Symantec Stargate Engine release notes for Symantec Messaging Gateway (SMG).
**This Knowledge will only contain information on the Stargate version that applies to SMG, so basically anything that does not apply to SMG will not be listed.**

The StargateEngine is shared by a variety of products, as described below, but not all products have the same version applied to them.

**This Knowledge will only contain information on the Stargate version that applies to SMG, so basically anything that does not apply to SMG will not be listed.**

Products sharing the engine:    

• Email Security Services (ESS) 
• Symantec Messaging Gateway (SMG) 
• Content Analysis (CA) 
• Web Security Services (WSS)
• Advanced Secure Gateway (ASG)
• CloudSoc (CASB) 
• Symantec Web Isolation 
• Symantec Protection Engine for NAS Storage (SPE for NAS) 
• Symantec Protection Engine for Cloud Services (SPE for CS) 
• Symantec Protection for Sharepoint Services (SPSS)
• Cloud Workload Protection Storage (CWPS)
• Symantec Mail Security for Microsoft Exchange (SMSMSE) 
• SymClass
• Cynic 
• Link Following 
• Industrial Control System Protection (ICSP) 
• CloudScape 
• Data Center Security Server (SVA)
• Data Center Security Server Advanced (DCS:SA)
• Symantec Endpoint Protection for Linux (SEPFL)
• Cloud Workload Protection (CWP)

• Enhanced Disarm and Reconstruction memory management for large files
• Added Virtual Hard Disk (VHD and VHDx) archive extraction to defend against Qakbot Ransomware attacks 
• Augmented File Insight security against malicious Portable Executables with appended data or Portable Executable files signed with Elliptic Curve Cryptography (ECC) 
• Improved URL-based security with added risk levels for Email Security Service
• Added true file type identification for Enhanced Metafile (EMF) and Apple Double file formats
• Continuous Hardening and Quality improvement

Stargate Engine: Stargate 8.1.0

• Added Virtual Archive Extraction to defend against Qakbot Ransomware attacks 
• Augmented protection against maliciously signed Mach Object (Mach-O) file formats 
• Improved scan time performance for non-cached PE and MSI file formats by 7%
• Added true file type identification for  Windows Shortcut (LNK), Executable and Linkable Format (ELF), HyperText Markup Language (HTML), and Dalvik Executable (DEX) file formats
• Added tenant-aware foundation for future finer policy control 
• Continuous Hardening and Quality improvement

Stargate Engine: Stargate 8.0.2

• Added true file type identification for Universal Disk Format (UDF) file formats
• Enhanced file reputation-based cloud protection by including file signer information
• Hardening and Quality improvement

Stargate Engine: Stargate 8.0.1

• Introduced confidence levels for file type identification and augmented type identification coverage
• Added ability to extract LZIP formatted archives
• Enhanced XZ archive extraction for highly compressed lzma2 XZ files
• Improved machine learning models with new .NET modules to detect existing and new .NET threats resulting in overall 5.4M+ blocking events per month
• Updated scoring framework for better correlation across various features of a file, improved efficacy for .NET packed threats and NSIS packed threats, generating 2.5M+ blocking events per month
• Introduced new Excel 4.0 Emulation to detect important threat families like Emotet. Excel 4.0 Emulation module results in 1.8M+ blocking events per month
• VBA macro Emulation efficacy improvements to detect important threat families like Pandex, and Hancitor. VBA macro Emulation module results in 36K+ blocking events per month
• VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 96K+ blocking events per month
• JavaScript Emulation improved to further protect from JavaScript coinminer. JavaScript Emulation module results in 87K+ blocking events per month
• Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 143K+ blocking events per month
• Further improvements in the x86 emulator to detect malware versions, like Dridex and InstallCore, Cobalt Strike beacon/stager, and targeted ransomwares like Conti, Hive, Avoslocker, and BlackMatter. x86 Emulation module results in 347K+ blocking events per month
• Improved heuristic protection for command line-based fileless threats that leverage Living off the land(LOtL) techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 1M+ blocking events per month
• Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, pre-ransomware activities, and red team test techniques using tools like Metasploit. Powershell Emulation & command line heuristic module results in 22K+ blocking events per month
• Enhanced detections of malware that use case-sensitive filenames or directories

Stargate Engine: Stargate 8.0.0

• Enhanced URL-based security, backed by Symantec’s Global Intelligence Network, via increased efficacy based on risk levels across all URL categorizations  
• Extended TAR archive extraction to TAR Portable Archive eXchange (PAX) formatted archives
• Improved TAR archive extraction performance by 50%
• Improved machine learning models with new .NET modules to detect existing and new .NET threats resulting in 5.4M+ blocking events per month
• Updated scoring framework for better correlation across various features of a file, improved efficacy for .NET packed threats and NSIS packed threats, generating 3M+ blocking events per month
• VBA macro Emulation efficacy improvements to detect important threat families like Pandex, Emotet, and Hancitor. VBA macro Emulation module results in 219K+ blocking events per month
• VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 50K+ blocking events per month
• JavaScript Emulation improved to further protect from JavaScript coinminer. JavaScript Emulation module results in 48K+ blocking events per month
• Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 149K+ blocking events per month
• Further improvements in the x86 emulator to detect malware versions, like Dridex and InstallCore, Cobalt Strike beacon/stager, and targeted ransomwares like Ryuk, BlackMatter.  x86 Emulation module results in 400K+ blocking events per month
• Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, pre-ransomware activities, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
• Improved heuristic protection for command line-based fileless threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 94K+ blocking events per month
• Continuous Hardening and Quality improvements

Stargate Engine: Stargate 7.2.0

• Enhanced URL-based security backed by Symantec’s Global Intelligence Network 
• Added true file type identification for Android Application Package (APK), iOS App Store Package (IPA), Dynamic-Linked Library (DLL),  and Internet Query (IQY) file formats 
• Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month
• Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month
• VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month
• VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month
• JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month
• Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month
• Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month
• Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
• Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month
• Improved repair capability for Microsoft Office Excel threats (e.g. Sillycopy and Laroux)
• Laid the foundation for delivering new mime type identification using our proprietary Safe Execution Environment
• Continuous Hardening and Quality improvements

Stargate Engine: Stargate 7.1.0

• Optimized URL-based security performance in high threaded environments
• Improved scan performance for Office file formats
• Added true file type identification for Virtual Hard Disk (VHD/VHDx) and Mach Object (Mach-O) file formats 
• Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month
• Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month
• VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month
• VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month
• JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month
• Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month
• Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month
• Powershell Emulation and heuristic protection improvements to detect file less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
• Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month

• Continuous Hardening and Quality improvements