New features in 8.12.0

The following are the new features available with the Xprotect version 8.12.0 released on the 27th of November, 2020:

Redesigned columns on the Hosts page

On the Hosts page, some of the columns that display the details of the hosts are redesigned for better usability. 

  • The Name column displays the status of the host (Online, Offline, Unreachable, Upgrading, Uninstalling), OS on the host, and the hostname of the host. 

  • The IP Address column displays the IP address of the host.

The other columns remain unchanged.

Advanced Policy Settings for policies

The settings for a policy is categorized as General and Advanced. The existing policy settings for Whitelist, Blacklist, Rule rings, USB protect and File protect rules and Auto Trust, are listed under the General tab. The advanced policy settings are listed under the Advanced tab. Advanced policy settings are only supported on hosts that use the 8.12.0 or newer version of the Xprotect agent.

You will see the following advanced settings for a policy:

  • Agent Fetches Commands Every - set a time limit of up to 24 hours to run single or batch operations (from the Xprotect instance) on the hosts. Operations include (but not limited to) policy updates, restarting, upgrading, and uninstalling agents, and isolating or fetching files from hosts. 

    For example, if you set a time limit of 1 hour, trigger a task to isolate some files on a host at 10:00 AM, and trigger another task to upgrade agent on the same host at 10:10 AM, the agent is upgraded only after 11 AM.

  • Monitor Network Protocols - get alerts for all incoming and outgoing TCP and UDP connections on the hosts. The alerts generated for this setting are listed on the Alerts page (Alert Category=Network Connections Not Allowed). The agents allow or block the connections depending on the Rule Ring rules in the policy.

  • Exclude TCP Destinations from Network Monitoring - specify a list of IP addresses (single, range or CIDR) of the hosts and a list of ports (single, range, or all using wildcard (*)) on the hosts, that must be excluded from the Monitor Network Protocols setting. Alerts are not generated for the hosts and the ports on the hosts listed here. In this case, the agents prioritize the 'Exclude' setting over the Rule Ring rules in the policy.

Usability enhancements for policies

On the Policies page, use the following enhancements to create or edit a policy and to see the statistics of the rules in the policy:

  • Expand or collapse the row for a policy to see the Status details and Policy details (general settings of the rules in the policy) by clicking a policy. 

  • In the Policy Details area of the expanded view and on the page to create and edit the policy, see the sum total of Whitelist, Blacklist, Rule Ring rules and the processes/paths/files to which the rules are applicable, in the policy. For example, for a policy that uses 2 Whitelist rules, 3 Blacklist rules, and 1 Network-based Rule Ring rule for 5 processes, the sum total is 2+3+5=10. 

    For a File Protect policy, the sum total is the total number of rules in the policy.

  • On the page to create or edit the policy, see the sum total of Whitelist, Blacklist, Rule Ring, and File protect rules and the processes/paths/files to which the rules are applicable, at the level of a stack in the policy. For example, if a stack contains 1 Child process rule for 2 processes and 1 Parent process rule for 3 processes, the sum total is 2+3=5.

    For a File Protect policy, the sum total is the total number of rules in the stack in the policy.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.