How SoftControl products have changed in 2018
The main changes in the SoftControl products include creation of name rule groups, improved system reports and event logs, as well as export and import of client application settings.
The following changes affected the SoftControl Service Center:
- Named rule groups are supported. Activity control rules from different categories (file system, system registry, network activity and modules) can be grouped together.
- Activity control rules for separate applications can be created in SoftControl Admin Console and transferred to client hosts with the installed SoftControl SysWatch client applications.
- Increased password security for SoftControl Service Center database.
- Supported import and export of selected client application settings with the help of an XML file.
Changes in SoftControl Admin Console:
- Improved logic for creating system reports. The groups of events are now called 'Threats' and 'Services and unsuspicious applications'. In the former case, SoftControl Admin Console logs control policy violations and the start of suspicious processes. In the latter case, SoftControl Admin Console logs service events and the start of unsuspicious processes.
- Event logs are now more detailed and easier to understand. This includes the improved format of the information displayed in the ‘Action’ field on the ‘Log’ tab.
- System profile on the client host with SoftControl SysWatch can be disabled through the client application settings. In addition, the update source for SoftControl SysWatch can be selected (update through either SoftControl Service Center or the Internet).
- Identification data of a module are filled in automatically in the settings after specifying an exe file.
- The ‘Clients’ tab contains the ‘Permanent connection status’ column to track possible disconnections.
- Flags are supported for files on the ‘Profile data ...’ tab that indicate whether a file is added to the profile by the installer or during the profile collection process.
Changes in SoftControl SysWatch client application:
- As with SoftControl Admin Console, system reports are made more clear and unambiguous.
- Event logs are now more detailed and easier to understand. In particular, the report indicates whether the application is in the profile, whether it is tracked; whether the installer has a valid digital signature; whether the global software update mode is enabled, etc.
- Logging events of control policy violation is improved. Control policy violation events are considered similar and are not logged if they have coinciding actions, binary paths, command lines, and process identifiers, as well as if the period of time after the previous event is added is less than the specified value (one minute by default). Besides, the event log contains information about how many similar events were skipped.
- Control policy violation report contains the PID for the process that caused policy violation.
- If the protection is turned off, all applications (both in the profile and outside of it) are given permission to run until the system service starts.
- Increased password security for SoftControl SysWatch client components.
- Fixed vulnerability in the msiexec installer. It is not allowed to execute the msiexec system installer from a folder that differs from % SYSTEM32%.
- Fixed vulnerability in dll blocking algorithm (CVE-2018-5718). This vulnerability allowed local users to cause a denial of service (BSOD) or modify kernel-mode memory by loading a forged dll.
- Updated glossary that is used in the program. In particular, the term ‘mode of operation’ is replaced to ‘software update mode’. The term ‘unknown installer’ is changed to ‘unsigned installation program’, and ‘unknown application’ is replaced by ‘non-profile application’, and so on.
February 11, 2019
All news |
Print this page
January 31, 2019
February 25, 2019