Patch 2.4.3

Virsec Security Platform (VSP) leverages the patented Trusted Execution™ technology to protect high-value enterprise applications deployed in data center or on public and hybrid clouds, from highly sophisticated attacks including memory corruption, code injection, credential theft, supply chain and other sophisticated attacks. VSP effectively creates and enforces guardrails around the application as it executes. These guardrails ensure that applications only perform as intended and restrain bad actors from corrupting memory as a precursor to hijacking control of the application and subsequent stealing or destroying high-value enterprise data.

DATE OF RELEASEDATE OF RELEASE

6/18/2022

NEW FEATURESNEW FEATURES

The ability to define an alternate Container Name to the Process Collective Definition in the Application to help variability in the CI-CD workflows is added
VSP-Host now supports the Operating Systems: SUSE 15 SP2. Refer to the Compatibility Matrix for more information
VSP now provides signed Linux VM Install Scripts for specific Operating Systems. Refer to the VM Installation Manual for more information
If secure boot is enabled on Linux systems, vsyvsi driver is not loaded

FIXESFIXES

Defect ID	Description
WEB-2349	MS Exchange Server does not report incidents for attacks against the OWA application
WEB-2134	AE component (vrule_run.sh) of probe is not started
SUPP-284	CMS UI is unresponsive after encountering process-monitoring-service error
SUPP-273	IBM and IIS servers are not present in PCM but are covered in the installation docs
SUPP-262	Attack count is not revised on CMS UI
SUPP-260	VSP Documentation: VSP Upgrade docs out of order
SUPP-257	VSP Documentation: Incident email subscription documentation to be added
SUPP-236	CMS is unable to set Hosts into Detect/Protect mode - possibly due license hack
SUPP-229	QRadar Webhook gave error when upgraded from 2.4.0 to 2.4.1
SUPP-212	Host is Out of Sync on Windows 2016
SUPP-205	VSP Probe is Out of Sync for the host profile associated to 7 hosts
SUPP-203	CI and CD tools use images from internal Artifactory
SUPP-200	High CPU Utilization on Probe on Windows 2016 server after upgrading probe from 2.2.2 to 2.3.3 while in Protect mode
SUPP-198	2.4.1 Upgrade fails due to double quotes in line 70 of the file docker-compose-cms.yaml.template
SUPP-192	VSP Documentation: VSP 2.x on-prem license process to be updated
SUPP-189	CI script displayed error with the option -g
SUPP-145	Monitor Probes page gets stuck during loading
PLT-1092	vsysi driver installation fails when secure boot is enabled on a target linux machine
PLT-967	Probe erases Satellite software on installation
HMM-2670	Virsec probe binaries are reported as incidents by Host Monitoring
HMM-2468	Binaries with expired publisher certificates are not blocked by host Monitoring
HMM-2418	Increased default HMM and ACP incident limits on probe
HMM-2181	For an eWAF based application setup, Provisioning takes more than 5 minutes to attain Normal state
CMS-3433	UI for Web Services lists IIS but not supported in Compatibility Matrix
CMS-2813	User Password change does not recognize all special characters

Table – VSP 2.4.3 Fixes

KNOWN ISSUESKNOWN ISSUES

Category	Description	Known Issue/ Caveat
Host Monitoring
Windows library issue	In Windows, VSP host monitoring does not suspend already running processes that have non-whitelisted libraries loaded into it	Known Issue
Linux HMM agent limitation	In Linux, VSP host monitoring injects its own HMM agent into every running process. The HMM agent expects a specific version of glibc. If the application loads its own custom glibc version that is not compatible with the HMM agent, the HMM agent may not load correctly causing some application issues	Limitation
Windows application execution inconsistency	In Windows, an application can be started with or without its .exe extension. Since VSP host monitoring analyzes the commandline as is, running python.exe vs python may result in different detections	Limitation

Table – Known Issues