Release Notes 2.7.0

Release Date

7-April-2023

What's new in 2.7?

CMS Enhancements:

1. CMS UI has improvements in the left pane for better grouping of features and ease of navigation
2. CMS now enables easy deployment of Probes on VM with commands for download and installation. Refer to Install Probe in VM  for more information
3. Enhancements are incorporated in incident management for better processing
4. New APIs are available to obtain incident related information
5. The licenses maintain persistence during VM restarts on on-prem license servers. Refer to Persistence of Licenses for more information
6. Incident Type information is provided in the VSP Reports
7. Probes page now displays the Probe First Installed and Probe Last Installed fields. Refer to the Monitoring Handbook for more information
8. During Application creation, Web Profile is now an optional field. The field “Application Type” is no longer applicable for Java

Platform Enhancements:

1. New MSI-based installation option is available for Windows-based probe installation
2. Signed scripts are available for Linux-based probe installation
3. Password is required to uninstall or upgrade Probe on Windows and Linux

Web Enhancements:

1. Application Discovery is a new component of the installed VSP probe. It scans the Probes after installation and at regular intervals (Default duration - weekly) to discover the web applications hosted on them. Once the web applications are discovered, appropriate Applications are created on CMS with the discovered information. Refer to Application Auto-Discovery in CMS Applications for more information

Executable Allowlist  Enhancements:

1. An active Maintenance Mode can be stopped at the host level. In earlier releases, “STOP” was applicable for all the hosts in the profile. Refer to the Maintenance Mode for more information
2. Ability to automatically allow new publishers/packages discovered during runtime. This is a configurable option in the host profile and is enabled by default for newly created ones
3. Files marked as SAFE by reversing labs also have the trust factor. VSP now trusts only the files having trust factor values 0, 1 and 2. Files with trust factor 3 and above are not considered as known by VSP for higher levels of efficacy. 
4. Incidents related to executable allowlisting and App Control Policies can now be cached locally on the probe when CMS is not reachable. Further, these incidents are sent when CMS is reachable

 App Control Policy Enhancements:

1. ACP related incidents are reported as a separate category “App Control Violation” with relevant information. Refer to the ACP Incidents for more information on the various event types
2. ACP rules are now applied based on the hash values of the application in scope, even though only application name is defined in ACP rule. This allows VSP to stop application masquerading attack
3. Ability to detect incidents based on the redirection parts of the command is added

Memory Exploit Protection Enhancements:

1. MEP is now supported on a wide range of kernel versions for the supported Linux Operating systems. While Virsec automatically adds support for the newly available kernel versions on a regular basis, if any kernel version is unsupported, the user is notified through CMS. Refer to the Unsupported Kernel Versions under Memory Exploit Protection for more information about how you can identify unsupported kernel versions and update LFR to get support for the latest Linux Kernels
2. MEP now provides protection against additional Linux based exploit - ptrace Sudo Token Privilege Escalation
3. Regular Expressions based exclusions are now supported. Refer to the Memory Exploit Protection Exclusion for more information

Fixes