Advanced Threat Prevention v1.3
Effective policies from the Dell Server are now automatically exported and stored in C:\ProgramData\Dell\Dell Data Protection\Policy\Policy-xxxxxxxx.xml, where "xxxxxxxx" is the sequence number of the policy. By default, the last 10 policies received from the Server are stored. To change the default number of policies stored, change the value of the following registry key. The valid range is 0 - 100.
["HKEY_LOCAL_MACHINE\SOFTWARE\Dell\Dell Data Protection]
"MaxPoliciesStored" =dword:00000010
Valid range = 0 - 100
[DDPC-4583]
Added 05/2018 - An issue resulting with a "Not Protected" message to display until the computer was rebooted has been resolved. [CYL-435]
Added 4/2017 - Resolved Technical Advisories v2.0.1421
The following issues are resolved in v1.3.1421, available when an organization is enrolled for Agent Auto Update on the Dell Server. For instructions on how to enroll, refer to AdminHelp, accessible from the Remote Management Console.
- Fixed an issue where the Agent communicated using SSL 3.0 or TLS 1.0 only.
- Fixed an issue with a Windows device failing to generate a fingerprint.
- Resolved issue with Microsoft Word template file not being recognized when added to the whitelist.
- Fixed an issue with the Windows OS version incorrectly being reported to the Console.
- Fixed an issue with the false detection of Nsight drivers on Windows devices.
- Fixed an issue on Windows x64 devices where a malicious payload detection was causing crashes upon exit.
- Fixed an issue with 64-bit Java applications crashing.
- Fixed an issue where the CPU would spike with integration service on a Windows device.
- Resolved an issue with an inconsistency on start-up on a Windows device.
- Resolved BSOD due to exception issue with Device Control when using display port.
- Resolved an issue with the Auto-Quarantine feature preventing the EventPro application user-interface from launching on a Windows device.
- Resolved an issue with the Agent sending duplicate Syslog events to the Console.
- Fixed an issue where the Agent could cause 32-bit Java applications to crash on Windows devices.
- Fixed Script Control to not block a Microsoft Windows 10 script.
- Fixed an issue where installing the Agent MSI package using the command line without including the installation token resulted in the Agent requiring an uninstall password and the Agent could not be uninstalled.
- Fixed an issue where a USB device was not being blocked upon first use on Windows XP and Windows Server 2003 devices when Device Control was enabled and set to Block.
- Fixed an issue with WMI errors occurring on Windows devices during startup and shutdown.
- Fixed an issue with Device Control events to generate a serial number when a USB mass storage device is disabled then enabled on a Windows device.
- Fixed duplication of Device Control events for iOS USB connection to a Windows device.
- Fixed duplication of Device Control events for Android USB connection to a Windows device.
- Fixed an issue with the event log on a Windows device to include the device serial number for iOS devices.
- Fixed an issue with the Application Control folder exclusions to prevent portable executable (PE) files from manually being moved on a Windows device.
- Fixed an issue that was causing threat files to be quarantined from a macOS Samba SMB mounted drive.
- Fixed an issue with the ability to recognize a trailing backslash in Application Control folder exclusions on a Windows device.
- Fixed an Application Control issue with the ability to copy a file from a non-excluded folder to an excluded folder on a Windows device.
- Fixed an issue with the Optics to only upload Windows logs that have not been uploaded before.
- Fixed an issue with the ability to downgrade the local cloud model on macOS devices.
- Fixed an issue with Device Control events to include the detection of USB floppy drives on Windows devices.
- Fixed an issue with duplicated Device Control events being generated when connecting a USB drive to a Windows device.
- Fixed an issue with the event log on a Windows device to include the device serial number when connecting a USB device to a VMware Workstation instance.
- Fixed an issue with the event log on a Windows device to include the device serial number for an Apple iPad.
- Fixed an issue with the event log on a Windows device to include the serial number for Canon cameras.
- Fixed an issue with scanning folders externally mounted to a macOS device, where the file is not local.
- Fixed an issue with the rate that the Agent checks the status of the cloud model when the Console communication is not responsive.
- Fixed an issue with the Visual Studio App Simulator from being blocked as an exploit on macOS devices.
- Fixed an issue with the timer to add a random buffer for checking in to the Console after a connection is re-established.
- Fixed a Windows issue where memory allocated to fields in DEVFLT_CONTEXT are not freed.
- Fixed an issue where the uploader repeats when the upload limit is reached.
- Updated the localization files to ensure translations work on OS X El Capitan.
- Fixed a Windows boot issue when the Console is unavailable.
- Fixed an issue with the macOS Sierra Beta build crashing the Agent UI.
Added 4/2017 - Resolved Technical Advisories v1.2.1411
The following issues are resolved in v1.3.1411, available when an organization is enrolled for Agent Auto Update on the Dell Server. For instructions on how to enroll, refer to AdminHelp, accessible from the Remote Management Console.
- Resolved a compatibility issue between Memory Protection and Windows 10 Credential Guard.
