search cancel

Symantec Stargate Engine release notes.

book

Article ID: 223811

calendar_today

Updated On:

Products

Messaging Gateway Endpoint Protection

Issue/Introduction

Symantec Stargate Engine release notes.

Environment

Products sharing the engine:

  • Email Security Services (ESS) 
  • Symantec Messaging Gateway (SMG) 
  • Content Analysis (CA) 
  • Web Security Services (WSS)
  • Advanced Secure Gateway (ASG)
  • CloudSoc (CASB) 
  • Symantec Web Isolation 
  • Symantec Protection Engine for NAS Storage (SPE for NAS) 
  • Symantec Protection for Sharepoint Services (SPSS)
  • Cloud Workload Protection Storage (CWPS)
  • Symantec Mail Security for Microsoft Exchange (SMSMSE) 
  • SymClass
  • Cynic 
  • Link Following 
  • Industrial Control System Protection (ICSP) 
  • CloudScape 
  • Data Center Security Server (SVA)
  • Data Center Security Server Advanced (DCS:SA)
  • Symantec Endpoint Protection for Linux (SEPFL)
  • Cloud Workload Protection (CWP)

Resolution

Stargate Engine: Stargate 8.0.1

Phased Release

Starting July 18th, 2022

Full Release

August 3rd, 2022

  • Introduced confidence levels for file type identification and augmented type identification coverage
  • Added ability to extract LZIP formatted archives
  • Enhanced XZ archive extraction for highly compressed lzma2 XZ files
  • Improved machine learning models with new .NET modules to detect existing and new .NET threats resulting in overall 5.4M+ blocking events per month
  • Updated scoring framework for better correlation across various features of a file, improved efficacy for .NET packed threats and NSIS packed threats, generating 2.5M+ blocking events per month
  • Introduced new Excel 4.0 Emulation to detect important threat families like Emotet. Excel 4.0 Emulation module results in 1.8M+ blocking events per month
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex, and Hancitor. VBA macro Emulation module results in 36K+ blocking events per month
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 96K+ blocking events per month
  • JavaScript Emulation improved to further protect from JavaScript coinminer. JavaScript Emulation module results in 87K+ blocking events per month
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 143K+ blocking events per month
  • Further improvements in the x86 emulator to detect malware versions, like Dridex and InstallCore, Cobalt Strike beacon/stager, and targeted ransomwares like Conti, Hive, Avoslocker, and BlackMatter. x86 Emulation module results in 347K+ blocking events per month
  • Improved heuristic protection for command line-based fileless threats that leverage Living off the land(LOtL) techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 1M+ blocking events per month
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, pre-ransomware activities, and red team test techniques using tools like Metasploit. Powershell Emulation & command line heuristic module results in 22K+ blocking events per month
  • Enhanced detections of malware that use case-sensitive filenames or directories

 

Stargate Engine: Stargate 8.0.0

Phased Release

Starting March 21st, 2022

Full Release

April 6th, 2022

  • Enhanced URL-based security, backed by Symantec’s Global Intelligence Network, via increased efficacy based on risk levels across all URL categorizations  
  • Extended TAR archive extraction to TAR Portable Archive eXchange (PAX) formatted archives
  • Improved TAR archive extraction performance by 50%
  • Improved machine learning models with new .NET modules to detect existing and new .NET threats resulting in 5.4M+ blocking events per month
  • Updated scoring framework for better correlation across various features of a file, improved efficacy for .NET packed threats and NSIS packed threats, generating 3M+ blocking events per month
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex, Emotet, and Hancitor. VBA macro Emulation module results in 219K+ blocking events per month
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 50K+ blocking events per month
  • JavaScript Emulation improved to further protect from JavaScript coinminer. JavaScript Emulation module results in 48K+ blocking events per month
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 149K+ blocking events per month
  • Further improvements in the x86 emulator to detect malware versions, like Dridex and InstallCore, Cobalt Strike beacon/stager, and targeted ransomwares like Ryuk, BlackMatter.  x86 Emulation module results in 400K+ blocking events per month
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, pre-ransomware activities, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
  • Improved heuristic protection for command line-based fileless threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 94K+ blocking events per month
  • Continuous Hardening and Quality improvements

 

Stargate Engine: Stargate 7.2.0

Phased Release

 Starting October 11th, 2021

Full Release

 October 27th, 2021

  • Enhanced URL-based security backed by Symantec’s Global Intelligence Network 
  • Added true file type identification for Android Application Package (APK), iOS App Store Package (IPA), Dynamic-Linked Library (DLL),  and Internet Query (IQY) file formats 
  • Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month
  • Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month
  • JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month
  • Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
  • Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month
  • Improved repair capability for Microsoft Office Excel threats (e.g. Sillycopy and Laroux)
  • Laid the foundation for delivering new mime type identification using our proprietary Safe Execution Environment
  • Continuous Hardening and Quality improvements

 

Stargate Engine: Stargate 7.1.0

Phased Release

Starting July 7th, 2021

Full Release

Aug 2nd, 2021

  • Optimized URL-based security performance in high threaded environments
  • Improved scan performance for Office file formats
  • Added true file type identification for Virtual Hard Disk (VHD/VHDx) and Mach Object (Mach-O) file formats 
  • Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month
  • Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month
  • JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month
  • Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month
  • Powershell Emulation and heuristic protection improvements to detect file less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
  • Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month
  • Continuous Hardening and Quality improvements