Softpedia >Windows >Security >Security Related >Heimdal Thor >  Changelog

Heimdal Thor Changelog

What's new in Heimdal Thor 3.5.0 RC

Apr 10, 2023
  • The Next Big Release from Heimdal:
  • Introducing the Revolutionary Heimdal Threat - hunting and Action Center Leverage the power of unity.
  • Real-time threat hunting without the alert-fatigue and complexity is now a reality.
  • The Heimdal Threat - hunting and Action Center is a powerful threat intel and hunting toolkit that equips security leaders, operations teams, and managed service providers with the ability to detect and respond to next-gen threats using a visual storyboard across their entire IT landscape or customer base.
  • TAC Video
  • Watch the Threat - hunting & Action Center product video: here
  • By leveraging our Extended Threat Protection (XTP) Engine and the renowned MITRE ATT&CK techniques center, TAC provides granular telemetry into IT environments, endpoints, networks, and beyond to help teams proactively classify security risks, hunt detected anomalies, and neutralize persistent threats securely without risking the spread of attacks, disrupting end-users, or affecting organizational productivity.
  • Our pioneering action center allows your security teams to make critical decisions on the-go with the ability to run and execute commands such as advanced file processing, malware quarantines, software patches, machine isolation, and more with 1-click resolutions while further investigating incidents or threats using the platform’s deep analysis reporting modules.
  • Engineered and designed by Heimdal’s security experts from the ground up, the platform features a unified, intuitive, and user - friendly console.
  • Say goodbye to manual and time-consuming security operations - the Heimdal Threat - hunting and Action Center jumpstarts a new era in security
  • Key Features:
  • Deploys out-of-the-box
  • Threat hunting toolkit in our single unified platform
  • Integrated with the Heimdal protection suites
  • Interactable threat visualizer
  • Centralized data and intelligence
  • Pre-computed risk scores & event categorization (XTP Engine)
  • MITRE ATT&CK catalogued
  • Detailed forensics in-console reports
  • Dedicated action & resolution center

New in Heimdal Thor 3.4.0 RC (Feb 2, 2023)

