SES Evolution 2.4.1 fixes

SES Evolution agent

Agent integrity verification

Support reference: 199381CW

The agent integrity verification has been optimized and the severity of logs generated by this verification has been reviewed to make it more consistent with the severity of the reported information.

Outbound UDP connections

Support reference: 192545CW

The SES Evolution application firewall now optimizes the processing of outbound UDP connections on the user's workstation so that it no longer slows down the transmission of certain network packet types or disrupts the operation of third-party apps.

Administration console

Simultaneous use of multiple consoles

The stability of the SES Evolution backend server has been enhanced to support the simultaneous use of multiple administration consoles.

Operations on devices

All operations performed in the console's Devices menu are now logged in System logs: when keys are added, modified, deleted, etc. In addition, the list of vendors and USB devices in security policies has been updated.

Automatic creation of application IDs

Support reference: 172154PW

When you add an exception to a log that was generated by the activation of the advanced protections Environment discovery or Malicious use of certutil, the ID created automatically in the exception rule now includes the children of the app identified.

Name of the Command line criterion in application IDs

Support reference: 172856PW

When a Command line criterion is added in application IDs, the Show more link remains displayed in the main panel of the ID, even when the criterion is very long.

Challenges

Support reference: 201634CW

An issue regarding the operation of the challenge mechanism has been fixed.

Importing custom rule sets

Support reference: 201083CW

When rule sets are imported into a security policy, shared rule sets can no longer be overwritten with private rule sets, unless you have deleted the shared sets from the console.

When rule sets are deleted, they remain in the database. As a result, if you import a custom rule set that has the same ID as a deleted rule set, the version number of the imported set will be incremented by one from the version of the deleted set.

Deleting shared rule sets

Support reference: 201151CW

Deleted shared rule sets can now be restored, by restoring a version or revision of a policy that contained such sets.

Environment discovery protection

Support reference: 172473PW

The Environment discovery protection has been improved to reduce the number of false positives.

Database overloaded when incident context logs fail to be inserted

Support reference: 205490CW

When an agent generates simple context logs during an incident, if the insertion of such logs into a database fails, any new attempts by the agent handler to insert them will now be restricted for the first few days. After nine days, no more attempts will be made. A system log will then warn the user that context logs have been deleted. This fix makes it possible to avoid overloading the database with logs.