Symantec Stargate Engine release notes for Symantec Messaging Gateway (SMG).
search cancel

Symantec Stargate Engine release notes for Symantec Messaging Gateway (SMG).

book

Article ID: 223811

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Symantec Stargate Engine release notes for Symantec Messaging Gateway (SMG).
**This Knowledge will only contain information on the Stargate version that applies to SMG, so basically anything that does not apply to SMG will not be listed.**

Environment

The StargateEngine is shared by a variety of products, as described below, but not all products have the same version applied to them.

**This Knowledge will only contain information on the Stargate version that applies to SMG, so basically anything that does not apply to SMG will not be listed.**

Products sharing the engine:    

  • Email Security Services (ESS) 
  • Symantec Messaging Gateway (SMG) 
  • Content Analysis (CA) 
  • Web Security Services (WSS)
  • Advanced Secure Gateway (ASG)
  • CloudSoc (CASB) 
  • Symantec Web Isolation 
  • Symantec Protection Engine for NAS Storage (SPE for NAS) 
  • Symantec Protection Engine for Cloud Services (SPE for CS) 
  • Symantec Protection for Sharepoint Services (SPSS)
  • Cloud Workload Protection Storage (CWPS)
  • Symantec Mail Security for Microsoft Exchange (SMSMSE) 
  • SymClass
  • Cynic 
  • Link Following 
  • Industrial Control System Protection (ICSP) 
  • CloudScape 
  • Data Center Security Server (SVA)
  • Data Center Security Server Advanced (DCS:SA)
  • Symantec Endpoint Protection for Linux (SEPFL)
  • Cloud Workload Protection (CWP)

Resolution

 Stargate Engine: Stargate 8.3.0

  • Augmented File Insight Cloud Protection against nonPE threats
  • Enhanced Disarm and Reconstruction reporting for actionable intelligence on embedded active content found within Documents
  • Expanded Protected Archive Extraction via our proprietary Safe Execution Environment to the following file formats:
    • Extensible Archive Format (XAR)
    • Windows Imaging Format (WIM) for Cloud services 
    • InstallAnywhere
    • LHA compressed archives
  • Improved true file type identification coverage
  • New URL Insight cache purge ability for administrators
  • Improved file scan timeout accuracy
  • Continuous Hardening and Quality improvements

Stargate Engine: Stargate 8.1.10

Early Adopter Release

Starting July 25th, 2023

Phased Release

Starting July 31st, 2023

Full Release

August 16th, 2023

  • Enhanced Disarm and Reconstruction memory management for large files.
  • Added Virtual Hard Disk (VHD and VHDx) archive extraction to defend against Qakbot Ransomware attacks.
  • Augmented File Insight security against malicious Portable Executables with appended data or Portable Executable files signed with Elliptic Curve Cryptography (ECC) 
  • Improved URL-based security with added risk levels for Email Security Service.
  • Added true file type identification for Enhanced Metafile (EMF) and Apple Double file formats.
  • Continuous Hardening and Quality improvement.

Stargate Engine: Stargate 8.1.0

Early Adopter Release

Starting April 4th, 2023

Phased Release

Starting April 11th, 2023

Full Release

May 22

  • Added Virtual Archive Extraction to defend against Qakbot Ransomware attacks 
  • Augmented protection against maliciously signed Mach Object (Mach-O) file formats 
  • Improved scan time performance for non-cached PE and MSI file formats by 7%
  • Added true file type identification for  Windows Shortcut (LNK), Executable and Linkable Format (ELF), HyperText Markup Language (HTML), and Dalvik Executable (DEX) file formats
  • Added tenant-aware foundation for future finer policy control 
  • Continuous Hardening and Quality improvement

 

Stargate Engine: Stargate 8.0.2

Early Adopter Release

Starting September 27th, 2022

Phased Release

Starting October 3rd, 2022

Full Release

October 31st, 2022

  • Added true file type identification for Universal Disk Format (UDF) file formats.
  • Enhanced file reputation-based cloud protection by including file signer information.
  • Hardening and Quality improvement.