  • Vailability of the Heimdal™ Dashboard in new languages
  • Starting with the 3.4.0 RC Release, our dashboard will be available in three new languages, besides English. The content of the Heimdal™ Dashboard can be displayed in Polish, French, or German.
  • To select the desired language, the dashboard user needs to access the Accounts section and click on the corresponding account. In the Account tab, a new drop-down list will allow choosing the desired language.
  • Dashboard Image
  • Also, the Heimdal™ Agent, is available in Polish, starting with the 3.4.0 RC version.
  • Heimdal™ Endpoint Detection
  • ● Ransomware Encryption Protection – Addition of the “Isolate on tamper detection” option to the REP GP
  • This feature adds the possibility to enable/ disable the already existing “Isolate on Tamper Detection” functionality from the Ransomware Encryption Protection Group Policy area (Endpoint Settings -> Endpoint Detection).
  • Previously, this option could only be actioned from the Endpoint Settings -> Endpoint Detection -> Next-Gen Antivirus tab.
  • The behavior of the functionality remained the same: when enabled, it will ensure that the Firewall module is enabled and also that, automatically, in the very unlikely case in which something force stops one of the Heimdal™ services, the machine where this behavior is observed will be isolated from the network (thus preventing lateral movement).
  • REP
  • Note: For the functionality to work, you need to have the Next-Gen AV, Firewall & MDM module licensed, and, even if the Firewall module is disabled, we will automatically activate it (otherwise the corresponding tick box will be grayed out/non-functional).
  • ● Firewall – Additional Settings for Firewall rules
  • A new section called “Additional Settings” was added to the Endpoint Settings -> Endpoint Detection -> Firewall tab (available when adding/ editing firewall rules). When enabling the corresponding check box, a new area is expanded. It is meant to allow the dashboard user to further filter what specific Local AD Computer Group/ Local IP/ Remote AD Computer Group/ IP Type the new/ edited rule will get applied to.
  • The four fields composing this new section are:
  • ● Local AD Computer Groups: drop-down list in which the user can select the local AD computer groups to which the firewall rule should be applied; if the current machine’s local AD matches the value from this field, the rule will be added to the Windows Firewall (if it does not match, the rule will be ignored/ removed)
  • ● Local IP: free text field in which the dashboard user has to mention the machine’s IP; it is used as a restriction, considering that the machine’s source IPs need to match the inputted values (the input can be: a range, an IPv4 or IPv6)
  • ● Remote AD Computer Groups: drop – down list in which the user can select the AD computer groups which the firewall rule should be applied to (in case of a remote type IP); if the current machine’s AD matches the value from this field, the rule will be added to the Windows Firewall (this setting will take into consideration the selected IP type: public/ private/ both)
  • ● IP type: allows the dashboard user to select from a drop – down list the IP type: public, private or both
  • New Sections
  • ● Firewall – Option to allowlist IPs related to potential Brute Force Attacks
  • Starting with this release, our dashboard users have the option to allowlist IPs related to potential BFAs (deemed as false positives). This can be achieved either directly from Endpoint Detection -> Firewall -> Firewall Alerts tab grid, by selecting one or more items (that have the Detection Type: “Brute Force Attack”) and applying the “Add to Allowlist” command from the “Select what action to take” drop – down. A pop–up, asking if this action should be applied on specific GPs or globally, will be shown (there is also the option to apply the command only to active GPs).
  • Firewall
  • Firewall2
  • The same desiderate can be achieved from the Endpoint Settings -> Endpoint Detection -> Firewall tab. A new section called Allowlist Brute Force IPs was created. The IPs added to the allowlist will be disregarded from the Firewall Alerts logic.
  • Allow Bruteforce IP
  • Heimdal™ Privileges & App. Control
  • ● Application Control – Ability to filter non executable files in the Full logging and Raw data views
  • The filtering capabilities of the App. Control Full logging and Raw data views have been improved by the addition, to the existing Allow by default and Block by default options, of the following possibilities (check boxes): Matching Allowed rules, Matching Blocked rules, Matching Allowed with auto elevation and Matching Allowed by parent process.
