Attention: As of February 28, 2022 the Carbon Black Cloud Release Notes will be published on VMware Docs. This UEX release notes space will remain, but will no longer be updated.

Fixed Issues

Fixed Issues

 

Release Date Product Issue ID Description
January 24, 2022 All DSER-37462

"Equality" type IOCs for certain fields (for example, process hash, netconn_ipv6, etc.) are combined for optimized evaluation. 

Before this fix, only one IOC would trigger a hit, even if there were more IOCs for the same field with the same value.

After the fix, all IOCs for the same field with the same normalized value will produce a hit, regardless of whether the IOCs are in different reports or the same report."

January 24, 2022 All DSER-38285

Dashboard to Vulnerability filters were not showing properly.

January 24, 2022 All DSER-35926

Modified email notifications to include an Alert Type selector, which includes a new container runtime option.

January 13, 2022 All DSER-37956

Data Forwarder user interface inaccurately reported connection test was successful.

January 13, 2022 All DSER-37701

Endpoints page crashed when updating all sensors without a proper searchDef.

January 13, 2022 All DSER-36396

Clicking on the Basic button twice on the Data Forwarders page toggled the Filter Data section between Basic and Custom Query, rather than staying always in Basic mode.

January 13, 2022 All DSER-34238

You can now easily move widgets on the dashboard.

December 17, 2021 All DSER-34722

The alert banner now disappears from the process analysis page after dismissal.

December 17, 2021 All DSER-34782

The Data Forwarder editor page now displays a small notification with an Undo button when a filter is deleted.

December 17, 2021 All DSER-35865

The dismissal window was showing an incorrect alert count for alert groups containing dismissed alerts.

December 17, 2021 All DSER-36377

The SHA256 hash is correctly presented for alerts with an IP address threat cause and command line arguments in the threat cause name.

December 17, 2021 All DSER-36533

Updated URL for Data Forwarder pages in CBC UI from /event-forwarder to /data-forwarder.

December 17, 2021 All DSER-37375

The Investigate page now presents a full URL that you can bookmark.

December 6, 2021 All DSER-36688

Fixed an issue where an error message for the Endpoints tab is sometimes echoed when switching to the Workloads tab.

December 6, 2021 All DSER-36816

Event Forwarder alert type configurations with empty filters are correctly saved.

December 6, 2021 All DSER-36867

More concise text for alert dismissals.

December 6, 2021 Managed Detection and Response DSER-37222

The correct Managed Detection fields display in all configurations.

November 18, 2021 All DSER-36673

Fixed an issue where the alert type facet response in the Alerts V6 API would return names of alert types that the organization does not have enabled. Alert type counts now only reflect alert types that pertain to enabled products.

November 18, 2021 All DSER-35620

Fixed accessibility issues. Added keyboard listeners and focus on tab for sortable table columns, policy panel, watchlist rows, etc.

November 18, 2021 All DSER-35615

Added focus and keyboard listener for left navigation collapse button.

November 18, 2021 All DSER-35461

Added a daily summary report for Managed Detection and Response customers.

November 1, 2021 All DSER-35124

Reassess Link is clickable when VM is powered off.

October 27, 2021 All DSER-35004

Avira Sigpacks are now returned by default for WORKLOADS and VDIs when searching for sensor kits.

October 27, 2021 All DSER-35199

Vulnerabilities VMs and Endpoints side panel closes when severity or filters are updated.

October 27, 2021 All DSER-35533

Search query persists when switching tabs in Vulnerabilities.

October 27, 2021 All DSER-35768

The mac sensor installation email has been updated to reflect current macOS kits. Version 10.14 and earlier are no longer supported through the console.

October 27, 2021 All DSER-34354

Moved the alert count and device information from the dismissal modal header to the modal itself. The new string contains the number of alerts being dismissed as well as the device name, or number of devices, with alerts in the dismissal.

October 27, 2021 All DSER-34547

When alerts are grouped and the result cap is exceeded, the result count will now display "Showing 10,000 of 10,000+ results" instead of always showing "Showing 10,000 results" regardless of the total count.

October 27, 2021 All DSER-34552

A link was added to the dismiss for future criteria section that will show all alerts belonging to the same threat ID.

October 27, 2021 All DSER-35549

Investigate’s Enriched Events tab no longer submits a full search when the page loads. It is now consistent with the Processes tab, which populates the Filters panel and only submits a full search when requested by the user.

September 27, 2021 Workloads DSER-33553

Fixed the chart data for VM Workloads overview and the navigation to the VM Workload inventory page.

September 27, 2021 Workloads DSER-34769

The new facets - OS, Sensor Version, Signature Status and Golden Image Status can be applied while exporting the inventory grid data.

September 27, 2021 Workloads DSER-34852

Fixed the missing page title for VM Workloads page.

September 27, 2021 Workloads DSER-34856

Fixed the navigation from Sensor Update Status asset link to the workload not enabled tab.

September 27, 2021 All DSER-34662

Re-assess now option is available to the non supported OS devices under inventory.

September 27, 2021 All DSER-34959

Endpoint Standard: Vulnerabilities pages are automatically switching back to page 1 in the Endpoints page.

September 27, 2021 All DSER-34865

Vulnerability Column Displays On Endpoints Page Even If Not Enabled.

September 27, 2021 All DSER-34871

Side panel should close when performing a search.

September 27, 2021 All DSER-35120

Changing filter, severity, "view by" not resetting pagination to page 1 (VMs and Endpoints Vulnerabilities).

September 17, 2021 Workloads DSER-34580

Endpoint - parent image link should navigate to the endpoint when the Workload Management feature flag is set to HIDE.

September 17, 2021 Container Essentials GRC-1499

Various bug fixes in image scanning pages.

September 17, 2021 Container Essentials GRC-1387

GET image "overview" API returned 500 error when an image was not found.

September 17, 2021 Container Essentials GRC-1079

rscan container images after a feed update.

August 26, 2021 All DSER-29279

Updated the search result count that displays above tables for Alerts, Investigate, Process Analysis and Watchlist pages. These were updated to use new API fields to represent how much data was processed for each query.

August 26, 2021 All DSER-29546

Updated all content references to background scan actions from “Enable/Disable” to “Start/Stop"

August 26, 2021 All DSER-33147

All instances of the target value bars are converted to textual representations.  The value “mission critical” is changed to “critical”.

August 26, 2021 All DSER-33248

Updated the Process Analysis Tree to exclude the target node from hash-based node grouping.

August 26, 2021 All DSER-33591

Updated policy rule paths to preserve whitespace as entered and scroll horizontally to display long paths.

August 26, 2021 All DSER-33765

Minor console labels and content changes.

August 26, 2021 Endpoint Standard DSEN-14615

Exclusions are added to Credential Theft protections to exclude yara scanning of signed OS binaries.

August 26, 2021 Endpoint Standard UAV-2148

Windows sensor version 3.6.0.2121 is required for newly-released Privilege Escalation detections and blocking.

August 26, 2021 Prevention CBC-7654

Fixed an issue where some dynamic prevention rules for Windows assigned by Carbon Black were behaving incorrectly in Prevention organizations.

July 16, 2021 All DSER-31350

User information (user name) in the CSV file exported from the Endpoints page properly reflects the current logged user.

July 16, 2021 All DSER-32471, DSER-29285

Live Response command parsing better handles whitespace in file paths and double-quote marks in exec and execfg commands.

July 16, 2021 All DSER-28159

Organization deregistration workflow removes pending admin invite entries so new users cannot be added to deregistered orgs.

July 16, 2021 All DSER-33238

Fixed a bug introduced in 0.67 where a user’s email could only be used to register once. This fix restores the ability to delete a user to re-use the associated email.

