We are pleased to announce that Tuesday October 5th, the Endpoint Detection and Response (EDR) product will be releasing a new Linux agent 21.7 GA (18.104.22.168) We strongly recommend upgrading these agents as soon as possible to provide the maximum level of protection available.
New and improved in Linux agent 21.7 GA:
The dynamic behavioral engine now detects more suspicious activity related to ransomware. A new ransomware detection engine drops decoy files that are used for detection purposes. By default, these decoy files are placed in specific directories, defined in the decoy_files_predefined_paths config key, if the directory exists. The predefined directories are: /home/*, /var/www, /var/www/html, /var/lib, /var/lib/www,/var/lib/mysql, /srv, /root, /usr/share, /usr/share/nginx/html,/usr/local/share, /usr/local/apache2, /etc/nginx, /etc/mysql, /etc/httpd, /etc/apache2.
These decoy files are hidden files, named .aaa.pdf, .aaa.ini, .aaa.log, and .aaa.html.
But that’s not all:
- Logs from the Log Fetch command now show the date in UTC and output from hostname -f, hostname, and dnsdomainname.
- Added support for CentOS 8.4
- Added support for Red Hat Enterprise Linux 8.4
- Ability to configure Agent memory limits by it’s cumulative RSS usage
- Improved the Static AI engine for various fixes and improved the PE detection model.
For additional details, please see https://success.n-able.com/nc-edr-documentation/
For full details on 21.7 GA please check out our Release Notes: https://success.n-able.com/nc-edr-documentation/