Symantec Stargate Engine release notes.

book

Article ID: 223811

calendar_today

Updated On:

Products

Messaging Gateway Endpoint Protection

Issue/Introduction

Symantec Stargate Engine release notes.

Environment

Products sharing the engine:

  • Email Security Services (ESS) 
  • Symantec Messaging Gateway (SMG) 
  • Content Analysis (CA) 
  • Web Security Services (WSS)
  • Advanced Secure Gateway (ASG)
  • CloudSoc (CASB) 
  • Symantec Web Isolation 
  • Symantec Protection Engine for NAS Storage (SPE for NAS) 
  • Symantec Protection for Sharepoint Services (SPSS)
  • Cloud Workload Protection Storage (CWPS)
  • Symantec Mail Security for Microsoft Exchange (SMSMSE) 
  • SymClass
  • Cynic 
  • Link Following 
  • Industrial Control System Protection (ICSP) 
  • CloudScape 
  • Data Center Security Server (SVA)
  • Data Center Security Server Advanced (DCS:SA)
  • Symantec Endpoint Protection for Linux (SEPFL)
  • Cloud Workload Protection (CWP)

Resolution

Stargate Engine: Stargate 7.2.0

Phased Release

 Starting October 11th, 2021

Full Release

 October 27th, 2021

  • Enhanced URL-based security backed by Symantec’s Global Intelligence Network 
  • Added true file type identification for Android Application Package (APK), iOS App Store Package (IPA), Dynamic-Linked Library (DLL),  and Internet Query (IQY) file formats 
  • Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month
  • Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month
  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month
  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month
  • JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month
  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month
  • Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month
  • Powershell Emulation and heuristic protection improvements to detect file-less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month
  • Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month
  • Improved repair capability for Microsoft Office Excel threats (e.g. Sillycopy and Laroux)
  • Laid the foundation for delivering new mime type identification using our proprietary Safe Execution Environment
  • Continuous Hardening and Quality improvements

 

Stargate Engine: Stargate 7.1.0

Phased Release

Starting July 7th, 2021

Full Release

Aug 2nd, 2021

  • Optimized URL-based security performance in high threaded environments

  • Improved scan performance for Office file formats

  • Added true file type identification for Virtual Hard Disk (VHD/VHDx) and Mach Object (Mach-O) file formats 

  • Updates to machine learning models to detect threats resulting in 2.6M+ blocking events per month

  • Updates to the scoring framework for better correlation across various features of a file, this generated 2M+ blocking events per month

  • VBA macro Emulation efficacy improvements to detect important threat families like Pandex. VBA macro Emulation module results in 354K+ blocking events per month

  • VBScript Emulation efficacy improvements to detect important threat families like Lokibot Downloader. VBScript Emulation module results in 73K+ blocking events per month

  • JavaScript Emulation improved to further protect from PDF document-based threats containing malicious JavaScript (e.g. delivered in Wortrik botnet). JavaScript Emulation module results in 52K+ blocking events per month

  • Improved heuristic protection module for malformed and obfuscated RTF based threats leveraging exploits including CVE-2017-0199 and CVE-2017-11882, resulting in 173K+ blocking events per month

  • Further improvements in the x86 emulator to detect malware versions such as Dridex and InstallCore.  x86 Emulation module results in 102K+ blocking events per month

  • Powershell Emulation and heuristic protection improvements to detect file less Powershell command line-based threats like Lemon Duck, and red team test techniques using tools like Metasploit & Ransomware Simulator. Powershell Emulation & command line heuristic module results in 15K+ blocking events per month

  • Improved heuristic protection for command line-based file less threats that leverage Living off the land techniques involving cmd, mshta, bitsadmin, certutil, regsvr32, wmic, schtasks, cmstp, reg, and others resulting in 57K+ blocking events per month

  • Continuous Hardening and Quality improvements