July 16, 2021 All DSER-26728

Endpoint registration request allows a new pending invite entry on the Endpoints page for users who already have a registered device.

July 16, 2021 All DSER-33198

If you logout on any page with persistence and then log back in again, the data persists.

July 16, 2021 All DSER-32886

Enforced the 255-character limit in the console for the Alert Notes Text Field.

July 16, 2021 All DSER-32956

VM Workloads - Active Directory Distinguished Name added to the table side panel.

July 16, 2021 All DSER-33445

Fixed an issue on the Process Analysis page where the detailed descriptions of childproc events were occasionally missing.

July 16, 2021 Workloads CBC-7688

Inventory sync from the appliance did not occur due to start-up failure of inventory services.

June 25, 2021 All DSER-28547

Duplicate attributes in search query were returned by the Policy Preventions test rule feature.

June 25, 2021 All DSER-25795

Updated Manage Devices and Download Sensor Kit subroles descriptions in the Carbon Black Cloud Console.

June 25, 2021 All DSER-25404

Fixed presentation of Name/Description in the Carbon Black UI API Access page to properly add a space.

June 25, 2021 All DSER-27451

Fixed the virtualizationProvider field to properly use double quotes when the value contains commas in the .csv file that is exported from the Carbon Black Cloud Console Endpoints page.

June 25, 2021 All DSER-29835

Fixed Carbon Black Access Service to properly handle special characters in Access Level name.

June 25, 2021 All DSER-31820

A race condition sometimes caused an alert to remain undismissed when using the dismissing-for-future command on a single alert.

June 25, 2021 All DSER-32679

The Remediation card in the Alerts sidebar could hang in the loading state for some alerts.

June 25, 2021 All DSER-32291

On the process tree, grouped nodes were not correctly selected on the page load/click of the primary process link.
Updated the process tree nodes to indicate when a grouped node contains processes with the same hash running in multiple file paths.

Sorts sibling nodes alphabetically in the tree. 

June 25, 2021 All DSER-31795

Long Search (that is, a Search having 2940 character) caused Endpoint Export to Not Download.

June 25, 2021 All DSER-31952

Fixed the flow of generating new company codes (registration/deregistration) use case, to avoid generation of the codes due to accidental clicking of Generate New Code button. User Confirmation is seeked before generating the new code.

June 25, 2021 All DSER-32685

Double-clicking values in the alert event field closed the expanded event row. Issue was also observed on Endpoints, Enriched Events (Alerts Triage) pages, etc.

June 25, 2021 All DSER-32864

Added specific error message instead of generic message when vulnerabilities API failed to know the reason for failure.

June 25, 2021 Container Essentials GRC-625

The validate-resource command in the cbctl returns the rule name instead of the rule ID.

June 25, 2021 Container Essentials GRC-624

Fixed a bug in policy ordering (enforcement) when the org has a policy with a scope of a cluster group.

June 25, 2021 Container Essentials GRC-646

Fixed the stability with Create Vulnerability exceptions.

June 25, 2021 Container Essentials GRC-1084

Cleaned the images with the delete cluster operation.

June 25, 2021 Container Essentials GRC-658

Fixed the distro version in the image overview page.

June 25, 2021 Container Essentials GRC-1117

Fixed the Add Scope wizard view in Safari.

June 25, 2021 Container Essentials GRC-1114

The description field is now optional in the CLI setup wizard.

June 25, 2021 Container Essentials GRC-1116

Improvements in the tables on the K8s Workloads, K8s Violations, K8s Risks and K8s Images pages.

June 25, 2021 Container Essentials GRC-654

Fixed the org summary numbers in the Vulnerabilities page.

June 25, 2021 Container Essentials GRC-1127

Fixed the Vulnerability API that can return CVSS V3 fields with empty strings.

June 25, 2021 Container Essentials GRC-665

Fixed the inconsistency in workloads count in the K8s images page and the workloads shown in the tab.

June 25, 2021 Container Essentials GRC-586

Deleting a CLI instance will now delete the API token that is associated with it.

June 8, 2021 Workloads DSER-32600

Added hyperlink for kb resource value in Vulnerabilities and Assets view.

June 8, 2021 Workloads DSER-32601

Added hyperlink for CVE name in Vulnerabilities and Assets view.

May 27, 2021
All DSER-30864

Audit log generated on sensor uninstall now properly identifies the uninstalling user.

May 27, 2021 All DSER-29041

Users could not delete a pending sensor when the same user had an active sensor.

May 27, 2021 Enterprise EDR LC-977

Watchlist API falsely returns a 200 response when attempting to enable Alerting on these threat intelligence feeds: ATT&CK Framework, Carbon Black Early Access Indicators, Carbon Black Endpoint Visibility, Carbon Black Suspicious Indicators. The change to disable Alerting on these feeds is documented on the VMware Community site here.

May 27, 2021 Prevention DSER-32262

Prevention customers did not have full visibility into the process name, including the full process path, within the Alert Triage page. You can now view the full process name in the right-hand process card in the Alert Triage page.

May 3, 2021 All DSER-31506

Added the Container Security and Cloud Workload Protection products to the product dropdown to show whether they are enabled.

May 3, 2021 All DSER-31178

Detail data now opens when switching to details view for any asset on the VMware workloads tab under Inventory.

May 3, 2021 All DSER-31709

Changed the Assets with Critical Vulnerabilities label to VMs with Critical Vulnerabilities on the Dashboard and changed the Critical Vulnerabilities label to VMs with Critical Vulnerabilities.

May 3, 2021 All DSER-31728

Vulnerability details now display in the full screen under the Inventory tab for Mozilla and Safari browsers.

April 26, 2021 All DSER-24211

In Event Forwarder endpoint.event.moduleload events, added the following fields:

  • scriptload_content
  • scriptload_content_length
  • scriptload_count
  • scriptload_effective_reputation
  • scriptload_hash
  • scriptload_name
  • scriptload_publisher
  • scriptload_publisher_state
  • scriptload_reputation
April 26, 2021 All DSER-29838

***Changes went live on 3/22 and were communicated via Developer Network before then.

  • Any existing Event Forwarder configs that filter on endpoint.event.netconn were updated to include endpoint.event.netconn_proxy.

  • Any existing Event Forwarder configs that filter on endpoint.event.moduleload were updated to include endpoint.event.fileless_scriptload and/or endpoint.event.scriptload.
April 26, 2021 All DSER-29634

Added crossproc_target field to the Event Forwarder schema.

April 26, 2021 All DSER-28908

Added support to Event Forwarder for a new event type: endpoint.event.netconn_proxy.

April 26, 2021 All DSER-30773

Customer was seeing multiple -- in their process_guid for events forwarded by Event Forwarder.

April 26, 2021 All DSER-31424

The Alerts table now shows the grouped alert count in the Device column even when all alerts in the group were from a single device.

April 26, 2021 All DSER-30677

Fixed an issue where notes present:true would sometimes be included in CB Analytics alerts without notes present.

April 26, 2021 Audit and Remediation DSER-26891

A mismatch in timestamps was reported by Live Response dir and execfg cmd /c dir commands.

April 26, 2021 Container Essentials GRC-570

Cluster deletion instructions are provided upon deleting a cluster.

April 26, 2021 Container Essentials GRC-559

Policies no longer have the Draft status. They are Disabled instead.

April 26, 2021 Container Essentials GRC-557

When clicking the violations count in the Policies page, the details will now open in a popup/

March 18, 2021 All DSER-27474

Retrieving audit logs with an API connector key only returned results the first time the connector key was used.

March 18, 2021 All DSER-29675

Console-initiated sensor upgrades targeting all sensors failed to include some sensors after paging through the device list.

