SES Evolution 2.4.1 new features and enhancements

Warning

WARNING
Before updating your solution to version 2.4.1, download and deploy the 2304a security policy. To download it, go to your MyStormshield client area or to the Stormshield updates panel of the administration console.

Improved pool protection

Integrated search for indicators of compromise

SES Evolution now makes it possible to search for Indicators of Compromise (IoC) on your entire pool or part of it. IoCs are able to detect attacks on a user workstation, prevent their spread and clean up systems before a compromise is exploited.

Indicators may be, for example, file names, specific IP addresses, malicious file hashes, suspicious URLs or text files.

IoC searches can be launched when a security rule detects or blocks abnormal behavior. Searches can also be launched manually at any time to monitor one or several workstations on demand. You can also schedule IoC scans by agent group, at regular intervals and for a specified duration.

To search for IoCs, you must first provide SES Evolution with the IoC description. IoCs may originate from your own pool if you have detected a compromise via SES Evolution or other means, or from external private or public resources.

Find out more

Remediation operations on a group of workstations

In an attack or malicious operation on your pool, you can now launch remediation operations on several workstations from agent logs generated in the administration console. These operations make it possible to limit the impact of attacks and fix any damage caused.

Depending on the agent log type, SES Evolution offers various remediation operations, for example: deleting a file or registry key, shutting down a process or retrieving files encrypted by ransomware

Find out more

Detection of Windows Store apps

SES Evolution can now detect app signatures that have been validated by Microsoft to be distributed via Windows Store. This verification makes it possible to extend the verification of legitimate apps to Windows Store apps and rely on the analysis of information contained in apps' certificates.

Database management

Monitoring of administration and log databases

With the calculation of estimates and alerts, SES Evolution now allows users to monitor the remaining capacity in databases and prevent them from being saturated. In the System menu of the administration console, charts provide a quick overview of database occupation and make it possible to estimate when they will be saturated.

To anticipate when databases will be saturated so that they can be reduced, SES Evolution allows you to:

  • Schedule daily maintenance tasks to optimize database performance,

  • Manually delete logs immediately,

  • Schedule when logs older than a certain date will be automatically deleted.

In addition, SES Evolution now makes it possible to export incidents that are reported in the event of an attack. You can then submit them to an external service for analysis, for example, and archive them as well on a storage server to free up space on the log database.

Find out more

Troubleshooting

Diagnostic tool

When abnormal incidents occur, the new SES Evolution diagnostic tool collects data about the component causing the issue (agent and backoffice) and the host's Windows system. Stormshield's technical support team can then analyze this data to form a diagnosis.

Find out more

Administration console

New shortcut icons

In the administration console, a new banner at the top of the window shows several icons with direct access to menus in the console:

  • Three icons indicating the status of the backend server, databases and agent handlers. Click on each icon for more details.

  • An icon to access the Environment menu. When a deployment is required, the icon will turn red.

  • An icon to access user preferences.

  • An icon to access the Stormshield updates menu.

SES Evolution Agent

Compatibility with Smart Application Control

The SES Evolution agent is now compatible with the Smart Application Control option on Windows 11 22H2 operating systems. We advise you to refer to the section Explanations on usage for more information.

Security policies

Wi-Fi network rules

The WPA3 authentication mode is now available in the Wi-Fi network rules in security policies to allow such connections to be blocked, allowed or monitored.

Find out more

Compatible SQL Server versions

New compatibility

SES Evolution is now compatible with SQL Server 2022 and SQL Server Express 2022 databases.