SES Evolution 2.2.2 new features

New protections

Anti-ransomware protection

SES Evolution 2.2.2 now protects your organization’s workstations from ransomware attacks. It can detect operations that ransomware applications usually perform on a system and quickly stop them.

SES Evolution has provided a new “Anti-ransomware protection” rule set for this purpose. This rule set is available in shared rule sets, and is included in the Default policy. An anti-ransomware protection rule also appears in the Threats tab of rule sets.

If the ransomware manages to modify or encrypt files before the attack can be blocked, SES Evolution will provide a list of such files to help you restore them. For the same purpose, SES Evolution now also offers a mechanism that creates and protects shadow copies (also known as snapshots) in Windows, as described in the following section.

Find out more

Shadow copy protection in Windows

Microsoft Windows offers a data backup mechanism with which shadow copies or snapshots of a workstation’s local NTFS volumes can be created. These shadow copies make it possible to restore lost data.

SES Evolution now detects and blocks the deletion or corruption of shadow copies on workstations. Such malicious operations are usually among the first that ransomware applications execute.

Saving Windows shadow copies

SES Evolution also allows you to save shadow copies for your entire pool. Each SES Evolution agent will then create a shadow copy per day for every local NTFS volume on protected workstations. The last five copies will be kept.

To use this feature, you must first allow the creation of shadow copies for all NTFS volumes on the workstations and ensure that they have sufficient reserved disk space.

Find out more

Updating the Default policy

The Default policy has been enriched with the addition of an anti-ransomware protection rule set.

When updating from SES Evolution 2.1.x to version 2.2, refer to the Recommendations to find out the steps to take with regard to policy updates.

Find out more

New built-in rule sets

In addition to the “Anti-ransomware protection” rule set, the two shared rule sets below were also added. Prior to SES Evolution 2.2.2, the rules that made up these sets were found in the “Protection baseline” rule set, which was part of the Default policy. They were removed from the Protection baseline set to form independent sets that are available in the shared sets.

Common applications hardening

The set provides better control over how common applications behave, which may sometimes be dangerous, even if the source is not malicious.

Common network hardening

The set provides better control over applications that may generate unwanted network traffic.

Find out more

Changes to existing rule sets

Two existing built-in rule sets have been modified and enriched. For details on these modifications, refer to the Stormshield rule sets release notes in your MyStormshield personal area.

Refer to Recommendations to find out our recommendations with regard to implementing security policies.

Compatible Microsoft Windows versions

New compatibilities

SES Evolution now supports Windows 10 21H2, Windows 11 and Windows Server 2022 operating systems.

Application identifiers

Filtering applications and processes via command line arguments

Some applications can be used on your appliance pool by your administrators for legitimate purposes, but can also be used maliciously by attackers.

For better control over the use of applications, SES Evolution now makes it possible to filter their operations more granularly based on the settings of their command line. These settings can be specified as criteria in application IDs, making it possible to apply different rules to the same application, depending on how it is used. For example, you can prevent PowerShell from running only when it is run as a hidden process, or when its command line parameters attempt to bypass Windows execution policies.

Find out more

Configuration deployment

Deployment indicator

The SES Evolution console now shows a visual indicator opposite the Environment menu, showing that you have modified the configuration and that it must be deployed in the agent pool.

Find out more

Activity monitoring

Browsing between logs and exception rules

In the agent logs panel of the administration console, a new button leads you directly to exception rules created from a log, if you need to read or modify them.

Server configuration

Disk space monitoring

In the SES Evolution console, the dashboard now indicates the disk space used on the servers that host backends, agent handlers and databases. You will be warned when any thresholds are reached. Monitoring disk space allows you to anticipate disk space issues and guarantee service continuity.

Find out more

Administration console

New features have been added to the administration console to facilitate the management of policies and rules:

  • If you wish to export policies or rule sets, you can now choose which items to export. They will then be exported in separate files.

  • The number of existing rules is now shown on each tab of the various rule types in a set.

  • When you select shared rule sets to add to a policy, they are now added in the order of selection.

  • Rules can now be copied/pasted or cut/pasted within the same rule set.

Icon of the agent on workstations

Icon changed in the taskbar

On workstations, the old icon previous agent icon of the agent has been replaced with the icon new agent icon in the taskbar.