March 18, 2021 All DSER-30800

Enhanced Carbon Black Cloud internal user creation API to limit the role of the user invoking the user creation API. This restriction was enforced by the UI but not by the internal API.

March 18, 2021 Workloads DSER-29129

Could not move device to auto-assign when already under manual-assign.

March 18, 2021 Container Essentials GRC-530

K8s Harden > Saved Searches now allows changing the scope for a saved search.

March 18, 2021 Container Essentials GRC-350

Fixed detection of workloads exposed by a service (relevant to the Expose by service rule of a K8s policy).

March 18, 2021 Container Essentials GRC-321,
GRC-516

Custom queries now support the kind, group, and version fields.

March 18, 2021 Container Essentials GRC-482

Custom queries now support the namespace resource.

March 18, 2021 Container Essentials GRC-356

After cluster deletion, cluster data reappeared in some cases.

March 18, 2021 Container Essentials GRC-533

Dataplane now supports HTTP proxy.

March 18, 2021 Container Essentials GRC-543

The messageproxy (events ingress) port has changed to 443 to comply with the standard TLS port.

March 2, 2021 All DSER-28956

If a field had a null value, that empty field was not included in the forwarded event.

March 2, 2021 All DSER-28952

Both the crossproc and apicall event types in Event Forwarder include a field that specifically identifies the API call/function.

March 2, 2021 All DSER-28953

Event Forwarder includes a crossproc_guid field.

March 2, 2021 All DSER-29826

Event Forwarder data sometimes had an empty value for event_origin.

March 2, 2021 All DSER-29564

Added Big Sur as an option for OS_MAJOR_VERSION.

March 2, 2021 All DSER-29705

Intermittent issue in which the dashboard widgets showed 0 values.

March 2, 2021 Endpoint Standard EA-18149

Prospect bypassed AMSI Prevention during Evaluation.

March 2, 2021 Enterprise EDR LC-673, EA-17797

The service will now return sorted results even if the sort field is not included in the request.

March 2, 2021 Enterprise EDR LC-681, EA-16429

Some event_ids were not visible through the console or the API.

March 2, 2021 Enterprise EDR DSER-30019

The Investigate page could show events search results on the Processes tab and vice versa.

March 2, 2021 Enterprise EDR DSER-26469

Operators (AND, OR, NOT) were not highlighted when written back-to-back in the Investigate search bar.

March 2, 2021 Container Essentials GRC-518

Fixed the Kubernetes Search page to display saved searches with long names.

March 2, 2021 Container Essentials GRC-505

Fixed the Kubernetes Workloads page to display long cluster names.

March 2, 2021 Container Essentials GRC-506

Fixed the Kubernetes Health > Risks tab to display long cluster names.

March 2, 2021 Container Essentials GRC-504

Added alphabetical order for the rules drop-down in the Kubernetes Search > Search tab.

March 2, 2021 Container Essentials GRC-503

Fixed the table sorting in the Kubernetes Policies > Rules page.

March 2, 2021 Container Essentials GRC-502

Fixed the locale of the table headers in some Kubernetes pages.

March 2, 2021 Container Essentials GRC-444

Added support for the read-only role for the Kubernetes pages.

January 25, 2021 All DSER-19110

Enhanced CBC SSO to protect user information when users login using SSO in a shared workstation. This should force new users to login if previous users do not explicitly logout of SSO.

January 25, 2021 All DSER-26231

Added a new subrole "View Org Information", replacing "View Org Information and Codes" in the standard analyst and view-only roles. This means those roles (Analysts 1, Analyst 2, Analyst 3, View All, and View Only - Legacy) can no longer see sensor install/uninstall codes. API roles built on the existing subroles will continue to function as before.

January 25, 2021 All DSER-29137

Made sure that a 400 HTTP return code is returned when deleting a rule set assignment for an organization that does not have a rule set assigned.

January 25, 2021 All DSER-28224

Improved the performance of persisting the last contact time.

January 25, 2021 All DSER-25323

Added the ability to see signature pack creation dates.

January 25, 2021 All LC-689

The legacy_alert_id field was missing in the Watchlist Alert API data.

January 25, 2021 All DSER-29336

The Triage Alert graph's policy action shield was missing despite the node having a POLICY_DENY or POLICY_TERMINATE TTP.

January 25, 2021 All DSER-29317

Added markdown link support to the Dashboard's TauTin widget.

January 25, 2021 All DSER-29222

Threat-level notes_present and tags_present are now supported for all Alert types.

January 25, 2021 All DSER-29194

The Endpoint Health widget on the Dashboard page only displayed data for Endpoints and not VM Workloads.

January 25, 2021 All DSER-29098

Investigate Alert Details (in the Investigate table side panel) now shows the proper alert id and Process Analysis link for Watchlist Alerts.

January 25, 2021 All DSER-29097

The Triage Alert page no longer appears blank if the alert was not in the scope of the alerts search; this was most commonly seen in alert dismissals on the Triage Alert page.

January 25, 2021 All DSER-28597,
DSER-28510

Time filter time spans and on-change functionality is aligned between the Alerts, Investigate, and Dashboard pages.

January 25, 2021 All DSER-20961

Triage Alerts links are added to the Investigate Events table for events associated with Alerts for Endpoint Standard customers.

January 25, 2021 All DSER-29202

Correctly display the operating system version when sensors are running on MAC OS 11.

January 25, 2021 Endpoint Standard DETECT-2320

The ThreatCategory wasn't correctly set to KNOWN_MALWARE in some situations, even though analytics was correctly identifying malware.

January 25, 2021 Audit and Remediation DSER-28332

The Live Query Query Asset button disappeared when searching by deviceType or sensorVersion.

January 12, 2021 Workloads CWP-3966

The on-premise appliance relies on an API key to communicate and register with the Carbon Black Cloud. If this key is deleted from the Carbon Black Cloud after an appliance is registered, then the appliance incorrectly displayed a successful registration status.

December 16, 2020 All DSER-21690

A user's favorite saved search that had been deleted was restored at times.

December 16, 2020 All DSER-28552

Policy Action notifications for device control alerts did not always trigger.

December 16, 2020 All DSER-27473

MSSP users could not submit feedback via the console.

December 16, 2020 Endpoint Standard DSER-28188

Some network-related detections were missing information about the hosts that attempted to connect to and/or scan customer endpoints.

December 16, 2020 Endpoint Standard DSER-28967

Improved the handling of requests from sensors to make sure that the lastContactTime is updated with minimal delay.

December 16, 2020 Endpoint Standard DSER-28909

Login issue after database upgrade.

December 16, 2020 Endpoint Standard DSER-20913

Dashboard endpoint health widget did not match the enrollment page.

December 16, 2020 Endpoint Standard DSER-20496

Could not delete admin accounts when linked to multiple orgs.

December 16, 2020 Endpoint Standard DSER-28962

Unable to quarantine devices from the Remediation option on the Alerts page.

December 16, 2020 Endpoint Standard DSER-28420

Device Control - Approvals/_search and device/_search defaulted to 0; if a request was sent without rows, it returned an empty list. 

December 16, 2020 Endpoint Standard DSER-28419

Device Control - Audit log did not show wildcards for PID.

December 16, 2020 Endpoint Standard DSER-28399

Device Control - Edit approval endpoint did not return vendor name and product name.

December 16, 2020 Endpoint Standard DSER-28397

Device Control - Errors in checkaccess middleware returned application/json content type.

December 16, 2020 Endpoint Standard DSER-28386

Device Control - v1/v2 APIs used RFC3339 time formatting.

December 16, 2020 Endpoint Standard DSER-28336

You could get a block by ID; product returned a 404 error for a block that was soft-deleted.

December 16, 2020 Endpoint Standard DSER-28286

Device Control - 409 error handling on approval edit.

