New features in 8.5.0

The following are the new features available with the Xprotect version 8.5.0 released on the 26th of June, 2020:

Revised time-based filters
On the Alerts and Hosts pages, use the time-based filters 'Created at' and 'Installed on' with the following new filter intervals - Last 1 hour, Last 8 hours, Last 24 hours, Last 7 days, Last 30 days and a Custom time interval.
Use the Custom time interval to filter by any range of dates in the last 60 days.
Go To Rule link for Trust violation alerts

For a Trust violation alert on the Alerts page, click the 'Go to Rule' link in the alert's floating panel to navigate to the AutoTrust tab in the policy that generated the alert.

See all rule stacks in a policy without pagination limits
On the Policies page, for policies (Application Control and File Protect) with 100s of rule stacks, see all respective stacks  without any pagination limits. This betters the previous view of 50 stacks per view.
To narrow down the view to specific stack/s or rules in the stack/s, use the Search box located at the top-right corner.
Create rule rings at immediate levels of the parent or child
On the Policies page, create rule ring-based policies that allow or deny local and network processes only at the immediate level. Use 'immediate level' policies to enforce an allowed or denied set of parent and child processes. This can help you bypass the restrictions of defining parent and child processes that can spawn at any level of the process tree.
For example, deny powershell.exe only when it is a child of svchost.exe, but allow powershell.exe when it is spawned from another child of svchost.exe.
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.