Support :: Release Notes
Overview
Release Notes
EULA
Request HBGary Account
1234>>
Page 1 of 12

Active Defense 1.1.7

This update includes the following:

  • Known Limitation: Viewing volume maps from hardware drive arrays is not currently supported.
  • New Feature: Added in the ability to set an adjustable delay on bootup before the DDNA Agent begins scans on nodes. This new setting can be adjusted on the General Settings page.
  • New Feature: Added a column to the Modules table on the System Details page that shows whether or not the module is whitelisted.
  • New Feature: Added in support for Hard Links, Symbolic Links, and Junction Points to the Volume Map browser.
  • Enhanced the performance of Timelines.
  • Enhanced the performance of the Volume Map Browser
  • Bug Fix: A bug causing Scan result processing to take significantly longer to complete than it should has been fixed.
  • Bug Fix: Deleting Scan Policies with a significant number of results will no longer result in a server timeout error.
  • Bug Fix: You can now reset an agent's license without having to specify user credentials for that agent's host.
  • Bug Fix: Fixed a HASP key licensing conflict problem that would arise when an end node has both a DDNA Agent installed and a Responder HASP key plugged in.
  • Bug Fix: Exported Whitelists now include module path information.
  • Bug Fix: Fixed an issue with an icon not showing on the Update Credentials popup.
  • Bug Fix: Fixed a bug in the processing of Physmem.BinaryData Scan Policy results that was causing the data to not be displayed properly.
  • Bug Fix: Some messages displayed in the logs have been reworded and other messages have been added to more accurately describe errors encountered during Agent removal.
  • Bug Fix: An issue that was causing LiveOs.Process scans to fail matching process names properly has been fixed.
  • Bug Fix: Issues with the Remote File Browser showing an incomplete list of files has been fixed.
  • Bug Fix: The adding of Whitelist entries has been reworked to address issues with updating module information after a whitelist entry is added.
  • Bug Fix: Issues with the domain name getting appended way too many times to the beginning of a host's username during authentication has been resolved.
  • Bug Fix: MSMQ account password now set to never expire.
  • Bug Fix: Fixed some issues with requesting the same file multiple times from the same system. Also added the host name to the beginning of all requested files so that it is clearer which host the file came from.
  • Bug Fix: Agent status is now correctly updated when an agent has not checked-in for over an hour.
  • Bug Fix: An issue that could potentially cause a node to not get enrolled due to the agent failing to calculate a valid Machine ID has been resolved.
  • Known Issue: Exporting large Timelines (30,000+ events) may cause "out of memory" exceptions. If you are experiencing issues while exporting Timelines try requesting a new Timeline with a smaller timespan.
  • Known Issue: If the ActiveDefense Storage Location is set to a folder on the desktop issues may arise when attempting to apply the license. To avoid these issues either choose to install to the default location or if you are using a user-defined location do not specify a location on the Desktop.
  • Known Issue: There is a corner case where an Agent may not get removed from the database on the first uninstall attempt. This issue will arise if you install the Agent manually, then uninstall it manually, then attempt to remove the Agent from the ActiveDefense UI. The Agent will move over into an error state of E310 or E320 and will not be removed from the database until you attempt to remove the Agent from the AD UI again. To avoid this issue, make sure credentials are specified for all Agents that are installed manually. Alternatively, if the Agent moves into status E310 or E320 after attempting to remove it simply select those machines and issue another removal job and ActiveDefense should remove the Agent on the second try.

Responder 2.0.5

This update includes the following upgrades:

  • Added "Make Function" ability to any disassembly location in the Binary tab.
  • Added "Create Package" ability to individual pages in the Memory Map.
  • Improved the detection of int3 sleds that create XREFs to subroutines.
  • Module size is now displayed in decimal rather than hex on the DDNA tab.
  • Samples view is no longer displayed in projects that do not have an FBJ file loaded.
  • "Data_ptrs" in Binary tab now resolve to "_ptr_string_xxx" or "_ptr_xxx" if possible.
  • "Data_call_ptrs" in Binary tab now resolve to "_ptr_module!func" if the symbol names can be found.
  • Improved handling of alignment instructions and marking function starts.
  • Added Process ID (PID) for each result to the search results table.
  • Strings and symbol searches with local scope now maintain the local package restriction for multiple searches.
  • Keyword highlighting in the Binary tab now ignores hex specifiers that start a keyword (0x) and location label prefixes ("loc").
  • Bug Fix: Can now extract hook_memory modules from memory images.
  • Bug Fix: Fixed issue where the Strings view would display incorrect results when a string search returns zero results.
  • Bug Fix: The "Copy to Clipboard" hotkey (ctrl-c) now works correctly in Binary tab.
  • Bug Fix: When the project's .tmp file isn't found an error message is now always provided to the user.

Active Defense 1.1.6

This update includes the following upgrades:

  • New Feature: Added "Scan History" and "DDNA Score Graph" tabs to the Agent Details page. The Scan History table lists all of the completed Scan Policies and physical memory scans along with the names and scores of the highest scoring modules where applicable. The DDNA Score Graph tab shows a graph of an Agent's DDNA scores over time.
  • New Feature: A "Notes" field has been added to Scan Policies, Queries, and Requested Files.
  • New Feature: Added ability to export System Details to XML.
  • New Feature: The "Dashboard" page now shows the number of users currently logged into the Active Defense server.
  • Bug Fix: Added in a new error code that will indicate which Agents have expired licenses.
  • Bug Fix: Volume map files saved in the Downloads folder now have the host name included in the file name.
  • Bug Fix: Removing queries from a Scan Policy now removes the correct Query regardless of the order in which they are removed.
  • Bug Fix: Requesting a file from the Remote Browser now properly changes the icon to show that the file has been requested.
  • Bug Fix: Minor UI display issues have been resolved.
  • Added a "Discovered On" column to the Modules tab on the Agent Details page.
  • The path to the module on the end node is now appended to the Highest Scoring Module column on the Agents page.
  • Agent Status is now displayed on the Agent Details page.
  • The installer now comes packaged with SQL Express 2008 R2 (version 1.1.5 and lower came packaged with SQL Express 2005).

Responder 2.0.4

This update includes the following upgrades

  • Bug Fix: String searches that return only one result no longer cause an error.
  • Bug Fix: A bug that would cause modules to have the same base address on the DDNA tab has been fixed.
  • Bug Fix: A bug that would cause an FBJ file to close after cancelling an attempt to open another FBJ file has been fixed.
  • A new icon has been added that will help differentiate between "compile for development" and "finalize plug-in" on the Scripts tab.
1234>>
Page 1 of 12