December 16, 2020 Endpoint Standard DSER-28284

Device Control - Devices with soft-deleted approvals still showed APPROVED status.

December 16, 2020 Endpoint Standard DSER-28262

Device Control - Ensure All routes that change database state use audit logging.

December 16, 2020 Endpoint Standard DSER-27397

Device Control - Add Max Size for CSV uploads.

December 16, 2020 Endpoint Standard DSER-27393

Device Control - Get Approval by ID endpoint.

December 16, 2020 Endpoint Standard DSER-27336

Device Control - Update all APIs to accept and respond to VID/PID as hex strings instead of ints, and create V3 of all APIs.

December 16, 2020 Endpoint Standard DSER-27287

Device Control - Deprecated POST /devices and POST /allowlist.

December 16, 2020 Endpoint Standard DSER-27087

Device Control - Updated free text search.

December 16, 2020 Endpoint Standard DSER-26985

Device Control - Deprecated org blocking.

December 16, 2020 Endpoint Standard DSER-26261

Device Control - Updated Device Control DB IDs.

December 16, 2020 Enterprise EDR DSER-29023

Updated label in device details window to reduce confusion

December 16, 2020 Enterprise EDR DSER-20579

Clicking an Investigate table row that’s currently in-view in the right pane resulted in a right pane disappearing.

December 16, 2020 Enterprise EDR DSER-28966

Report Hits section of Process Analysis was generating bad links to the Enabled Watchlists page.

December 16, 2020 Cloud Forwarder DSER-28709

Translate Script Load fields on ModLoad events

December 16, 2020 Cloud Forwarder DSER-28464

Removed dc_ prefix from alert forwarder device control fields.

December 16, 2020 Cloud Forwarder DSER-27381, DSER-27382, EA-17218

Alert Forwarder: Additional tooling to prevent corrupted gzipped files from being sent to S3. Prevent empty files from being sent to S3.

December 16, 2020 Cloud Forwarder DSER-27088

Update Alert Forwarder to deliver DC alerts.

December 7, 2020 All DSER-28453

Removed deprecated subroles from the Roles panel:

  • Dismiss VMware Alarms
  • Initiate VMware Remediations
  • Manage VMware Registration
  • View Virtual Assets
  • View VMware Remediations
December 7, 2020 Endpoint Standard DSER-27986

Non-printable Unicode characters are no longer inserted in display fields for improved line breaking.

December 7, 2020 Endpoint Standard DSER-28792

Could not reset default filters on the Alerts page.

December 7, 2020 Endpoint Standard DSER-28400

Fixed a navigation bug for MSSP users.

December 7, 2020 Endpoint Standard DSER-28665

Improved the display of the Dashboard top alert widgets.

December 7, 2020 Audit and Remediation DSER-28043

Fixed an error when closing a Live Response session through the End my session button.

December 7, 2020 Workloads DSER-27819

Console enhancements based on feedback from beta customers and user research for vulnerabilities:

  • Risk panel now shows some fields that depict whether the vulnerability is exploitable as showing values Yes or No instead of TRUE or FALSE.
  • Fixed clickable values by column (currently only Windows vulnerabilities have a clickable link). 
  • For VMs with unsupported OS for vulnerability but have a Carbon Black sensor installed, a message indicates that vulnerable data is not available due to an unsupported OS version.
December 7, 2020 Workloads DSER-27954 Windows counts are now displayed in graphs for affected assets as well as product vulnerabilities.
December 7, 2020 Workloads DSER-27901

Added total vulnerability count description in the Learn More panel.

The following text is the first line in Learn MoreCheck total vulnerabilities for a count of all vulnerabilities across all VM workloads and products (OS, apps, versions).

