Skip to main content
Version: 2.9.2

What’s New in Ransomware Defender

New in the 2.9.0 release

Multiplatform Support

  • Lockout/Restore Jobs: Jobs will now run for the event's user on all configured platforms.
  • Snapshot Jobs: Snapshots will be created for all accessible shares/exports across all configured platforms.

User Normalization

  • RWD Events: Events are now grouped by user (previously grouped by user+platform).
  • Event Information: All event information is normalized to use a uniform format across platforms.

ECS Support for Cyber Recovery Manager

  • Object Recovery: Recovery of ECS objects is now supported through Cyber Recovery Manager.
  • Versioning Support: Added support for versioning during recovery.

Noise Reductions for Paths

  • Learning Mode: Users can activate learning mode to define the most common paths for whitelisting.
  • Threshold Analysis: The system will perform threshold analysis to set a learned threshold for any event on this path.
  • Active Event Notification: Users will be prompted if more than X active events are detected in Monitor mode.

Usability Enhancements

ECA - NTP Settings

  • NTP Settings: NTP settings are now pushed to other nodes in the cluster.

New UI Alerts Handling and Recovery Manager Enhancements

  • User Feedback: Users can now provide feedback on their experience with the product.
  • Alerts List Improvements: Enhancements to alerts lists and cluster information display.
  • Snapshot Cache: Added a button to refresh the snapshot cache in Recovery Manager.
  • Recovery Status Labels: Labels are now displayed on the recovery status for better clarity.
  • User Alert History: User alert history is now visible on the overview page.
  • Monitor Mode: Information is displayed on when monitor mode for alerts expires.

SG (Security Gateway)

  • Scan Differentiation: Differentiate scans by network element to improve security monitoring.

Fixed in 2.9.0

  • DS-892: NFS lockout/restore for multiple zones failing - PowerScale OneFS only
    NFS user lockout may fail with exports with the same export ID from different PowerScale OneFS clusters.

  • DS-893: Eyeglass is trying to lockout access on an Export that was removed
    Lockout job for NFS user may fail due to deleted NFS exports.

  • DS-130: Critical Snapshots are not created using the RWS Sera API
    Critical Snapshots are not created using the RWS Sera API.

  • RWD-547: ECS Ransomware Defender SecurityGuard uses port 9020 instead of 9021
    ECS Ransomware Defender SecurityGuard uses port 9020 instead of 9021.

  • DS-125: Critical path - Cannot add same path/user for different platforms
    It is possible to use the same user and paths for different platforms.

  • DS-126: Prevent Security Guard job to run in parallel on two devices
    To avoid situations in which users are locked out during job execution, job parallelism is disabled.

  • DS-127: New UI - SG Alerts show as Critical in Alert Detail
    On the Alerts page, new alerts will show their severity or if they are alerts raised by the Security Guard. If a Security Guard Alert is opened for more detail, it will show the true severity of that Alert.

  • DS-89: Qumulo Create SMB share for security guard
    The SMBs for Security Guard are automatically created and their permissions are updated for the Qumulo platform too.