SES Evolution 2.5.5 fixes

Administration console

Deployment of the SES Evolution environment on the agents

Support reference: STORM-80

To avoid errors when deploying the environment when two administrators are working from two different consoles, it is now no longer possible to:

  • Deploy the environment if another administrator is editing a rule set or a security policy;

  • Modify or save a rule set or security policy if another administrator is deploying the environment.

Time for deploying the SES Evolution environment

Support reference: 210423CW

Improvements and optimizations have been made to reduce the deployment time of the SES Evolution environment on the agents.

Exporting agent logs

Support reference: 175246PW

From the Agent logs panel, the log export now works correctly when the length of the export file name reaches the limit of characters imposed by Windows.

Grouped agent logs display

Support reference: 175468PW

In the Agent logs panel, the policy associated with a log is now displayed correctly for a group, when that group contains only one log.

Searching for indicators of compromise

When you import a CSV file in the Security > Resources menu of the management console to add indicators of compromise in an analysis unit, if indicators are duplicated, only one indicator is imported and a message warns you.

SES Evolution agent handler

Agent handler disk saturation

Support reference: 212149CW

In order to avoid disk saturation of an agent handler, the following limits now apply:

  • a limit of 500 MB on folders named “InvalidPackages” located in the “Normal” and “Urgent” folders at the location “%programdata%\Stormshield\SES Evolution\Server\AgentLogs”. These folders store log packages sent by the agents that the agent handlers cannot manage properly.

  • a limit of 100 MB on the folder named “InvalidCertificates” located at the location “%programdata%\Stormshield\SES Evolution\Server”. This folder stores the certificates of the agents considered invalid.

When these limits are reached, the oldest files are deleted to free up half of the folder storage capacity.

SES Evolution Agent

UDP network packets lost

Support reference: STORM-135

In some configurations, enabling the Application firewall feature in the settings of an agent group could cause processing issues on UDP network packets on users workstations. This could affect DNS resolutions among other things. This issue has been fixed.

Random process shutdowns

Support reference: STORM-3518

An internal issue that could cause random process shutdowns on workstations hosting the SES Evolution agent has been fixed. When the affected process was a critical system process, this issue resulted in a blue screen (BSOD).

Repair logs

The logs related to successful agent repairs now have a Notice severity level instead of Critical if the repairs do not require the workstation to be restarted.