November 23, 2020 All DSER-28363 When Policy Rules are displayed in Firefox, line breaks are now correctly used to separate the rules.
November 23, 2020 Endpoint Standard DSER-28113 The in-product Search Guide now correctly displays the available fields for the VMware Carbon Black Cloud product combinations deployed within an organization, for example, Endpoint Standard or Endpoint Enterprise (includes Enterprise EDR).
November 11, 2020 All DSER-12863 Enabled processing of events generated by sensors when malicious files have been detected and removed.
November 11, 2020 All DSER-27526 num_available field is now available in V6 Alert API, matching other APIs.
November 11, 2020 All DSER-26079 The Alerts page search now correctly handles uppercase watchlist names.
November 11, 2020 Endpoint Standard DETECT-2082, EA-17292 The Endpoint Standard sensor was correctly blocking malware from running and the cloud detection analytics were correctly generating an alert, but the alert did not have the correct ThreatCategory of KNOWN_MALWARE.
November 11, 2020 Audit and Remediation DSER-27523 Fixed CBLR Get File timeout errors that were generated while downloading large files.
November 11, 2020 Audit and Remediation DSER-27430 Support for latest stable version of osquery: 4.5.0.
November 11, 2020 Audit and Remediation DSER-27431 New recommended queries using new osquery 4.5.0 tables.
November 9, 2020 Enterprise EDR DSER-27092 Certain fileless_scriptload events could crash the Process Analysis page.
November 9, 2020 Enterprise EDR DSER-28126 The confirmation dialog did not automatically close after a successful request to apply a watchlist to historical data.
October 26, 2020 All DSER-27592 Updated the policy test query to ensure that consistent counts are produced.
October 26, 2020 All DSER-12863 Improved handling of registry auto-delete events.
October 26, 2020 All DSER-27523 Improved handling of very large file downloads via LiveResponse.
October 14, 2020 All LC-406 At the end of multi-line search queries in the Investigate search bar, the cursor insertion point was not displayed in the same place as edits.
October 14, 2020 All DSER-27394 Incorrect error message on alert dismissals.
October 14, 2020 All DSER-27012 Endpoint Standard and Enterprise EDR: Times displayed in the Alert Triage page showed current times for Process Start times.
October 14, 2020 Endpoint Standard DSER-26679 The Investigate page did not show the Selected App option when searching by hash.
October 14, 2020 All DSER-26588, EA-16942 Notification time converter used hours instead of minutes.
October 14, 2020 All DSER-21619 We have reworked the Policy Preview/Operation Attempt search buttons on the Policies page.
October 14, 2020 All LC-113 Facet searches did not return complete data.
October 14, 2020 All DSER-26686 IPv6 addresses of Local IP and Remote IP for Netconn event on investigate are now displayed in the correct order.
October 14, 2020 All DSER-14687 Proper cleanup session when connector/keys are deleted through the CSR user interface.
October 14, 2020 Audit and Remediation DSER-27001, EA-17147, EA-17148 Live Query > Query Results > Scheduled tab did not display data.
October 12, 2020 Endpoint Standard DSER-26998 On the Investigate page, Enriched Events tab > Applications sub-tab, the Delete application action was not available.
October 12, 2020 Enterprise EDR DSER-27437 Fixed process analysis alert integration.
October 12, 2020 Enterprise EDR DSER-27341 Users could only investigate the first query in a multi-query IOC.
September 28, 2020 All DSER-26162 In the Prevention tab on the Policies page, custom applications now allow commas in the path name.
September 28, 2020 Enterprise EDR LC-418 Process Summary v2 API endpoint was missing some process_guid entries in the siblings category.
September 28, 2020 Enterprise EDR LC-417 Process Summary v2 API endpoint was missing some expected fields such as has_children and hits.
September 28, 2020 Enterprise EDR LC-60 On the Process Analysis page and /events/ API endpoint, searching for alert_id values for CB Analytics alerts failed.
September 28, 2020 Enterprise EDR DSER-27199 Submitting a query on the Watchlist Investigate page disabled the left nav.
September 21, 2020 Enterprise EDR DSER-26653 In Watchlists pages, query IOCs did not have color-coded syntax highlighting.
September 21, 2020 Enterprise EDR DSER-26462 On the Investigate page, when a user typed - or + and then accepted a suggested search field name, the - or + character was removed.
September 21, 2020 Enterprise EDR LC-60 Searching on alert_id did not work the same way for Process Analysis (and /events/) as it did for Alerts and Investigate.
September 21, 2020 All DSER-26832 Concurrent database updates blocked each other and resulted in increased latency when processing status messages.
September 21, 2020 All DSER-23258 IP used for audit logging was incorrectly pulled from http header.
September 21, 2020 All DSER-21735 Users with View and Manage API Keys roles could not manage API keys.
September 21, 2020 All DSER-9895 First Admin in an Org Default Role was set to Admin instead of Live Response Admin.
September 21, 2020 All DSER-5907 Admins for a deregistered org could still login to the console.
September 21, 2020 All DSER-24470 Improved user interface for Confirm vs. Save on the Policy page.
September 21, 2020 Audit and Remediation DSER-25134 Running execfg in Live Response returned a write permission error when a command did not result in characters being written to stdout/stderr.
September 21, 2020 Audit and Remediation DSER-25265 Queries that returned a permissions column caused an error on the Query Results page.
September 21, 2020 Enterprise EDR DSER-26583 Some search fields were not properly highlighted on the Investigate search bar.
August 31, 2020 All DSER-26275 Improved error message on upload reputation failures.
August 31, 2020 Enterprise EDR LC-420 Investigate page submit button did not submit search with page defaults.
August 31, 2020 Enterprise EDR DSER-26465 Using arrow keys to select a suggestion replaced the search bar content.
August 31, 2020 Enterprise EDR DSER-26473 When a user deleted a Watchlist from the Watchlists page, the console showed a persistent progress bar.
August 31, 2020 Enterprise EDR DSER-26475 Links from the Investigate page to Process Analysis did not always load the Process Analysis page.
August 31, 2020 Enterprise EDR LC-105 API requests to update reports in a watchlist returned an HTTP 500 error if the value of a new report ID matched an old report ID.
August 21, 2020 All DSER-11426 IP addresses are selectable on the Alert Triage page.
August 21, 2020 All DSER-26171 Fixed broken hyperlinks for scriptload event hash on the Process Analysis page.
August 21, 2020 Enterprise EDR DSER-20308 Crossproc searches for crossproc_target:(true,false) returned the same results.
August 21, 2020 Enterprise EDR DSER-21992 In the Investigate search bar, the cursor insertion point did not display in the same place as edits at the end of multi-line search queries.
August 21, 2020 Enterprise EDR DSER-25762 The v2 Events Facet Search API endpoint always returned num_found: 0.
August 21, 2020 Enterprise EDR DSER-25797 On the Investigate page, the Submit button did not submit a search when no selections were made.
August 17, 2020 All DSER-25564 Endpoints page showed the old policy name instead of the new policy name when a policy change was pending.
August 17, 2020 All DSER-25427 HTML SPAN tags were improperly displayed in the console dialogue box.
August 17, 2020 All DSER-8707 The portscan TTP was not available in Add Notification.
August 17, 2020 All DSER-25731 The Release Notes link was outdated.
August 17, 2020 All DSER-25371 Internal and external device IPs were not set correctly for enriched events.
August 17, 2020 All DSER-10380 Dashboard layout and feedback routes are fixed.
August 17, 2020 All DSER-25648 Changes made to Alert Type in the Notification Configuration page were not saved.
August 17, 2020 All DSER-25675 Alerts API generated a poorly formatted response.
August 17, 2020 All DSER-20311, DSER-25468 The Policy permission page let you click the Save button without clicking the Confirm button.
August 17, 2020 All DSER-25796 "An error occurred - please refresh the page" message displayed when accessing the Investigate tab.
August 17, 2020 All DSER-25124 Live Response file upload from sensor failed when the content was zero bytes.
August 17, 2020 All DSER-22828 Exporting data from the Endpoint Health widget now returns the Last Contact Time so that it is consistent with the export from the Endpoints page.
August 17, 2020 All DSER-19509 CBLR put command appeared to hang indefinitely if the target directory did not exist or if the file already existed.
August 17, 2020 All DSER-22632 A Live Response session could hang while uploading a file.
August 17, 2020 All DSER-24976 The Endpoint OS filter did not apply to exports.
August 17, 2020 All DSER-20901 Added an audit log entry for SAML login configuration change.
August 17, 2020 All DSER-23790 The Endpoints page incorrectly displayed an endpoint user-initiated sensor bypass as an Admin action.
