Device Control enabled. This would result in a Blue Screen.

Known Issues:

  • A corrupt quarantine table may not be rebuilt when auto-delete for quarantined files is enabled. Impacted devices are still protected.
  • Impacted devices see quarantine actions looping repeatedly, and quarantined files will be created with a *.quarantine.quarantine.quarantine.quarantine (etc.) extension. This issue is under investigation by Dell and its partners.

Launch Date - July 10, 2018

Changes in this release:

New Features:

Script Control - Using Wildcards in Exceptions

Adding exceptions for dynamic scripts that are run from a specific directory location or for a script that is run from multiple different user folders is now possible with the addition of using wildcards in Script Control exceptions. As an example for both you can use the token "*" in the exception path to ensure it covers your variants.

/users/*/temp would cover:
    \users\john\temp
    \users\jane\temp

/program files*/app/script*.vbs would cover:
    \program files(x86)\app\script1.vbs
    \program files(x64)\app\script2.vbs
    \program files(x64)\app\script3.vbs

For more information about using wildcards in Script Control exceptions, see How to Add Exclusions to Dell Endpoint Security Suite Enterprise.

Enhancements

Red Hat Enterprise Linux 7.5 Support. We are happy to announce support for RHEL version 7.5 in the 1490 release. This package can be provided by Dell Support, or downloaded through Auto-Updates

Upgrade File Size (approximate):

Linux: 88 MB

Known Issues

A corrupt quarantine table may not be rebuilt when auto-delete for quarantined files is enabled. Impacted devices are still protected. Impacted devices will see quarantine actions looping repeatedly, and quarantined files are created with a *.quarantine.quarantine.quarantine.quarantine (and so on) extension. This issue is under investigation by Dell and its partners.

Launch Date - May 28, 2018

Fixes in this release:

Resolved Issues:

  • Resolved a slow boot time issue with Memory Protection.
  • Resolved an incorrect filename issue with Japanese language filenames in the Agent logs.
  • Resolved an issue with analyzing files using a temporary folder by moving the analysis to folders in the Cylance directory.
  • Fixed a Linux Agent safelist update issue.
  • Resolved Disconnected Mode issue related to Script Control being disabled.
  • Fixed the ability to delete a read-only file from the quarantine folder.
  • Fixed a local database issue with updating file certificate information.
  • Resolved a Flash Application Player issue with Memory Protection.
  • Resolved a Linux Agent registration issue with the Cylance Console.
  • Fixed incorrect Italian language translations in the Agent user interface.
  • Resolved an Application Control exclusion path issue.
  • Fixed an issue with reanalysis of a remote file when a copy does not exist locally.
  • Resolved a Linux memory consumption issue.
  • Fixed a Linux module unload memory consumption issue.
  • Device name may be displayed as "Unknown" in the Cylance UI while in Disconnected Mode.
  • Fixed waiving files as an Administrator in the Agent UI.
  • Resolved Disconnected Mode issue when quarantining a threat file hash using the command line.
  • Resolved an issue with applications launching with black screens on Linux.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

 

Videos

 

Article Properties


Affected Product

Dell Threat Defense, Dell Endpoint Security Suite Enterprise

Last Published Date

20 Dec 2022

Version

16

Article Type

Solution