SES Evolution 2.7.1 fixes

SES Evolution Agent

Agent installation

Support reference: STORM-6010

The agent's graphic interface no longer displays automatically at the end of the agent's installation.

Agent interface

Support reference: STORM-9629

When the parameter file in the user profile is corrupted or absent, SES Evolution now creates a new default file automatically, and therefore the agent's graphic interface opens properly.

Agent self-protection

Support reference: STORM-50236

Legitimate operations performed in the agent interface no longer generate self-protection logs.

Support reference: STORM-8434

Improvements have been made to the agent’s self-protection, enabling unconstrained use of Citrix on workstations where the SES Evolution agent is installed.

 

Application launch performance

Support reference: STORM-8928

Now, the digital signature verification module for processes only uses the local certificate cache to perform verifications. This corrects problems of slow application launch when the workstation has limited network connectivity (e.g. hardware firewall blocking access to port 80).

Agent uninstall

Support reference: STORM-14757

The agent uninstall tool has been improved to avoid certain errors when reinstalling the agent.

Compatibility with Gemalto USB devices

Support references: STORM-104, STORM-42

A malfunction preventing a VPN client from operating with a Gemalto USB device acting as a smart card has been fixed.

Managing the agent Diagnostics directory

Support reference: STORM-50540

A user with administrator rights can now delete the contents of the directory C:\ProgramData\Stormshield\SES Evolution\Agent\Diagnosticsto prevent it from taking up too much disk space.

Security policy

Using script-triggered conditional policies

When a conditional policy was applied to an agent group, if it was triggered by a custom script whose execution context was set to Interactive Session, the script might not execute in some cases. The conditional policy therefore did not apply. This issue has been fixed.

Process hollowing

Support reference: STORM-121

Protection against process hollowing has been improved to prevent cases of false positives.

Application of a policy when restarting a workstation

Support reference: STORM-3792

Restarting a workstation at the precise moment a new version of a policy is applied no longer generates an error log, and the policy is now considered properly by the agent.

Controlling access to files and copying files

Support reference: 209846CW

File access rules are now applied properly when files are copied over a network share.

 

Administration console

Agent list display

When navigating between the different panels of the console, the agent list could take a long time to display each time the Agents tab was reopened in the agent groups. And no other action was possible during this time. This wait time is now virtually zero.

In addition, the following changes make navigation easier:

  • Indication of the date and time of the last agent list refresh,

  • Added a progress bar to the manual list refresh,

  • Added a note indicating the loading of the agent list in the left panel and in the center panel, when opening the Agents tab,

  • Improved the mention indicating the number of agents matching the filtered list, either by using the filters or by the search field.

Agent selection

Support reference: STORM-139

On the Agents tab, the CTRL + A function is now disabled when the list of agents exceeds 1000 items. To move all agents to another group, use the new Move displayed agents to... menu. These changes correct problems with persistent agent selections.

Importing a list of USB devices

Support reference: STORM-4093

SES Evolution no longer authorizes importing a list of USB devices via a CSV file if the product IDs and vendor IDs do not have the expected format (i.e., four digits with numbers from '0' to '9' and letters from 'A' to 'F'). This correction prevents risks of errors and consequences on the application of device access rules.

Actions on agent logs

Support reference: STORM-7290

In the agent logs pane, action performed on a very large number of logs (e.g., status change, adding a comment) is now completed properly without error.

Display of context logs

Support reference: STORM-9536

The filter displaying the logs issued from a block (Blocked=Yes) now operates properly for the contexts. It no longer erroneously displays an empty list.

Paths copied in agent logs

Support reference: SESNG-29246

When a path is copied in the detail of agent logs, the space character is no longer added at the end of the path.

Advanced agent log filters

Support reference: 207781CW

Duplicates removed in the designation of advanced filters in the Event types category. Identical or semantically similar designations have been merged.

Daily database maintenance task

Support reference: STORM-9018

The daily maintenance task of the log database now uses an HD space of 1GB maximum, even when a large volume of referential data is deleted.

Support reference: STORM-16044

The handling of the daily log database maintenance task has been improved so that errors no longer occur if logs are dated in the future.

Error message ArgumentException

Support reference: STORM-8141

The problem giving rise to the system log An item with the same key has already been added of the ArgumentException type has been corrected.

Backoffice

Update error diagnosis

Support reference: STORM-11416

New logs have been added to the diagnostic package to diagnose possible update errors of the backend servers.

Duplicate logs

Support reference: STORM-13563

In exceptional cases, strictly identical logs may be produced. From now on, this case will no longer cause an error and only one log will be sent to the backend server.

Sending logs to the Syslog server

Support reference: STORM-13596

The reliability of sending logs to the Syslog server in the event of network degradation has been improved.

Database backup and restore procedures

Support references: STORM-7753 - STORM-172 - STORM-4142

Stormshield has devised SQL procedures to manage backing up and restoring SES Evolution databases. They allow the solution to be reused after losing a database or a server.

The documentation on these procedures is available in the Guide of SQL Server recommendations.

Indicators of Compromise

Search for IoC per file name

Support reference: STORM-52

File name management in IoC searches has been improved to avoid false positives.