August 17, 2020 Endpoint Standard DSER-21979 The console showed different target values for machines in the same policy.
August 17, 2020 All DSER-18900 The backend did not honor the sensor policy that was specified in cfg.ini.
August 17, 2020 All DSER-25432 Deleting a user in the console did not delete the Google Auth Token.
August 12, 2020 Enterprise EDR DSER-14758 Searching by device_internal_ip returned no results for Enterprise EDR-native events on the Investigate page.
August 12, 2020 Enterprise EDR DSER-22952 Searching on the events area of Process Analysis now has the same validation experience as the Events tab of the Investigate page.
August 3, 2020 All EA-14505, EA-13452, DSER-16563 Dashboard Export All feature sometimes timed out.
August 3, 2020 Endpoint Standard DSER-25480 The Test Rule query from the Policies page was passed to the Investigate page with double quotes, thereby resulting in zero results.
July 23, 2020 All DSER-25648, EA-16738 On the Notifications configuration page, some notification changes made to certain filters were not being saved.
July 23, 2020 All CWP-2422 The Endpoints page displayed under Inventory in the left navigation pane.
July 21, 2020 Enterprise EDR DSER-18853 Watchlist bulk report /ignore API errors appeared if too many reports were requested. This caused the Watchlists page to show cryptic errors on Watchlists with a large number of reports.
July 21, 2020 Enterprise EDR DSER-19364 Process tree API sometimes returned an empty reply, causing 502 errors. This also caused the Process Analysis page to report 502 errors.
July 21, 2020 Enterprise EDR DSER-24803 Process tree API returned 502 error for non-existent process_guid, rather than 404 error.
July 21, 2020 Enterprise EDR DSER-25099 Investigate queries with '=' character did not successfully search.
July 21, 2020 Enterprise EDR DSER-25146 /events/_search API with cb.fields parameter returned reputation data in non-reputation fields.
July 21, 2020 Enterprise EDR DSER-25158 The process_cmdline and parent_name fields did not return when requested using the cb.fields parameter on Process Search v2 API.
July 21, 2020 Enterprise EDR DSER-25223 Investigate page did not properly highlight multiple values for a single query term such as process_name:(A OR B OR C).
July 16, 2020 All DSER-23567 Subnet sensor group assignment failed when endpoint IP changed.
July 16, 2020 All DSER-11099 Alert comment was not saved when the comment contained 198 or more characters.
July 16, 2020 All DSER-24664 Dashboard exports had missing reports.
July 16, 2020 All DSER-24719 Reputation did not appear for events on the Investigate page.
July 16, 2020 Enterprise EDR DSER-25099 Fixed an issue where we weren’t URL-encoding queries when linking to Investigate.
July 16, 2020 Enterprise EDR DSER-25223 Field names were highlighted when they weren’t being used as field names.
July 16, 2020 All DSER-21621, EA-15928 Option to move Linux sensors into a sensor group was not successful.
July 16, 2020 All DSER-21622 A duplicate API key name error occurred on the API Access page, despite there being no duplicate API key name.
July 16, 2020 All DSER-24857 Alert triage links did not always open.
July 16, 2020 All DSER-24719 Process reputation did not always appear on the Investigate page.
July 16, 2020 All DSER-24146 Fixed time filters when filtering by time in alert searches via API.
July 16, 2020 All DSER-23123 Links in alert notifications for an org belonging to an MSSP will now bring the user to the relevant org, not the MSSP org.
July 16, 2020 All DSER-22649 Added severity as an option for all notification types.
July 16, 2020 All DSER-22217 Dashboard widgets alert counts are now consistent.
July 16, 2020 All DSER-21365 Dismiss alert comments were not getting added to Notes.
July 16, 2020 All DSER-20897 Query issue fixed for export of audit log and reputation.
July 16, 2020 All DSER-19125 Alerts with more than 198 characters can now be dismissed without error.
July 16, 2020 All DSER-17409 Alert count discrepancies between dashboard widget and alerts page are fixed.
July 16, 2020 All DSER-16912 Missing application name issue is resolved.
July 16, 2020 All DSER-23776 Sensor Upgrade Service allows multiple in-progress jobs.
July 16, 2020 All DSER-22490 Accordion on the Jobs page includes job details.
July 16, 2020 All DSER-21572 Allow bulk deletion of uninstalled endpoints from the Endpoints page.
July 16, 2020 All DSER-24129 Sensor was not being evicted from conferDeviceToOrgCache.
July 16, 2020 All DSER-24703 MSM did not report sensor group_set.last_process_time when an error occurred on processAll.
July 16, 2020 CB Defense DSER-19980 Could not re-add email address to the console users.
July 16, 2020 CB ThreatHunter DSER-16278 Watchlists page had no timeout on the hits queries.
July 16, 2020 CB ThreatHunter DSER-19041 HTTP 403 responses did not have a useful search bar message.
July 16, 2020 CB ThreatHunter DSER-19132 Report search feature of Watchlists page left table rows selected when submitting a new search.
July 16, 2020 CB ThreatHunter DSER-19364 Process tree API sometimes returned an empty reply, causing 502 errors.
July 16, 2020 CB ThreatHunter DSER-20386 /status and /results routes of the Search API disagreed on progress counts.
July 16, 2020 CB ThreatHunter DSER-20671 Process analysis tree did not indicate when it displayed partial results.
July 16, 2020 CB ThreatHunter DSER-20957 Fixed error notification on Enabled Watchlists page that occurred when a report had been deleted but its ID remained in the selected watchlist.
July 16, 2020 CB ThreatHunter DSER-22191 Search by Enterprise EDR watchlist Alert ID did not return any results.
July 16, 2020 CB ThreatHunter DSER-23960 The Process Analysis page did not always load, and returned a 502 or 504 error code.
July 16, 2020 CB ThreatHunter DSER-24738 The Process Analysis page requested multiple alert IDs from a single alert lookup API.
July 6, 2020 CB LiveOps EA-16055, DSER-24727 In cases where the initial set of active devices is low (for example, during off-hours), a query might have completed too early and eligible devices would not run the query. Previously, eligible devices whose last contact time was within the last 2 hours were examined. This window is extended to the last 7 days.
July 6, 2020 CB LiveOps EA-16525, DSER-24962 Timeout errors when attempting to export Live Query results from the console or API.
July 6, 2020 CB ThreatHunter DSER-18962 Could not add all reports to Watchlist when > 10,000 Reports.
July 6, 2020 CB ThreatHunter DSER-20957 Reports were missing in custom watchlists, with an error.
July 6, 2020 CB ThreatHunter DSER-22191 Search by Enterprise EDR watchlist Alert ID did not return results.
July 6, 2020 CB ThreatHunter DSER-22928 On the Investigate page, buttons next to each search result required two clicks to switch to the intended page.
July 6, 2020 CB ThreatHunter DSER-23249 Process Analysis did not show all childprocs in the tree diagram.
June 22, 2020 CB Defense DSER-24268 The number of times a hash has been seen in your org has returned to appropriate take action pop-ups with a more accurate description.
June 22, 2020 CB Defense DSER-24261 Refreshing the Alerts Triage page sometimes generated an error.
June 22, 2020 CB LiveOps DSER-24676 On the individual Query Results page > Results tab, the table columns overlapped if column names were long.
June 22, 2020 CB ThreatHunter DSER-24056 Clicking the event count link on the Applications tab under the Enriched Events tab on the Investigate page did not always reload the page correctly.
June 22, 2020 CB ThreatHunter DSER-24675 Executing multiple favorite searches in a row did not always work as expected.
June 11, 2020 All DSER-21975 The console failed to terminate a user’s session after being inactive for 60+ minutes. Users are now logged out after 60 minutes of inactivity.
May 26, 2020 CB LiveOps DSER-23553 The Live Query Results email was confusing and out of date with the content in the console.
May 26, 2020 CB LiveOps DSER-23408 Live Query CSV Export feature failed if all result fields for a given query did not have the same number of columns.
May 26, 2020 CB ThreatHunter DSER-23579 Search more accurately returns results that match the specified time window because it is now using the timestamp when the sensor observed the event.
May 20, 2020 CB LiveOps DSER-12847 Using the Duplicate feature on the individual Query Results page caused filters to disappear.
May 20, 2020 CB LiveOps DSER-17777 When the Show new results bar is clicked to refresh results, expanded facets aren't updated.
May 11, 2020 All DSER-23479 Linux sensors could not be uninstalled from the console.
May 11, 2020 CB LiveOps EA-14906, DSER-18241, DSER-23576 The Go Live button was occasionally missing from the Alert Triage page.
May 11, 2020 CB LiveOps DSER-23443 Stopped results count disappeared from the Query Results page.
May 11, 2020 CB LiveOps DSER-22975 The footer on the Query Results page table was not attached to the page and required you to scroll to access pagination.
