Softpedia >Windows >Security >Firewall >Syspeace >  Changelog

Syspeace Changelog

What's new in Syspeace 4.1.500

May 26, 2022
  • Internal addresses are now not matched by “Country is not X” conditions in rules.

New in Syspeace 4.1.400 (May 6, 2022)

  • Reintroduce copy/paste in IP lists. Add RRAS (VPN) detector for Routing and Remote Access Service in Windows Server.

New in Syspeace 4.0.8492 (Mar 28, 2022)

  • Performance and capability improvements to blocking and rule matching. Remote management support with Syspeace Console.

New in Syspeace 3.1.5 (Nov 25, 2020)

  • Performance improvements to the rule matching database, support for masked data and contains general performance improvements and bug fixes.

New in Syspeace 3.1.1 (May 10, 2019)

  • Support forgiving blocks via Remote Status and contains bug fixes.

New in Syspeace 3.1.0 (Feb 26, 2019)

  • Introduces Remote Status, improves deployment and contains performance improvements and bug fixes.

New in Syspeace 3.0.1 (Apr 4, 2018)

  • Contains bug fixes and improves the experience when an account creation email can’t be delivered.

New in Syspeace 3.0.0 (Jan 10, 2018)

  • Introduces Country blocking and contains numerous other improvements.

New in Syspeace 2.7.2.0 (Jun 21, 2017)

  • Fixes a crash when attempting to match a Windows login rule with a domain filter and a synthesized RDP Winlogon event is considered.

New in Syspeace 2.7.1.0 (Apr 25, 2017)

  • Fixes inability to communicate with license server on Windows Server 2008 if .NET Framework 4.5 or later is installed.

New in Syspeace 2.7.0.0 (Apr 6, 2017)

  • Many improvements to detection of intrusion attempts and fixes, including improvements to Remote Desktop/Terminal Services login attempt detection.

New in Syspeace 2.5.2 (Jul 2, 2014)

  • Fixed an issue where exporting settings could fail with some blacklist entries.
  • Fixed an issue where double clicking a local blacklist/whitelist list entry at the point of the IP address would not bring up the edit description window.
  • Fixed an issue where clicking the green IP address links would sometimes not show any associated actions.
  • Fixed an issue where Syspeace could crash due to database contention timeouts when blocks changed frequently.
  • Fixed an issue where Syspeace could crash when inspecting the current IP Security Policy on Windows Server 2003.

New in Syspeace 2.5.0 (Apr 29, 2014)

  • Includes a first version of pluggable detector support where new detectors can be developed and added. A new Web detector is available in a beta version to provide protection against some web site login attempts. For more information, see the Syspeace detector API documentation.
  • Updates the reseller model. For more information, see the Syspeace web site.
  • A new function to export settings and/or license key to a settings file. This settings file can be used to configure a new or existing Syspeace installation.
  • The ability to select the “blocking provider” specifying how Syspeace’s blocks will be blocked.
  • Makes it possible to use the IP Security Policy blocking provider, normally used for Windows Server 2003, if another protection program is managing Windows Firewall and not effecting the blocks entered into it.
  • Makes it possible to use “Dry run” to not actually block anything. Useful for evaluations of Syspeace. There is a prominent warning in the Syspeace status window when Dry run is active.
  • Fixes a bug where the Reset on Success setting would stop working.

New in Syspeace 2.4.1 (Feb 4, 2014)

  • Fixes a bug where IP addresses could be mixed up in tables and improves the local blacklist and whitelist interface.
  • Fixes an issue where IP addresses could be mixed up in tables in the setting panes Access Log, Access Report and Global Blacklist. (The right IP address was shown when copying or exporting.)
  • Multiple entries can now be selected and deleted in the local blacklist and whitelist.