 

Stargate Engine: Stargate 8.0.1

Phased Release

Starting July 18th, 2022

Full Release

August 3rd, 2022

  • Introduced confidence levels for file type identification and augmented type identification coverage.
  • Added ability to extract LZIP formatted archives.
  • Enhanced XZ archive extraction for highly compressed lzma2 XZ files.
  • Improved machine learning models with new .NET modules to detect existing and new .NET threats resulting in overall 5.4M+ blocking events per month.
  • Updated scoring framework for better correlation across various features of a file, improved efficacy for .NET packed threats and NSIS packed threats, generating 2.5M+ blocking events per month.
  • Introduced new Excel 4.0 Emulation to detect important threat families like Emotet. Excel 4.0 Emulation module results in 1.8M+ blocking events per month.
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex, and Hancitor. VBA macro Emulation module results in 36K+ blocking events per month.
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 96K+ blocking events per month.
  • JavaScript Emulation improved to further protect from JavaScript coinminer. JavaScript Emulation module results in 87K+ blocking events per month.
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 143K+ blocking events per month.
  • Further improvements in the x86 emulator to detect malware versions, like Dridex and InstallCore, Cobalt Strike beacon/stager, and targeted ransomwares like Conti, Hive, Avoslocker, and BlackMatter. x86 Emulation module results in 347K+ blocking events per month.
  • Improved heuristic protection for command line-based fileless threats that leverage Living off the land(LOtL) techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 1M+ blocking events per month.
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, pre-ransomware activities, and red team test techniques using tools like Metasploit. Powershell Emulation & command line heuristic module results in 22K+ blocking events per month.
  • Enhanced detections of malware that use case-sensitive filenames or directories.

 

Stargate Engine: Stargate 8.0.0

Phased Release

Starting March 21st, 2022

Full Release

April 6th, 2022

  • Enhanced URL-based security, backed by Symantec’s Global Intelligence Network, via increased efficacy based on risk levels across all URL categorizations.
  • Extended TAR archive extraction to TAR Portable Archive eXchange (PAX) formatted archives.
  • Improved TAR archive extraction performance by 50%.
  • Improved machine learning models with new .NET modules to detect existing and new .NET threats resulting in 5.4M+ blocking events per month.
  • Updated scoring framework for better correlation across various features of a file, improved efficacy for .NET packed threats and NSIS packed threats, generating 3M+ blocking events per month.
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex, Emotet, and Hancitor. VBA macro Emulation module results in 219K+ blocking events per month.
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 50K+ blocking events per month.
  • JavaScript Emulation improved to further protect from JavaScript coinminer. JavaScript Emulation module results in 48K+ blocking events per month.
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 149K+ blocking events per month.
  • Further improvements in the x86 emulator to detect malware versions, like Dridex and InstallCore, Cobalt Strike beacon/stager, and targeted ransomwares like Ryuk, BlackMatter.  x86 Emulation module results in 400K+ blocking events per month.
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, pre-ransomware activities, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month.
  • Improved heuristic protection for command line-based fileless threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 94K+ blocking events per month.
  • Continuous Hardening and Quality improvements.

 

Stargate Engine: Stargate 7.2.0

Phased Release

 Starting October 11th, 2021

Full Release

 October 27th, 2021

  • Enhanced URL-based security backed by Symantec’s Global Intelligence Network.
  • Added true file type identification for Android Application Package (APK), iOS App Store Package (IPA), Dynamic-Linked Library (DLL),  and Internet Query (IQY) file formats 
  • Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month.
  • Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month.
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month.
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month.
  • JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month.
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month.
  • Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month.
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month.
  • Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month.
  • Improved repair capability for Microsoft Office Excel threats (e.g. Sillycopy and Laroux).
  • Laid the foundation for delivering new mime type identification using our proprietary Safe Execution Environment.
  • Continuous Hardening and Quality improvements.

 

Stargate Engine: Stargate 7.1.0

Phased Release

Starting July 7th, 2021

Full Release

Aug 2nd, 2021

  • Optimized URL-based security performance in high threaded environments.
  • Improved scan performance for Office file formats.
  • Added true file type identification for Virtual Hard Disk (VHD/VHDx) and Mach Object (Mach-O) file formats.
  • Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month.
  • Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month.
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month.
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month.
  • JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month.
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month.
  • Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month.
  • Powershell Emulation and heuristic protection improvements to detect file less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month.
  • Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month.
  • Continuous Hardening and Quality improvements.