We are pleased to announce the availability of Cove Data Protection version 23.11. This release includes improved flexibility on the frequency of Standby Image boot checks, enhancements to backup for Microsoft 365, various security enhancements, and updates to improve the usability of the management dashboard.
Continue readingThis month, in addition to the usual bundle of bug fixes and minor improvements, we’ve implemented changes related to Content-Security-Policy (CSP) and to LDAP authentication process.
Continue readingPlease be advised we will be pushing an update for Managed Antivirus MAV-BD v 7.9.7.336 starting Monday November 13th and available in all territories by the end of the week.
Read more: Advance Notice: Update for N-sight Managed Antivirus Bitdefender (MAV-BD) 7.9.7.336 scheduled for week of Nov 13thThe following Features have been included in this build:
.log and .gif extensions.The following issues were fixed in this build:
Please see N-able Me for all Supported Operating systems
As part of our periodic operating system upgrades, one external library was updated where the timezone “Pacific-New” is no longer supported. As a result, reports using this timezone caused issues to the generation process, delaying reports in the same region.
As the “Pacific-New” timezone was deprecated, we’ve changed the affected reports to use the timezone “Pacific”. This should not change the scheduled time for the reports.
After fixing the issue, the process and the backlog of reports unblocked and is now processing for the affected region, generating and sending all the delayed reports.
We are sorry for any inconvenience that might have been caused. We have considered the necessary actions to prevent such situation in the future.
We are pleased to announce that on Wednesday November 15th Endpoint Detection and Response (EDR) will be updated to SentinelOne’s “W” SP5. This release delivers significant enhancements to the management console.
This updates also includes Agent updates for Windows, macOS and Linux agent to version 23.2. We strongly recommend upgrading these agents as soon as possible to provide the maximum level of protection available.
Read more: ADVANCE NOTICE: EDR “W” SP5 Release & Agents 23.2Excited to share some of the highlights below and please be sure to read the full Release Notes and supporting documentation available on N-able Me
“W” SP5 Includes:
Using Cloud Rogues in your AWS Workloads
The Cloud Rogues feature helps you identify protection coverage gaps for cloud virtual machines (VMs). It gives you continuous visibility in to your AWS accounts to make sure all VMs are protected by SentinelOne Agents.
Cloud Rogues continuously monitors VMs in the AWS cloud accounts in which you have enabled the capability. It gives a full list of your currently unprotected VMs and identifies newly created VMs. You can use this data to deploy Agents to current and future VMs in AWS.
How Cloud Rogues are different from Network Rogues
Network Rogues. Network Rogues uses deployed SentinelOne Agents with network-based port scanning to detect devices that communicate on it. Scanning requires the Agent to be present in the network and can only detect rogue devices on that network.
Cloud Rogues. Cloud Rogues uses Cloud Service Provider APIs to detect virtual machines hosted in AWS accounts or organizations it has access to. It does not require the Agent and does not require network access to detect rogue cloud VMs.
Too learn more about Cloud Rogues check out the full EDR related documentation on N-able Me.
Manage Password Expiration Frequency for Improved Password Hygiene
Improve user password security by setting the frequency with which Console users are required to reset their passwords. Set the frequency of the password expiration by scope to create a policy that meets the standards of your organization.
Important! User password expiration is enabled and enforced by default for all Console users from the moment the console is updated to ‘W’.
Password expiration does NOT apply to Service Users or to users who login with SSO.
Please see the full Release notes for full details.
Blacklist is Changed to Blocklist Throughout the Management Console
To manage blocklist items, go to Sentinels >Blocklist. You will also see that Activity Logs Filters have been updated as well as Settings >Notifications.
Threat mitigation actions now show Add to Blocklist.
Roll-out of the new Application Management
The new Application Management (EA version) replaces the old Applications. The Applications page is replaced with the Application Management pages: Inventory, Risks and Policy. These features are supported by all versions of the Windows and Linux Agents. macOS Agents require version 22.2 GA or later.
Agents automatically scan endpoints for third-party applications, regardless of associated risk, and lists them in the Inventory page.
You can also click Scan Now to manually initiate a scan for applications.
Click an item in the inventory to view a list of endpoints with that application.
The Risks page aggregates Risks by applications and versions.
Click on an application to drill-down into additional data based on Endpoints or CVEs.