New in Syspeace 2.4.0 (Feb 4, 2014)

  • Introduces Access log, IP address actions and revamps the internal database for speed and efficiency. For more details, see the full release notes.
  • New features:
  • The Attack control panel has been replaced with the Access log panel.
  • Searches can now be performed on additional fields.
  • Searches can now be confined to only a certain source of login attempt (Windows login, etc.).
  • Global blacklist blocks can now be hidden in the Live blocks panel.
  • In many places where an IP address appears, the IP address is now a green clickable link. Clicking the link will bring up a small info panel about the IP address and include relevant actions, including adding to/removing from the local blacklist and adding to the local whitelist.
  • Engine changes:
  • Large parts of Syspeace have been revamped to improve speed and manageability and in preparation of future features.
  • Login attempts are now stored more compactly and in separate databases.
  • Information about current and recent blocks is now stored more compactly.
  • The detection and blocking engines have been revamped to speed up handling of login attempts. Many stages of the pipeline have been tweaked so that the time between adding a blacklist entry or forgiving a block in the user interface and the change being in place in the firewall is significantly shorter than in previous versions.
  • Other changes:
  • Fixed an issue where the whitelist pane in Settings would not be updated when an IP address was whitelisted in the status window.

New in Syspeace 2.3.1 (Nov 20, 2013)

  • Fixed an issue where daily and weekly reports would sometimes be missing all blocks except the most recent.
  • Improved the behavior of the Windows audit event logging setting detection on non-English versions of Windows Server.
  • Clarified the registration process to highlight that you do not need to register several accounts to try Syspeace out on multiple computers.
  • Fixed an issue where an inability to reach the license server would immediately and prematurely send a warning license report email intended for when the license server has been persistently unreachable for a number of days.

New in Syspeace 2.3.0 (Nov 20, 2013)

  • New features:
  • Syspeace now supports SQL Server-based blocking on Windows Server 2003.
  • The list in the status window has been replaced with a new list, containing a summary of current blocks and suspected upcoming blocks.
  • Suspected upcoming blocks refers to observed failed logins that have yet to trigger a rule.
  • For current blocks, the observed failed logins that triggered a rule are shown.
  • Single IP address entries show the geographical location if available.
  • The list can be filtered in the bottom left of the window. Current blocks based on observations are always shown. Blacklisted IP addresses can be shown or hidden.
  • IP addresses can directly be added to the local blacklist, removed from the local blacklist and added to the whitelist from the info pane directly. Current blocks can also be forgiven (the block is removed and the IP address’ failed login record starts over).
  • Other improvements:
  • When the Syspeace client is started and there are Windows login rules enabled, Syspeace will check to make sure that the current security policy will allow logon failure audit events to be produced and warn if this is not the case. Without this properly set, Syspeace will not be able to detect Windows login failures.
  • The description for each entry in the local blacklist and whitelist can now be changed without having to recreate the entry.
  • Duplicate entries for IP addresses can no longer be added in the local blacklist and whitelist.
  • Syspeace’s behavior and stability when the Syspeace backend and license server is unreachable is improved.
  • Changes to bring the size of the local database down.
  • Fixed a bug preventing the removal of the ban corresponding to the last blacklist entry.
  • Improved migration from Syspeace 1.1.*.

New in Syspeace 2.2.2 (Jun 26, 2013)

  • Improves SQL Server support to also detect logins from other SQL Server instances than the default, including SQL Server Express instances.
  • Events like login failures and removal of blocks are now shown in the main window's list as the Syspeace service is running. To disregard these entries, uncheck Show all events. When the Syspeace service is not running, only the current blocks are shown.
  • Syspeace now disregards successful Windows login authentication events by the anonymous user as may be issued by Windows before attempting to mounting a share, instead of resetting the number of accumulated failed logins if the setting Reset on success is active.
  • Fixed a bug causing communication to fail between the client and service.
  • Fixed a timing-sensitive bug preventing Settings from opening.
  • Fixed a bug preventing exports from Attack control.
  • Fixed a bug preventing mail reports.
  • Fixed a bug preventing the removal of all blocks.

New in Syspeace 2.2.1 (Jun 14, 2013)

  • Fixes a crashing bug for users who upgraded from v2.1.0.