- Fixed an issue where Windows Security Center registration fails when installing the Agent via GPO
- Fixed an issue where files added to the Global Safelist were not properly waived by the Agent.
- Fixed an issue to ensure quarantined files remain quarantined, even if multiple copies of the file in question get copied to the computer.
- Fixed an issue where the ScriptCache folder was consuming too much disk space if Script Control for Office Macros was enabled. Office documents are no longer cached as part of ScriptCache; only ActiveScript and PowerShell scripts are cached.
- Fixed an issue to ensure that on-demand scans are using both the Local model as well as Cloud lookups, as with background scans.
- Resolved a compatibility issue between Memory Protection and Remote Desktop on Windows 8 computers.
- Fixed an issue where the Agent does not attempt to re-deliver device system information to the Management Console if the send operation times out.
- Fixed an issue to allow Script Control exceptions for web-based locations.
- Fixed an issue to ensure that the Background Threat Detection status is accurately reported.
- Fixed an issue where the Agent may not properly send the file hash to the Management Console, resulting in an error in the Management Console.
- Fixed an issue where the Agent does not properly register with the Management Console if the Agent is installed without network access.
- Resolved a compatibility issue between Memory Protection and Passport.
- Resolved a compatibility issue between Memory Protection and NVIDIA Nsight.
- Fixed an issue where Agents deleted from the Management Console would still attempt to connect to the Management Console to upload Agent logs.
- Resolved a compatibility issue between Memory Protection, Auto-Quarantine (AQT) and Novell Zenworks Logger.
- Fixed an issue where the Advanced Threat Protection service was not properly starting on devices using .NET 4 Client Profile.
- Fixed an issue where the Windows installation would not accept the Installation Token if the device is offline.
- Fixed an issue where the Windows OS version was incorrectly reported, causing issues with Zone Rules.
- Fixed an issue to ensure Auto-Update properly updates both the Agent and Optics.
- Resolved an issue where the Agent was snot updating Optics with the Device ID if Optics was installed prior to Agent registration with the Management Console.
- Fixed an issue to ensure that Local models are fully loaded before scanning files.
- Fixed an issue to ensure that USB devices encrypted with BitLocker can be accessed.
- Fixed an issue where Optics was not properly updating the product version number in Add/Remove Programs.
- Fixed an issue where the Windows theme would crash when the device starts.
- Fixed an issue where certain files paths were causing issues for Script Control exclusions.
- Resolved an issue in Windows 8 where Advanced Threat Prevention would appear as expired under certain circumstances.
- Fixed an issue where the macOS Agent and Windows installation would not accept the Installation Token if the device is offline.
- Fixed an issue where the macOS Agent blocked the Xcode debugger from running.
- Fixed an issue where the macOS Agents will repeatedly try to upload a file to the Management Console, even if the file is too large to upload.
- Fixed an issue where Watch For New Files was not properly working for long file paths on macOS systems.
- Fixed an issue where Memory Protection was not working properly on macOS computers.
- Resolved a compatibility issue with macOS Sierra and Time Machine on non-Apple network attached storage.
- Fixed an issue where Watch For New Files was incorrectly scanning mounted network drives on macOS computers.
Resolved Technical Advisories v1.2.1401.84
The following issues are resolved in v1.2.1401.84, available when an organization is enrolled for Agent Auto Update on the Dell Server. For instructions on how to enroll, refer to AdminHelp, accessible from the Remote Management Console.
- Increased the detail available in the debug logs.
- Fixed an issue to properly waive files contained within archives.
- Fixed an issue where files whitelisted by certificate were incorrectly labeled as "catalog."
- Fixed an issue where a portable executable (PE) file was able to be copied onto a device with Application Control enabled.
- Fixed an issue where threats are blocked but not properly terminated (killed) in some OS X environments.
- Updated Memory Protection to include support for Metro Apps.
- Fixed an issue that caused a crash on the Windows Vista operating system.
- Fixed an issue where the user-interface notifications were not properly working for archived files.
- Fixed an issue with updating the Agent.
- Fixed an issue where Alternate Data Streams (ADS) filenames were not properly handled.
- Fixed an issue where some Memory Protection and Script Control events were not properly sent to the Console..
- Fixed an issue where the Agent UI would display erroneous text caused by the localization language folders not deploying correctly to the Cylance directory and being absent from the directory.
NOTE:Agent version 1401 supports Windows 10 Anniversary Edition but does not support Device Guard or Credential Guard, optional Windows 10 security features. If these features are enabled, disable them before using the Agent.
Added 4/2017 - Resolved Technical Advisories - Auto-Updates
For information about additional periodic Advanced Threat Prevention updates for enterprises enrolled for Agent Auto Update on the Dell Server, see http://www.dell.com/support/article/us/en/19/SLN305419/dell-data-protection-endpoint-security-suite-enterprise-and-dell-data-protection-threat-defense-release-notes?lang=EN. Select the Saas Updates tab.
For instructions on how to enroll for Agent Auto Update on the Dell Server, refer to AdminHelp, accessible from the Remote Management Console.