RSA, The Security Division of EMC, announces the release of RSA ECAT v4.0.0.3

Document created by RSA Admin Employee on Feb 10, 2015Last modified by Jeff Shurtliff on Feb 7, 2016
Version 2Show Document
  • View in full screen mode

Summary: 

RSA, The Security Division of EMC, announces the release of RSA ECAT v4.0.0.3, which is a patch that includes the following updates for RSA ECAT 4.0:  

 

-       Added support for Mac OS-X 10.10 (Yosemite)

-       Greatly improved performance on high usage servers.

-       Greatly improved overall performance and memory usage.

-       Added support for additional IIOCs (Instant Indicator of Compromise)

-       General Improvements

          o    Fixed Mac agent deployment issues from the command line

          o    Fixed a problem where files were getting downloaded multiple times from multiple hosts

          o    Fixed a number of issues with FLOATING_CODE and MEMORY_DLL identification and assignment

          o    Fixed a number of potential issues where scan data wasnt imported if agent data was invalid

          o    Fixed an issue where multiple modules were reported with a machine count of 0

          o    It is now possible to decommission a server even if agents are still connection to it

          o    Fixed an issue where some files were reported without a name

          o    Fixed issues with Scan with YARA/OPSWAT menu options in "Machine/Downloads" tab

          o    Fixed issues with the assign module menu option not showing up

          o    Greatly improved performance on high usage servers

          o    15 new IIOCs are available for download from the SCOL server

-       UI Enhancements

          o    Fixed out of sync issue with Grid Filters buttons

          o    Sort issue with the PID column in the Process grid

          o    Solved a number of properties inconsistencies in multiple panels for machine and module properties

          o    Minor typos

          o    Fixed a dashboard widget issues with resizing

          o    Enabled missing contextual menus options in Summary tab, Scan data and Global Modules List

          o    Enabled Machine Boot time on machine properties under Machine.Operating System

          o    Enabled the ""List Modules"" and |List Computers"" option in Certificates panel

          o    Fixed a display mismatch between the Autoruns lower tab in Summary and the Autoruns category in Scan data

          o    Removed a limitation that only allowed the selection of a maximum of 100 modules in the Global Modules List for a download to Server

                operation

          o    Enabled Row multi-select in Machine/Downloaded tab

          o    Greatly improved overall performance and memory usage

-       Agent

          o    Improved path parsing, fixed empty path bug

          o    Driver is now using safer Process access method

          o    Randomized time to re-assignment when a secondary is down

          o    Agent will no longer report failed communication errors as failed commands

          o    Fixed a possible hang on service exit

          o    Added process PID reporting for network connections from floating code

          o    Windows tasks that are DLL hosted in launchers (rundll32, regsrv32, etc...) have the autorun bit set

          o    Command line which include tabs no longer break the CSV output.

          o    Fixed an issue where ECAT uses all CPU during a scan

          o    Mitigated a compatibility issue with Bit 9 Parity

          o    Agent respects certificate validation mode selected in packager

 

Affected Products:

RSA ECAT v4.0

 

Recommendation:

Customers should apply this patch immediately after upgrading to ECAT 4.0.0.2

           

Attachments

    Outcomes