New in Syspeace 2.2.0 (Jun 12, 2013)

  • Reseller support:
  • Support for Syspeace license resellers has been added. New accounts are assigned to a specific reseller, or, if there are no resellers in the customer's territory, to Syspeace directly. Reseller customers buy licenses from their reseller instead of from Syspeace. For more information, please see the reseller information on syspeace.com.
  • Current Syspeace customers will not be assigned a reseller and can continue to purchase licenses from Syspeace.
  • New data features and usability improvements:
  • Entries in the local blacklist and whitelist can both have descriptions.
  • Corresponding blacklist entry descriptions show up in the Live blocks panel.
  • Entries added to the whitelist by clicking "Make permanent exception in whitelist" in the Live blocks panel get a corresponding description.
  • The local machine IP addresses that are automatically whitelisted in Local Whitelist are now annotated with the name and description of the applicable network interface.
  • Due to the similarity between the Local Blacklist and Local Whitelist panels, a bar colored white for the whitelist and black for the blacklist has been added just above the list in each of the panels.
  • In addition to the rule indicators for the Rule panels, there are now indicators to show the number of active entries in the blacklists and whitelist, as well as an indicator for the number of blocks.
  • Bug fixes and stability improvements:
  • The numbers in the weekly and daily email reports no longer include pre-existing blocks along with the first block of the day.
  • Fixed a crash when using Syspeace with non-English versions of SQL Server.
  • A crash has been fixed when using Access Report and there are many entries missing usernames.
  • Fixes to improve stability when a backend server request is aborted by a lost network connection.

New in Syspeace 2.1.0 (Apr 20, 2013)

  • New engine features:
  • Windows Server 2012 is now fully supported.
  • A new SQL Server login detector to detect SQL Server login failures and successes. (To avoid unwanted side effects in common environments with shared web servers and shared database servers, the initial catch-all rule is disabled by default.)
  • All kinds of detector rules (SQL, Windows and Exchange SMTP) can now be enabled and disabled.
  • Various fixes to improve stability.
  • New data features and usability improvements:
  • The new Access reportsettings panel allows finding patterns in login failures to track common attack approaches, see the spread of IP addresses and usernames.
  • Syspeace customer Jeff Walton:
  • "The access reports section has been a bit of an eye-opener regarding the number of addresses that hit us multiple times per day but never in fast succession. I created a rule that looks back over a 10 day period and have been catching a lot of attempts that are only one or two tries during different times of the day but occur several times each week. I found one that appears to have started a dictionary attack and successive tries have picked up where they left off days earlier."
  • Global blacklist blocks are more clearly marked as such in the main window and in the Live blocks settings panel.
  • The Live blocks settings panel now explains what caused a block to be triggered. (Only applicable to new blocks.)
  • The settings panel list now shows indicators of how many rules are currently enabled. If no rules are enabled, the indicator is grey to show that no protection is provided, otherwise it is green.
  • A status screen is shown as Syspeace starts up.
  • The Attack control settings panel can export the current data to a CSV file.
  • A clarification has been added to the Mail settings, noting that mail servers using Windows integrated authentication (like Exchange SMTP) might require prefixing the username with the domain name.

New in Syspeace 2.0.1 (Apr 11, 2013)

  • Includes better support for SMTP over SSL, access to higher quality geographical data, improves performance and fixes upgrade issues.

New in Syspeace 2.0.0 (Apr 11, 2013)

  • Added support for Windows Server 2003. Many improvements to user interface, installation process and IP address handling.

New in Syspeace 1.1.40 (Apr 11, 2013)

  • Added support for CSV-files in daily and weekly reports. Minor fixes to system.

New in Syspeace 1.1.30 (Apr 11, 2013)

  • Upgraded the Attack control: improved search and added analysis of login statistics.

New in Syspeace 1.1.23 (Apr 11, 2013)

  • Fixed bug where new installations would have problems with the reporting feature.

New in Syspeace 1.1.22 (Apr 11, 2013)

  • Updated registration process in GUI.

New in Syspeace 1.1.21 (Apr 11, 2013)

  • Fixed e-mail bug.

New in Syspeace 1.1.20 (Apr 11, 2013)

  • Added daily and weekly reporting.