  • There is also a new checkbox called “Hide non-executable files” which, when enabled, will hide from the earlier-mentioned App. Control grids all the files having non-executable extensions (e.g.: .pdf).
  • Filter non executable files
  • ● Application Control – Option to Allow or Block multiple processes from the Full logging and Raw data views
  • This feature provides the user with the ability to allow/ block multiple processes in the Full Logging and Raw data views of the Application Control product. A checkbox was added in the top-left corner of the grid, allowing the dashboard user to easily select all the processes shown in the table. Also, you can now select more than one process and apply the same action from the “Select what action to take” drop-down list.
  • Filter non executable files
  • On the allow/ block execution pop-up window, a few changes were made and these changes apply only when multiple processes are selected. The first change is the removal of the “Subject” and “Priority” text fields.
  • Removal of the Subject and Priority
  • In case one of the rule types does not apply to one or multiple selected processes, a new button will appear. On click, it will expand a list containing the processes that are not eligible for the selected Rule Type.
  • Search and sort
  • ● Application Control – Allow spawns that have scripts as parents
  • This feature adds additional checks in the command line parameters to, if the case, allow scripts that match rules to allow spawns.
  • Previously, the only performed check was on the main executable application, which, for scripts, only verified the application running the scripts (e.g.: wscript.exe, powershell.exe), omitting the actual individual script that was configured in the rule.
  • ● Application Control – Reactivate the "Allow auto elevation" functionality for all rule types
  • With the introduction, a few releases ago, of the Application control driver, we have now reactivated the “Allow auto elevation” functionality for all the App. Control rule types (not only for Path and Wildcard path).
  • In order for this the functionality to work for the Software Name, MD5, Publisher, Signature and Command line arguments rule types, the “App. Control driver interception” feature needs to be enabled.
  • If “App. Control driver interception” is disabled, the “Allow auto elevation” check box will be greyed-out/ non-functional for all rule types, except Path and Wildcard.
  • Other improvements & fixes:
  • ● Additional info related to the most common process name that is related to Firewall BFA detections or Failed Local Password Attempts
  • In the Endpoint Detection -> Firewall -> Firewall Alerts tab, in the cells corresponding to the Attempts per Username and Attempts per IP columns, when the expand/ collapse button is in expanded mode, besides the already Target Usernames and Remote IP’s list info, we added more information, namely the most common process name that has triggered the BFA or Failed local password attempt.
  • Firewall BFA detections
  • ● Option to perform Ransomware Encryption Protection exclusions based on wildcard paths and download in .csv the Exclusions list
  • The way REP exclusions are performed has been enriched with the ability to exclude processes based on wildcard paths. The dashboard user can use (either manual input or import .csv) custom paths with environment variables and wildcard markers (*).
  • Ability to exclude processes based on wildcard paths
  • We’ve also added the option to download, in a .csv format, the Exclusions list. This can be achieved by pressing the “Download CSV” button.
  • Download in a csv format
  • ● Email alert for Zero - Trust Execution Protection detections
  • The Heimdal™ dashboard user now have the possibility to receive an email alert whenever a “Zero – Trust Execution Protection” detection happens.
  • In the Accounts -> click a dashboard user (email) -> Account tab, Alerts section of the dashboard, we’ve added a new check box called “Zero – Trust Alerts”, which, if enabled will send an email alert to the dashboard user in case of “Zero – Trust Execution Protection” detections.
  • Corporate Customers and Visitors roles view
  • The email alert contains the interception details (Hostname, Username, Process name, Status, Timestamp), as showcased below.
  • Reseller role view
  • ● Privileged Access Management – enhancement to local token validation
  • The improvement is related to the addition of the Hostname info (requesting the elevation) to the end user notification pop-up (both versions: with or without the “reason” input).

