NetWitness Community

Summary: 

RSA, The Security Division of EMC, announces the release of RSA ECAT v4.0.0.3, which is a patch that includes the following updates for RSA ECAT 4.0:  

-       Added support for Mac OS-X 10.10 (Yosemite)

-       Greatly improved performance on high usage servers.

-       Greatly improved overall performance and memory usage.

-       Added support for additional IIOCs (Instant Indicator of Compromise)

-       General Improvements

          o    Fixed Mac agent deployment issues from the command line

          o    Fixed a problem where files were getting downloaded multiple times from multiple hosts

          o    Fixed a number of issues with FLOATING_CODE and MEMORY_DLL identification and assignment

          o    Fixed a number of potential issues where scan data wasnt imported if agent data was invalid

          o    Fixed an issue where multiple modules were reported with a machine count of 0

          o    It is now possible to decommission a server even if agents are still connection to it

          o    Fixed an issue where some files were reported without a name

          o    Fixed issues with Scan with YARA/OPSWAT menu options in "Machine/Downloads" tab

          o    Fixed issues with the assign module menu option not showing up

          o    Greatly improved performance on high usage servers

          o    15 new IIOCs are available for download from the SCOL server

-       UI Enhancements

          o    Fixed out of sync issue with Grid Filters buttons

          o    Sort issue with the PID column in the Process grid

          o    Solved a number of properties inconsistencies in multiple panels for machine and module properties

          o    Minor typos

          o    Fixed a dashboard widget issues with resizing

          o    Enabled missing contextual menus options in Summary tab, Scan data and Global Modules List

          o    Enabled Machine Boot time on machine properties under Machine.Operating System

          o    Enabled the ""List Modules"" and |List Computers"" option in Certificates panel

          o    Fixed a display mismatch between the Autoruns lower tab in Summary and the Autoruns category in Scan data

          o    Removed a limitation that only allowed the selection of a maximum of 100 modules in the Global Modules List for a download to Server

                operation

          o    Enabled Row multi-select in Machine/Downloaded tab

          o    Greatly improved overall performance and memory usage

-       Agent

          o    Improved path parsing, fixed empty path bug

          o    Driver is now using safer Process access method

          o    Randomized time to re-assignment when a secondary is down

          o    Agent will no longer report failed communication errors as failed commands

          o    Fixed a possible hang on service exit

          o    Added process PID reporting for network connections from floating code

          o    Windows tasks that are DLL hosted in launchers (rundll32, regsrv32, etc...) have the autorun bit set

          o    Command line which include tabs no longer break the CSV output.

          o    Fixed an issue where ECAT uses all CPU during a scan

          o    Mitigated a compatibility issue with Bit 9 Parity

          o    Agent respects certificate validation mode selected in packager

Affected Products:

RSA ECAT v4.0

Recommendation:

Customers should apply this patch immediately after upgrading to ECAT 4.0.0.2