New features in 8.14.0

The following are the new features available with the Xprotect version 8.14.0 released on the 5th of February, 2021:

Mixed-OS groups

The existing Groups feature is renamed to Host Groups with the following enhancements.

  • OS-agnostic - groups in Xprotect are now OS-agnostic. This means that in addition to creating OS-based groups, you can also create groups with a mix of Windows, Linux, and macOS hosts. By design, the Three default policies (One each for a supported OS family) is assigned to a Host group; you can assign and push custom Xprotect policies too. Only One relevant policy in the Host group is to pushed to the hosts, based on their OS family.

  • New default group for ungrouped hosts - default-group is now the default Xprotect group and all newly added ungrouped assets reside in default-group. During the upgrade to version 8.14.0, all ungrouped hosts in the existing default groups (One each for a supported OS family) are moved to default-group.

  • Renamed on the UI - all occurrences of 'Groups' on the Xprotect UI are renamed to Host Groups.

  • Create Host groups - create an empty Host group and add hosts later (Hosts > Host Groups page > Create New Host Group).

  • Host count and Policies for a Host Group - in the Policies and Hosts column on the Hosts > Host Groups page, click a number to see the filtered list of hosts in the group and click the OS icon to see the policy associated for the OS family.

See Create Host groups for more details.

Enhancements for the malicious File isolation feature

  • Files isolated from the alerts are locally stored in the quarantine folder, with AES-256 encryption

  • You can perform the following operations on isolated files:

    • Fetch file - isolated files can be fetched from the hosts for more analysis ( 3-dot menu > Fetch Isolated File).

    • Restore file - isolated files that are false positives, can be restored to their original location and their original state ( 3-dot menu > Restore File).

    • Delete file - Isolated files that are truly malicious, can be permanently deleted from the hosts ( 3-dot menu > Permanently Delete).

  • See the history of the fetch, restore, and delete operations performed on the isolated files ( 3-dot menu > View Operation History).

 See File isolation on hosts for more details.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.