New in Heimdal Thor 3.1.3 (Feb 2, 2023)

  • This new version contains a fix for an issue which was encountered in our Privileges & App. Control, Application Control module and impeded Application control to start correctly.

New in Heimdal Thor 2.5.361 RC (Jul 1, 2021)

  • Here are the main improvements and fixes rolling in with the new 2.5.361 RC:
  • Heimdal™ Dashboard:
  • Home page graphs are now segregated per month if a longer time frame is selected
  • We made some changes to the Heimdal dashboard home page graphs, in order to streamline, visually the display and interpretation of data. The home page graphs are now displaying daily sets of data, if the selected time frame is smaller than one month, weekly sets of data, if the selected time frame bigger than one month, and monthly sets of data, in case the selected time frame is bigger than three months.
  • Heimdal™ Agent:
  • Heimdal Agent self–update issues are fixed
  • Next-Gen AV mapped network drives scan issues are fixed

New in Heimdal Thor 2.5.314 / 2.5.320 RC (Mar 10, 2021)

  • New features:
  • Heimdal™ Dashboard:
  • Granular filter for the dashboard time frame
  • The timeframe selector now has 2 additional fields for selecting Hour and Minutes to the specific timeframe. Once a custom time is selected, the dashboard results will be filtered accordingly. A default time is applied for each selector- 00:00 for start date and 23:59 for end date.
  • Device filter available in DLG/VectorN/Vigilance/Admin Privilege views
  • Depending on the availability of the module on each OS, a device filter was added in DLG, VectorN, Vigilance and Admin Privilege views. The filters are Android, Mac OS and Windows devices.
  • DnsInfo added Active Clients verbose CSV
  • Microsoft Updates per Group Policy information added in API
  • Added the MD5 column for Vigilance
  • Agent:
  • Agent info logged in fixed registry key
  • This feature is meant to allow the user (only CORP users) to see which modules of the Heimdal product suite are installed and running on the customers' endpoints, which version of the agent is installed on the endpoints and which group policy it belongs to (GP).
  • The registries are found here:
  • HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeHeimdalSecurityInfo or HKEY_LOCAL_MACHINESOFTWARE HeimdalSecurityInfo (based on Windows version 64 or 32)
  • DarkLayer Guard:
  • Added “Force NCSI fix” option
  • A new checkbox was added in group policy > DLG module, “Force NCSI fix”.
  • When enabled, this functionality will fix the Network Connectivity Status Indicator that causes the not connected globe in the tray menu, when running alongside DarkLayer Guard.
  • Firewall:
  • Added isolation exclusions profiles
  • This feature adds the functionality of adding some specific rules for firewall only if the computer is isolated. Those rules come as a specific profile that adds some rules for a certain program (ex: TeamViewer, ISL Online). Those rules will be deleted when the pc will not be isolated.
  • New isolation profiles can be added, please send this request to the Support team.
  • Heimdal™ Privileged Access Management:
  • Elevation request availability period
  • A new option was added in Admin Privilege Group policy, “Accepted requests availability time”. When enabled, the user is able to select a custom time to live for elevation request, between 1 and 24 hours. If the option is disabled, all elevation requests will expire after the default 24 hours
  • Privileges and APP Control:
  • Application Control is a module created to better control which applications can be executed on client machines and how they are executed. You can define rules which describe what is allowed or blocked on machines using application details like paths, publisher and executable MD5, as well as how the application should run (it can automatically elevate the application if so configured) and how we handle child processes (we can allow all processes spawned by the application defined by the rule).
  • The group policy tab has been split into 2 subsections. “Privilege Access Management” tab will include previous options for Privilege Access Management and the second tab. “Application Control” will include new settings for App Control module.
  • Heimdal™ Email Fraud Prevention:
  • Group policy option to disable Outlook suspicious activity warnings
  • In Dashboard GP settings will appear a new checkbox on MailSentry tab that will disable/enable the outlook suspicious activity warnings.
  • On Agent a registry key will be modified for this with the values (2 -> disable, 0 -> enable). This registry key value can be found at the following path in regedit: ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftOffice16.0OutlookSecurity
  • On this path a new key will be created if not exists called “ObjectModelGuard” and this will
  • Heimdal™ Email Security:
  • Added minute and daily limits for sent emails
  • A default minute limit of 300 emails and a daily limit of 10.000 emails was added. The limit change be lowered from the Perimeter settings, the Limits section.
  • Option to customize the header and footer of the Quarantine Report
  • In Perimeter, Quarantine settings options, a new button is available “View and Edit Template”. When clicking this button, a model that allows the user to edit the header and footer of the Quarantine Report is displayed.
  • Other changes:
  • Communication between Backed to Agent – “Enable realtime communication” checkbox added in GP (admin only); When enabled the communication between agent and backend should be faster, GP changes are visible in agent in around 1 min.
  • Target update control system – section added in admin; option to add a version to be targeted in agent for auto update. AllowNewer - if set to true, must change the core service will retrieve the latest available version of Heimdal rather than the targeted one, if the latest available version is newer than the targeted one. Works from 2.5.320 onward only.

New in Heimdal Thor 2.5.302 RC (Sep 1, 2020)

  • This version contains only some bug fixes.

New in Heimdal Thor 2.2.6 (Sep 8, 2016)

  • Fixed a .NET Framework compatibility issue on some systems, which causes the Heimdal services to stop running.
  • Fixed an issue regarding product activation on some systems, which resulted in error code 1001.

New in Heimdal Thor 2.2.2 (Jun 8, 2016)

