SES Evolution 2.2.2 new features
SES Evolution 2.2.2 now protects your organization’s workstations from ransomware attacks. It can detect operations that ransomware applications usually perform on a system and quickly stop them.
SES Evolution has provided a new “Anti-ransomware protection” rule set for this purpose. This rule set is available in shared rule sets, and is included in the Default policy. An anti-ransomware protection rule also appears in the Threats tab of rule sets.
If the ransomware manages to modify or encrypt files before the attack can be blocked, SES Evolution will provide a list of such files to help you restore them. For the same purpose, SES Evolution now also offers a mechanism that creates and protects shadow copies (also known as snapshots) in Windows, as described in the following section.
Shadow copy protection in Windows
Microsoft Windows offers a data backup mechanism with which shadow copies or snapshots of a workstation’s local NTFS volumes can be created. These shadow copies make it possible to restore lost data.
SES Evolution now detects and blocks the deletion or corruption of shadow copies on workstations. Such malicious operations are usually among the first that ransomware applications execute.
Saving Windows shadow copies
SES Evolution also allows you to save shadow copies for your entire pool. Each SES Evolution agent will then create a shadow copy per day for every local NTFS volume on protected workstations. The last five copies will be kept.
To use this feature, you must first allow the creation of shadow copies for all NTFS volumes on the workstations and ensure that they have sufficient reserved disk space.
Updating the Default policy
The Default policy has been enriched with the addition of an anti-ransomware protection rule set.
When updating from SES Evolution 2.1.x to version 2.2, refer to the Recommendations to find out the steps to take with regard to policy updates.
New built-in rule sets
In addition to the “Anti-ransomware protection” rule set, the two shared rule sets below were also added. Prior to SES Evolution 2.2.2, the rules that made up these sets were found in the “Protection baseline” rule set, which was part of the Default policy. They were removed from the Protection baseline set to form independent sets that are available in the shared sets.
|Common applications hardening||
The set provides better control over how common applications behave, which may sometimes be dangerous, even if the source is not malicious.
|Common network hardening||
The set provides better control over applications that may generate unwanted network traffic.
Changes to existing rule sets
Two existing built-in rule sets have been modified and enriched. For details on these modifications, refer to the Stormshield rule sets release notes in your MyStormshield personal area.
Refer to Recommendations to find out our recommendations with regard to implementing security policies.
Compatible Microsoft Windows versions
SES Evolution now supports Windows 10 21H2, Windows 11 and Windows Server 2022 operating systems.
Filtering applications and processes via command line arguments
Some applications can be used on your appliance pool by your administrators for legitimate purposes, but can also be used maliciously by attackers.
For better control over the use of applications, SES Evolution now makes it possible to filter their operations more granularly based on the settings of their command line. These settings can be specified as criteria in application IDs, making it possible to apply different rules to the same application, depending on how it is used. For example, you can prevent PowerShell from running only when it is run as a hidden process, or when its command line parameters attempt to bypass Windows execution policies.
The SES Evolution console now shows a visual indicator opposite the Environment menu, showing that you have modified the configuration and that it must be deployed in the agent pool.
Browsing between logs and exception rules
In the agent logs panel of the administration console, a new button leads you directly to exception rules created from a log, if you need to read or modify them.
Disk space monitoring
In the SES Evolution console, the dashboard now indicates the disk space used on the servers that host backends, agent handlers and databases. You will be warned when any thresholds are reached. Monitoring disk space allows you to anticipate disk space issues and guarantee service continuity.
New features have been added to the administration console to facilitate the management of policies and rules:
If you wish to export policies or rule sets, you can now choose which items to export. They will then be exported in separate files.
The number of existing rules is now shown on each tab of the various rule types in a set.
When you select shared rule sets to add to a policy, they are now added in the order of selection.
Rules can now be copied/pasted or cut/pasted within the same rule set.
Icon of the agent on workstations
Icon changed in the taskbar