Policy page you have the ability to schedule weekly scans for Vulnerability and Application Scanning.
On the Policy page, for Windows Agents 22.3+, you can enable the Extensive Vulnerability Scan. This scan detects missing patches, and merges them later on with detected applications, to improve the accuracy of CVE detection.
Agent Upgrade Change
The expiration time for Agent version change tasks was changed from 5 minutes to 30 minutes. Other tasks expire after 5 minutes. In versions earlier all tasks expired after 5 minutes, including Agent version changes.
If an Agent Version Change task is in progress for 30 minutes the task becomes Expired. This makes resources available for other tasks. If the Agent updates the Management after this time, the status will change accordingly.
User Password Management Changes
Changes in how Console Users can change the password for other Console Users. These options apply to users who log in to the Management Console with their email and password. For users who login with SSO, changes to login credentials must be done with the Identity Provider for the SSO.
Send Reset Password Email – Send a different Console user an email with a link to change their password. Use this when a user forgets their password and does not have SentinelOne 2FA set up. The email is valid for 72 hours. The user’s existing password is valid until they change it. To use this, SMTP must be configured for the Console.
Force Reset Password on Login – This prompts a Console user to set a new password when they log in to the Management Console. They will not be able to log in with their previous password.
All password changes show in Activity. In Operations, search for “password” to see all of the password activities.
Site Level Authorization for Windows Agents
In your Sentinels > Upgrade Policy section you will now find Local Upgrade Authorization under Maintenance Window and Local Upgrade. Site Level Authorization improves the Management Console pre-installation approval flow for local Agent upgrades. This flow is required to make the upgrade of Windows Agents by external deployment tools (SCCM, Intune, GPO and others) more secure.
Site Level Authorization is supported by Windows Agents 22.1 and later.
With Site Level Authorization:
Change in API Token Expiration Period
The expiration period of new API tokens changed from 6 months to 30 days. This applies to tokens generated by Console Users (not service user tokens).
Usability Improvements
In the User Role (RBAC) UI, the names of some Console pages were improved. See full release notes for all changes.
Policy Override configurations now have an Expand option to see the configuration settings more clearly. This shows as a toggle at the top of the Policy Override window.
Latest Agent Updates
SentinelOne agent versions included in this update are:
Windows Agent Update (23.2.3.358)
On-demand scan logs improvements
On-demand scan logs now report the total number of scanned files inside archive files in addition to the number of archive files that were scanned. Example: Total files scanned: 2 on disk(s), 12 inside archives.
Added an option to list all files that were not scanned in the log report (excluding archive files and files within the archive) and map this information to a status in the scan report. In order to use this capability, run this sentinelctl command:
Or add this Policy Override:
Safe Mode Protection
The Agent now blocks any process from booting into safe mode, except excluded ones.
For the Agent to allow endpoints to boot into safe mode, run this sentinelctl command:
Customized Scanned File Types
You can add more file types to be scanned by the Static AI scan with Policy Override or Sentinelctl.
When a file is written or modified on the disk the file will be inspected by the Blocklist and SentinelOne Cloud Intelligence. When a Full Disk scan or On Demand Scan is run the file will be inspected by the Blocklist.
VSS management improvements
Added the ability to configure an available VSS storage from UNBOUNDED, in case of an attack, to a configurable threshold (example, 90%).
Either run this sentinelctl command (syntax):
where integer is a number (percent) between 0 to 100,
Or add this Policy Override:
Run this sentinelctl command:
with any combination of these:
where integer is a number in days, hours, or minutes, depending on which command you run.
But there is more!
macOS Agent Update (23.2.2.6951)
Follow the installation instructions in the User Guide carefully to make sure that the Agent has all the required permissions. An Agent without permissions is not protected and will show a Pending Action label in the Endpoint Details in the Management Console.
Added support for macOS Sonoma 14.0
Added support for macOS Sonoma 14.0 – macOS Agent version 23.2.2 has been tested and validated on macOS Sonoma14.0. Do not upgrade your endpoints until you have a supported SentinelOne Agent. See EDR Documentation on N-able Me for the full .macOS Agent Upgrade Playbook – macOS Sonoma
But there is more!
Linux Agent Update (23.2.2.4)
Performance Enhancements
Optimized performance focus exclusions: The Agent now filters out system events coming from processes excluded by performance focus and performance focus-extended exclusions in the eBPF program, as soon as it receives them from the operating system. This process reduces the Agent resource use and increases event throughput.