  • BIG FEATURE ENHANCEMENTS:
  • IPv6 support – Heimdal will support filtering on IPv6 infrastructures.
  • Solution for the yellow icon with "No Internet" on some Intel and Realtek LAN based network adapters, where internet access was present but not seen by the Microsoft Windows operating system. This requires keeping IPv4 Checksum offload disabled on the network adapter.
  • Implementing fix for AD DNS registration
  • Automated alerting of infected machines - Administrators will automatically receive email alerts about infections in their network (optional).
  • Weekly reports - Administrators will receive comprehensive reports on a weekly basis about their environment (optional).
  • Enhanced cross-cloud malware detection patterns and algorithms – To better detect APTs, Ransomware, Trojans.
  • SMALL FEATURE ENHANCEMENTS:
  • Filter accuracy. The accuracy of the filtering mechanism was enhanced significantly in order to reduce the amount of traffic sent for cloud verification before a Block / Do Not Block command is executed. This enhances the performance speed and also reduces network and internet traffic load.
  • Blocked traffic drill down. The dashboard now allows a thorough drill down only into the blocked traffic of the endpoint, so threats can be more easily assessed.
  • CHANGED REQUIREMENTS:
  • .NET 4.6.1 is required. The Heimdal installer will install this if it detects it's not already present.
  • Windows XP is no longer supported.

New in Heimdal Thor 2.2.0 (Jun 8, 2016)

  • BIG FEATURE ENHANCEMENTS:
  • Auto-disable feature – turns off the DNS when we can’t access the cloud service for a timespan longer than 5 minutes (timespan needed to make various checks which help us determine if the computer is lacking the connection due to Heimdal)
  • SMALL FEATURE ENHANCEMENTS:
  • The issue with the Outlook 2013 Resource Central Outlook add-in 32 bit has been fixed
  • SecureDNS enhancements and other small fixes

New in Heimdal Thor 1.10.5.0 (Aug 14, 2015)

  • Heimdal updated to enable latest updates for Adobe Reader 10.1.15 and 11.0.12.

New in Heimdal Thor 1.10.4.0 (Jul 16, 2015)

  • Heimdal updated to enable latest updates for Adobe Reader 10.1.14 and 11.0.11.

New in Heimdal Thor 1.10.3.692 (Mar 31, 2015)

  • Fixing issues with SecureDNS component, that sometimes caused the resolving of SOA records to fail

New in Heimdal Thor 1.10.3.686 (Dec 12, 2014)

  • Heimdal updated to enable latest updates for Adobe Reader 10.1.13 and 11.0.10.

New in Heimdal Thor 1.10.2.684 (Dec 5, 2014)

  • Confusing pop-up related to in-app registration removed.

New in Heimdal Thor 1.10.2.682 (Nov 28, 2014)

  • Added ability to provide updates specifically for Windows 8.
  • Added in-app registration.

New in Heimdal Thor 1.10.1.662 (Sep 30, 2014)

  • Heimdal updated to enable latest updates for Adobe Reader 10.1.12 and 11.0.09.

New in Heimdal Thor 1.10.0.637 (Aug 20, 2014)

  • Heimdal updated to enable latest updates for Adobe Reader 10.1.11 and 11.0.08.

New in Heimdal Thor 1.10.0.626 (Jul 22, 2014)

  • Include improved malware detection framework

New in Heimdal Thor 1.9.42.620 (Jul 22, 2014)

  • Hotfix to handle expiry of Gameover version

New in Heimdal Thor 1.9.42.609 (Jul 22, 2014)

  • Special build as part of the Zeus Gameover takedown

New in Heimdal Thor 1.8.4.612 (Jul 22, 2014)

  • Acrobat Reader 10.1.10 and 11.0.7
  • Typo fix
  • Removed need for logged in user

New in Heimdal Thor 1.8.3.535 (Jul 22, 2014)

  • Acrobat Reader 11.0.6 and 10.1.9

New in Heimdal Thor 1.8.2.531 (Jul 22, 2014)

  • Acrobat Reader 11.0.5, 10.1.0, 10.1.8 fix
  • Added uninstall survey link

New in Heimdal Thor 1.8.1.516 (Jul 22, 2014)

  • Acrobat Reader 10.1.8 and 11.0.4

New in Heimdal Thor 1.8.0.500 (Jul 22, 2014)

  • Revamped complete Acrobat Reader updater framework

New in Heimdal Thor 1.7.0.437 (Jul 22, 2014)

  • Update Adobe Acrobat Reader updater to be more sturdy
  • More smart start of service vs. user facing app
  • Avoid locking UI when user clicks on buttons