May 11, 2020 CB LiveOps DSER-19327 One-Time and Scheduled tables displayed Showing 0-x of y in the footer, instead of starting the pagination with 1.
May 11, 2020 CB LiveOps EA-15080 Infrequent intermittent 404 errors occurred when running Live Response commands to retrieve data from an endpoint and when trying to run a vbscript.
May 11, 2020 CB LiveOps TR-4666 The case statement in the “Verify RDP Status” compliance query was backwards. The query should return “ENABLED” if RDP is Enabled, and “DISABLED” if RDP is Disabled.
May 11, 2020 CB LiveOps EA-16096, DSER-23206 Timeout errors occurred when attempting to download a large CSV of Live Query results from the console or API. CSVs that were downloaded often only contained a partial or incomplete result set.
May 11, 2020 CB ThreatHunter DSER-17465 Right pane on the Investigate page sometimes missed process command line data.
May 11, 2020 CB ThreatHunter DSER-23189 Calling the cancel search API endpoint returned an HTTP 404 response.
May 11, 2020 CB ThreatHunter DSER-23374 When a search field was preceded with a "-" character, the Investigate page did not suggest possible values for that field.
April 30, 2020 All DSER-20723, DSER-20725 Update Sensors window displays only the platforms that are applicable to the user’s endpoint selection.
April 27, 2020 CB ThreatHunter DSER-22687 Button from watchlist Alerts to Investigate page included redundant fields.
April 22, 2020 All DETECT-1521 R_DROPPED_PUP TTP with incorrect reason is fixed.
April 22, 2020 All DETECT-1544 Target app blacklist alert description was using the incorrect process name.
April 22, 2020 All DETECT-1524 Spearphishing MITRE TID TTP is more selective.
April 22, 2020 CB Defense DSER-22319 On the Investigate page, the Target Command Line is now included in free text search.
April 22, 2020 CB Defense DSER-22841 Users without certain permissions could not see a sensor’s policy name on the Endpoints page.
April 22, 2020 CB LiveOps DSER-17138 Notifications dropdown was missing from Audit- and Remediation-only organizations.
April 22, 2020 CB LiveOps DSER-23210 Individual query results page stretched horizontally with long SQL as the query name.
April 22, 2020 CB ThreatHunter DSER-23152 Watchlists page did not show the enabled watchlists after editing an enabled watchlist.
April 13, 2020 CB Defense DSER-22856 Options that are not available for Linux endpoints on Endpoint Standard are hidden from dropdown menus when a Linux endpoint is selected.
April 13, 2020 CB Defense DSER-22857 The Linux icon was missing from the Known malware category on the Policies page.
April 13, 2020 CB LiveOps DSER-23008 Re-running a query from the one-time table did not update the table to show the new run, and required a refresh of the whole page.
April 13, 2020 CB ThreatHunter DSER-22259
Deselecting filter values caused unselected categories to disappear on the Investigate page.
April 9, 2020 All DSER-16395 Checkboxes on the Endpoints page remained checked after the action was taken.
April 9, 2020 CB LiveOps DSER-22696 The Query Exchange link redirected to the old Query Hub on the User Exchange.
April 9, 2020 CB LiveOps DSER-22690 Attempting to run a query on an endpoint that had not checked in within two hours appeared to do nothing. An HTTP 400 error code “Incompatible Query” was issued.
April 9, 2020 CB ThreatHunter DSER-19026 The Process Analysis tree did not render when there were too many child processes.
April 9, 2020 CB ThreatHunter DSER-21829 Report was not created on PUT to /feedinfo if Feed had existing Reports.
April 9, 2020 CB ThreatHunter DSER-22612 The Investigate button on the Alerts page did not include the alert_id for the Alert that was being investigated.
April 9, 2020 CB ThreatHunter DSER-22676 Watchlists detections did not handle escaped ":" character in query IOCs.
April 1, 2020 All DSER-21496 Fixed misaligned tables when printing the User Guide.
April 1, 2020 All DSER-16164 Clicking on the link in an email brought you to the Investigate page with no results.
April 1, 2020 All DSER-20412 Removed hash count from associated Take Action actions on the Alert Triage page.
April 1, 2020 CB Defense N/A The alert description was missing contextual information.
April 1, 2020 CB Defense DSER-21898 Process name in TTP lists did not render properly in some scenarios.
April 1, 2020 CB Defense DSER-21982 TTPs did not always align properly in narrow browser windows.
April 1, 2020 CB LiveOps DSER-21909 Live Query Standalone only: Under Settings, you could navigate to the API Keys page and enable the LQ APIs.
April 1, 2020 CB ThreatHunter DSER-22114 Search bar colors for syntax highlighting on the Investigate page did not meet accessibility standards.
March 5, 2020 CB Defense EA-15848 An update to a detection involving rundll32.exe editing registry keys resulted in an unexpected false positive to true positive ratio. A fix was deployed to refine the detection; however, it took longer than expected for alerts to return to historical levels. Alerts have now returned to historical levels for false/true positives.
March 2, 2020 CB LiveOps DSER-21601 The Schedule button on the Live Query Schedule pane from Recommended Queries now has a loading state.
March 2, 2020 CB LiveOps DSER-13256 When trying to rerun a query that is targeted to run on a deregistered device, the Rerun button now returns an error.
March 2, 2020 CB ThreatHunter DSER-21338 Process Analysis tree did not display a red Denied shield icon on the parent node that attempted to run a blocked process.
February 18, 2020 CB ThreatHunter DSER-18129 The search_validation API endpoint returned a 200 HTTP response on internal server error.
February 18, 2020 CB ThreatHunter DSER-19463 ProcessCard on the Investigate right pane concatenated multiple policy actions into one word.
February 18, 2020 CB ThreatHunter DSER-20505 Editing a watchlist in the Watchlists pages removed Reports if there were more than 50 reports.
February 18, 2020 CB ThreatHunter DSER-21423 Fixed 502 Bad Gateway on the Investigate page when sorting on count fields with certain queries.
February 3, 2020 All DSER-19197 Users could not print more than one page in the User Guide when the guide was opened in full screen mode.
February 3, 2020 CB ThreatHunter DSER-19242 On the Process Analysis page, crossproc event text was not always accurate.
February 3, 2020 CB ThreatHunter DSER-21364 Watchlists now support CIDR notation in the netconn_ipv4 field for IOC_V2 of match_type = equality.
January 30, 2020 All DSER-16376 Could not add Linux Sensors into sensor management groups.
January 30, 2020 CB ThreatHunter DSER-19026 Process Analysis tree did not properly render with multiple child processes.
January 30, 2020 CB ThreatHunter DSER-20681 The primary process was changing to the selected node on the Process Analysis page.
January 30, 2020 CB ThreatHunter DSER-20868 The "execution of cmd from a non-standard path" Watchlist Report was missing a colon character in a term's value.
January 30, 2020 CB ThreatHunter DSER-20912 PID appeared in the Signature component of the Investigate and Process Analysis pages.
January 30, 2020 CB ThreatHunter DSER-21144 Some feeds showed on the Add Watchlists page for already-subscribed feeds.
January 21, 2020 CB Defense DSER-20521 Threat Reports widget investigated all available time frame.
January 21, 2020 CB Defense DSER-21142 Threat Reports widget was not available in EU and APJ.
January 21, 2020 CB Defense DSER-20445 The “Beta” label is removed from the Roles page. Roles is no longer in a state of Open Beta, and is fully functional and available for all customers.
January 21, 2020 CB LiveOps DSER-20654 Exporting a CSV of Live Query results produced an "Out of Memory" error, and the download failed when attempting to download a large amount of data.
January 21, 2020 CB ThreatHunter DSER-20220 Value search queries on Investigate or Process Analysis pages displayed an error when new fields were introduced.
January 21, 2020 CB ThreatHunter DSER-20180 Process Analysis page shows "+" icon on tree nodes that, when clicked, did not show any child nodes.
January 9, 2019 CB ThreatHunter DSER-20679 On the Investigate page, long-running facet population queries resulted in an inability to see search results.
December 9, 2019 CB ThreatHunter DSER-20085 On the Endpoints page, the sig pack update status column is redundant for CB ThreatHunter stand-alone customers.
December 9, 2019 CB ThreatHunter DSER-19972 On the Process Analysis page, while the Events table was being updated with additional data, user-expanded event details were closed within 2 seconds.
December 4, 2019 All DSER-20251 Usability improvements to the Threat Reports widget.
December 4, 2019 All EA-12527,
DSER-16103
The incorrect IP was being shown in the Audit log.
December 4, 2019 CB Defense DSER-20153 Clearing the filters on the left panel for alerts also cleared the search criteria.
December 4, 2019 CB Defense DSER-15937 Application name was not shown in the policy impact panel in some cases.
December 4, 2019 CB LiveOps EA-15013, DSER-18897 Searching for a complete device name using the endpoint selector on the New Query page was not working correctly when the device had a backslash or hyphen in the name.