Note: This feature requires the Agent to use eBPFs for telemetry collection.
Performance focus exclusions for active content: Performance focus and Performance focus – extended exclusions are now supported for active content, such as bash scripts and python scripts. This will instruct the Agent not to process system events coming from the excluded scripts and, in case of Performance focus – extended exclusions, their children processes.
Excluding network mounts by default: The Agent now ships with default mount type exclusions of fuse.lxcfs, cifs, nfs, nfs4, secfs2, ceph, fuse.glusterfs, nfsd, acfs, omfs, and hdfs. This instructs the Agent to exclude file events coming from these mount types from being processed. This can be fine-tuned using the “mounts_excluded-types” and “mounts_excluded-prefixes” settings with Policy Override, or sentinelctl mounts exclusion.
The “mounts_excluded-types” and “mounts_excluded-prefixes” configurations are now stored as JSON arrays, instead of CSV strings. Example, the “mounts_excluded-types” configuration appears as:
instead of “fuse.lxcfs,cifs,nfs,nfs4, secfs2,ceph,fuse.glusterfs,nfsd,acfs,omfs,hdfs”. The Agent will still accept a Policy Override in the previous format of CSV string for backwards compatibility.
But there is more!
The console update release is scheduled for completion within an eight-hour maintenance window and will begin on Wednesday Nov 15th, at 10 am IDT / 9 am UTC +2/ 3 am EDT. A few important things to note during this time:
Consoles scheduled for update include:
A few reminders;
As always, feedback is welcome on the release.
Please be advised starting Tuesday November 14th through to Thursday November 16th general infrastructure improvements will be rolled out across all regions.
Read more: Web Protection: Scheduled maintenance starting Tuesday November 14thMaintenance Window:
APAC: Tuesday November 14th 13:00 UTC to 16:00 UTC
EU Central: Wednesday November 15th 7:00 UTC to 10:00 UTC
EU West: Wednesday November 15th 9:00 UTC to 12:00 UTC
US: Thursday November 16th 9:00 UTC to 12:00 UTC
What to Expect During the Maintenance Window:
Once the Maintenance window has completed all access and functionality will be restored. Thank you for your patience.
Bitdefender Managed Antivirus users for both N-sight MAV-BD and N-central AV Defender are advised to refrain from updating to Windows 11 23H2 at this time. We will be releasing a new version shortly bringing in support for this version in our upcoming release of 7.9.
Please be advised it has come to our attention that our recently released version 1.10.7 has performance issues. DNS Filter is actively working on a resolution to be released in their next agent upgrade and to avoid any issues, DNS Filter has asked our partners to revert back to 1.10.3. We will be reverting back to 1.10.3 on 11/7.
We are very pleased to announce the general availability of Cove Data Protection for Microsoft 365 Teams.
With this release, Cove backs up teams, channels, team members and settings, plus messages, files and attachments in the channels. Backups are automatically performed up to six times per day, and Teams backup data is retained for seven years in N-able private cloud data centers worldwide.
Licensing and Billing
Teams is included in the current per-end-user price for Microsoft 365 protection. This means that adding Teams backup to unique end users already backing up other elements of Microsoft 365, such as Exchange, OneDrive and/or SharePoint will not impact billing. In addition, only Teams owners are considered billable. Billing will only change if a net-new Teams owner is added that was not previously backing up any other part of Microsoft 365 with Cove.
Billable usage for Teams begins December 1, 2023.
Important note for early access participants
As of today, all currently enrolled and protected Microsoft 365 end users will automatically convert from preview to GA status. No action is needed for this to occur. However, Teams backup sessions and data from the preview period will be deleted upon GA. This impacts Teams data only, no other parts of Microsoft 365 backups.
For more information, consult the user guide.
N-central 2023.8.0.11
We are so excited to announce the introduction of Analytics into N-central 2023.8! We have harnessed the industry standard of PowerBI, to bring you your N-central data in full visuals. With our GA release, you will be able to see device data (inventory, summary, warranty, etc.), backup data (last backed up, last checked in, etc.), and patch information (installed, approved, missing, etc.) And those are just the first of more dashboards to come.
Continue reading
You must be logged in to post a comment.