New in Heimdal Thor 1.6.0.395 (Jul 22, 2014)

  • Bugfixes based on auto-feedback
  • Text updates
  • German translation and texts
  • Include log-subdirectories when sending trace

New in Heimdal Thor 1.5.0.372 (Jul 22, 2014)

  • Internal handling of encryption and certificates improved
  • Fixes to permissions for on-disk directories
  • Try to work for guest profiles

New in Heimdal Thor 1.4.1.334 (Jul 22, 2014)

  • Internal changes to reflect new block-pages in securedns

New in Heimdal Thor 1.4.0.307 (Jul 22, 2014)

  • Depend only on .NET 4 client profile (instead of full)
  • Start SecureDNS client earlier to mitigate login problems on AD
  • Specialized Adobe Acrobat updater
  • New encryption library

New in Heimdal Thor 1.3.1.289 (Jul 22, 2014)

  • Limit nagging on expiring license

New in Heimdal Thor 1.3.0.268 (Oct 22, 2012)

  • Functionality:
  • Improved license handling
  • Notify user that license is about to expire.
  • Provided ability to renew license
  • Improved robustness of patchdefinition handling
  • Made SecureDNS work properly with DNS servers that respond incorrectly.
  • Added License tab for easy license overview.
  • Bugfixes:
  • Fix minor issues wrt. license handling
  • Fixed bug where client was unable to restart under specific circumstances
  • Fixed possible startup issue on certain configurations.
  • Keep downloaded files if unable to download new.
  • Improved installer robustness.
  • Properly manage bandwidth by only downloading required files.
  • Correctly handle License check in SecureDNS.
  • More bugfixes

New in Heimdal Thor 1.2.0.211 (Aug 30, 2012)

  • Functionality:
  • Improved Malware detection - updates come more often and scans are done more frequently. This helps prevent things like the NemID attack earlier this year
  • Prevent looping updates when they silently fail.
  • Improvements in error handling.
  • Bugfixes:
  • Fix case where it was necessary to press Update to get data.
  • Fix a lot of corner cases that could potentially cause errors.
  • More bugfixes.

New in Heimdal Thor 1.1.0.181 (Jul 19, 2012)

  • Functionality:
  • Remove dependency on .Net 4.0 Full Profile. Provides smaller downloads.
  • Improve installer robustness when updating Heimdal.
  • Many Internal changes.
  • Bugfixes:
  • Gracefully fail when running as Guest user.
  • Improve resillience of Heimdal Corporate policy retrieval.
  • Fix issue where Heimdal could be excepted from updates.
  • Fix issue where the Scan bar would animate incorrectly.
  • Many more bugfixes.

New in Heimdal Thor 1.0.1.129 (Jul 19, 2012)

  • Hotfix Release:
  • Fixes Heimdal Corporate rare special case where startup of the agent might fail.
  • Fix an installer issue where Heimdal Corporate MSI installs might not be upgraded automatically
  • Handle 4 extremely rare exceptions in misconfigured system gracefully (and thereby avoid automatic crash reports)
  • Improve experience on temporary / guest profiles on machines using heimdal.
  • Add throttling on automatic crash reports

New in Heimdal Thor 1.0.0.99 (Jul 19, 2012)

  • Functionality:
  • New "Send Trace" button on the "Advanced tab" which automatically includes trace-files for your and our convencience
  • The capability to automatically send crash reports and usage statistics back to our servers (Enable by checking "Allow to send debug information")
  • When disabling pieces of software as "Exception" Heimdal will return to 100 % even if the given software is vulnerable
  • Bugfixes:
  • Remove service dependencies to allow faster startup. In some rare cases this could lead to Heimdal not starting at all
  • When using proxy - try to use service user credentials and try not to bug user more than needed.
  • In very rare cases a timing issue could lead to Heimdal not starting up
  • Fixed the right-clicking context menu on the Heimdal icon where fast links to specific tabpages was off by one.
  • Speedup startup when not using corporate edition by not looking for corporate policy