December 4, 2019 CB LiveOps EA-15013,
DSER-18895
On an individual query result page, navigating from the Devices tab to the Results tabs via the Results Matches table link returned no results.
December 4, 2019 CB LiveOps DSER-19889 Clicking Result count on the Devices tab returned an error message.
December 4, 2019 CB ThreatHunter DSER-13274 The Clear button on the Process Analysis page changed case on the Firefox browser when a filter was applied.
December 4, 2019 CB ThreatHunter DSER-11751 Long process names caused the selected node panel to have a horizontal scroll bar.
December 4, 2019 CB ThreatHunter EA-13266 Dismissed watchlist alerts re-appeared.
November 25, 2019 CB Defense DSER-19496 Include Dismissed Alerts and Group Alert filters were not accounted for in the Dashboard CSV export.
November 25, 2019 CB Defense DSER-19878 400 errors appear on the Network tab on the Alerts page.
November 25, 2019 CB Defense DSER-19959 After drilling down on an alert on the Investigate page, changing alerts sometimes showed the wrong alert on the Alert Triage page.
November 25, 2019 CB Defense DSER-20058 Counts in the filter panel and header on the Alerts page did not update after alerts were dismissed.
November 25, 2019 CB Defense DSER-20242 Filtering by a custom time window twice caused filters to not update as expected.
November 25, 2019 CB LiveOps DSER-19966 Endpoint query selection is persistent between new queries even after navigating away from the page. This affected both the Recommended and the SQL Query tabs.
November 25, 2019 CB LiveOps DSER-19889 Clicking the Result count from the Devices tab resulted in an error toast message for devices that had “\u” in the name.
November 25, 2019 CB LiveOps DSER-19763 Rare edge case where individual query results page crashed when loading Query Details.
November 25, 2019 CB ThreatHunter DSER-20114 The search value for process_cmdline searches can now include the "&" character.
November 11, 2019 All DSER-19853 Selecting a device name from the Investigate page or Endpoints page did not filter the results, or only filtered results temporarily. A related KB article describes the issue, cause and resolution.
November 11, 2019 All DSER-19774 Clicking the Help icon on the Investigate page caused the page to stop working and required a reload.
November 11, 2019 CB Defense DSER-19660 Dashboard counts update as expected when alerts are dismissed.
November 11, 2019 CB Defense DSER-19820 Simultaneously dismissing multiple alerts now works as expected.
November 11, 2019 CB Defense DSER-19635 The Delete Application button is restored to the Investigate page.
November 11, 2019 CB Defense DSER-19641 Notes for grouped alerts now only show on the grouped alert.
November 11, 2019 CB LiveOps DSER-19720 Fixed a number of minor user interface issues and inconsistencies on the individual Query Results page.
November 11, 2019 CB LiveOps DSER-17956 Opening the User Guide on various CB Live Response and Live Query pages redirected to the User Guide Table of Contents instead of to the relevant User Guide page.
November 11, 2019 CB LiveOps DSER-18971 Running a command with long outputs caused the Live Response console window to overlap with other elements on the page, and display other scrolling behavior oddities. This only affected the most recent versions of Chrome.
November 11, 2019 CB LiveOps EA-14547, DSER-19612 The Go Live button was sometimes disabled when logging into the console from some devices. The Go Live button is no longer disabled if a page is left idle for more than ten minutes.
November 11, 2019 CB ThreatHunter DSER-19158 Translate API added escape characters to pre-escaped backslash and wildcard characters.
November 11, 2019 CB ThreatHunter DSER-19368 When clicking links to the Investigate page under certain circumstances, you were directed to /cb/investigate/events instead of /cb/investigate/processes.
October 28, 2019 CB ThreatHunter DSER-17129 Filemods on the Process Analysis page do not display hash of file. 
October 23, 2019 CB ThreatHunter DSER-18170 On the Process Analysis page, netconn events are reporting "Connection Direction: Outbound" for both inbound and outbound netconns.
October 23, 2019 CB ThreatHunter DSER-19158 In the Convert Legacy Query API endpoint, any value for the field that converts to process_cmdline which includes backslashes to escape are incorrectly escaped again.
October 23, 2019 CB ThreatHunter DSER-18966 The Process Analysis table now default sorts in ascending order.
October 23, 2019 CB Defense EA-14551
DSER-19108
Binary details were missing from the Alerts Triage side panel in some instances.
October 23, 2019 CB Defense DSER-16406 Process count in the Rule Preview on the Policies page is different from the Investigate results count.
October 23, 2019 CB Defense DSER-19392 TTPs now display in the Enriched Events side panel on the Investigate page.
October 23, 2019 CB Defense DSER-12250 The notifications indicator makes it clear which notifications are read or unread.
October 23, 2019 CB Defense DSER-18844 On the Endpoints page, clearing search now fully clears all parameters.
October 23, 2019 All DSER-17187 Add to Blacklist and Add to Whitelist modals now show consistent data in all pages.
October 14, 2019 CB ThreatHunter DSER-11445 Hovering the mouse on a Investigate search filter hides the percentage values.
October 14, 2019 CB ThreatHunter DSER-16083 When editing a watchlist name or description on the Watchlists page, if the backspace key is used to delete the entire entry, the entry is rewritten to the original value. This happens if the input is highlighted and deleted or if the backspace key is held.
October 14, 2019 CB ThreatHunter DSER-17544 On the Investigate page, a parent process in the right panel sometimes randomly shows counts.
October 14, 2019 CB ThreatHunter DSER-18863 The UI does not always respect API validation success.
October 7, 2019 CB LiveOps DSER-18859, EA-15013 On the Results tab of the Results page, searching for an endpoint with a \ in the name returned no results.
September 30, 2019 CB LiveOps DSER-18858 Intermittent issues where Go Live was disabled on the Endpoints page for some console users but not others, independent of the Internet browser.
September 30, 2019 CB LiveOps DSER-18259 Devices tab on the Results page produced an error when navigating to a stopped query.
September 30, 2019 CB ThreatHunter DSER-17944 Clear search button cleared just the search bar and not selected filters on the Investigate page.
September 30, 2019 CB ThreatHunter DSER-17417 If HTML special characters (&, =, etc.) were used in a query, clicking the Investigate icon from the IOC page truncated the query.
September 30, 2019 CB ThreatHunter DSER-16760 Hits popover in Investigate page displayed invalid date and no metadata.
September 18, 2019 All DSER-16531 In rare instances, the sensor did not receive the latest policy information from the backend.
September 18, 2019 CB Defense DSER-15901 An internal server error was returned when adding a Connector with a special character, or when the first word matched an existing Connector.
September 18, 2019 CB ThreatHunter DSER-13271 No field descriptions/examples existed in many suggestions for search fields on the Process Analysis page.
September 18, 2019 CB ThreatHunter DSER-15532 Searching on the Process Analysis page with a negated field yielded no results.
September 18, 2019 CB ThreatHunter DSER-16190 The device_policy field was not always populated in API data or investigate filters.
September 18, 2019 CB ThreatHunter DSER-17643 When clicking into the Investigate search field, the user had to click in the vertical center to get focus.
September 18, 2019 CB ThreatHunter DSER-17341 Investigate search bar was not correctly color-coding certain fields.
August 30, 2019 CB ThreatHunter DSER-17542 Paths with leading / or \ in facets work when selected.
August 5, 2019 CB LiveOps DSER-13859 Filters on the Results page sporadically disappeared when selecting a device filter that resulted in non-matching or error devices.
August 5, 2019 CB ThreatHunter DSER-14758 Searching by device_internal_ip returned no results for CB ThreatHunter-native events on the Investigate page.
August 5, 2019 CB ThreatHunter DSER-15767

When the PSC had no recent data for your organization, the Enabled Watchlistspage displayed an unhelpful error. The error now reads "No hits available for past 3 days".

August 5, 2019 CB ThreatHunter DSER-16153

Improved the accuracy of the Process Start Time that the Process Analysis page reports.

August 5, 2019 CB ThreatHunter DSER-16482

Add Query to Watchlist gave an error when certain characters existed in search field values.

August 5, 2019 CB ThreatHunter DSER-17060

Event counts on the Processes right pane shows as "---", not "0", for the enriched data stream.

August 5, 2019 CB ThreatHunter DSER-17451 In some situations, the bottom pagination bar on the Process Analysis page did not load.

 

0 Kudos
Comments

Fixed Issues tab updated on November, 23, 2020.

Article Information
Author:
Creation Date:
‎09-09-2020
Views:
74464