Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Capture Client 3.0 release

Hello Everyone,

I am happy to announce that we have the CC 3.0.11 version out as of today. You can log in to captureclient.sonicwall.com and navigate to Management -> Client Installers to find the latest 3.0.11 version.

What's new in this version?

SonicWall Capture Client 3.0 comes with new features designed to help you analyze, reduce the attack surface. Below is the brief on new features in Capture Client 3.0 

Web Content Filtering allows the admin to configure policies that allow or block access to various websites. This allows endpoint security and content filtering to be managed from the same management console, simplifying administration. The feature also includes web activity reporting for easier monitoring.

Application Risk Management helps to manage the risks associated with applications that do not have the latest patches. Unpatched applications can be vulnerable to exploits which exposes your entire IT infrastructure.


Active Directory Integration helps define policies based on groups that users belong to and/or organizational units (OUs) that the devices belong to. Active Directory can be further leveraged to define different kinds of policies based on content filtering requirements, Trusted Certificates, and so forth.


Support for Linux Endpoint leverages the native SentinelOne Linux agent, to protect Linux endpoints from malware. It allows autonomous detection and protection to function in a mission-critical data center or a standalone/disconnected network.


Notifications The new Notifications feature allows administrators and users to see the status of any threats, events, or alerts and to set the rules for the kinds of notifications associated with these activities.

Attaching the release notes for more details.

I hope that helps!

Stay safe and have a good one!

Thanks!!

Category: Capture Client
Reply

Shipra Sahu

Technical Support Advisor, Premier Services

Comments

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @shiprasahu93

    was waiting for the release for a while, finally it's here.

    One thing that confuses me is that Acrobrat Reader 20.006.20042 on macOS is marked as critical. The reputation of Adobe Products is so so, but if I check the provided known vulnerabilities on CC, all listed are from 2018 and probably fixed in the meantime.

    Is this a misinterpretation of the MITRE database?

    --Michael@BWC

  • shiprasahu93shiprasahu93 Moderator

    Hi Michael@BWC ,

    I understand what you mean. For the latest release, it should point out the vulnerabilities after the release dates. It could be misinterpretation of the MITRE database. Do you see any other applications showing something similar?

    All the ones I tested with were old and seem to look okay on my test device. You might wanna report them if you see older vulnerabilities on a newer application.

    Thanks!!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @shiprasahu93

    I checked yesterday and besides the up-to-date Acrobat Reader there was just an older version of VLC marked as high risk, but this went away after updating to the latest version.

    At this point it's just the Acrobat Reader which gets misinterpreted.

    --Michael@BWC

  • shiprasahu93shiprasahu93 Moderator

    Hello Michael@BWC ,

    That's really bizarre. Can you please open up a support ticket and share the necessary screenshots? It looks incorrect for sure.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @shiprasahu93

    Adobe Acrobat is no longer listed as critical, only a VLC is marked as high, but it shows a lower version than it is installed on the system. When does the Capture Client collects the installed applications for checking against the MITRE database? The two applications marked as critical were on two different systems, so some form of update must occur.

    I tried to refresh the Applications on the Devices "View Details" screen, but this did not do the trick.

    --Michael@BWC

  • SuroopMCSuroopMC Moderator

    @BWC - updates are pretty quick and at most should take an hour. Application Updates are reported to the cloud pretty quickly, and the only latency is the periodic check against a global cloud services that correlates data from the MITRE database with application telemetry. One possibility for the delayed update you are seeing could be the current issues we are seeing with the SentinelOne cloud service.

    Thanks for being an active tester and early adopter of the product. Please keep the feedback coming in

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @SuroopMC

    I'll check later whats up with the VLC, CC is still showing the old (but updated) version number.

    What can we expect from Application Risk Assessment? Because this can't be right, because there were some heavy hitters since 73:


    --Michael@BWC

  • SuroopMCSuroopMC Moderator

    That certainly looks like some odd error with Mozilla - we'll look into it.

  • SuroopMCSuroopMC Moderator

    The expected behavior is that you get an Inventory of all applications running across all endpoints in a tenant. Along with a Risk Score that is based on the severity of vulnerabilities identified for that application.. The intent is to provide sufficient intelligence for administrators to prioritize their patching efforts and reduce their exposure to malware attacks.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    I checked again (because it's my older iMac at Home), I had CC 2.0.28 installed, and the Application Risk Assessment was done even with the older version of CC. I decided to upgrade CC 3.0.11 and even then VLC was still listed as old and risky. After a few hours (was on a walk with my wife) this changed without notice and the App Risk got updated and VLC is listed with the correct version.

    One other strange thing is the support for macOS 10.12 (which is an outdated OS), the Release Notes still show that 4.0.3.3085 or later is supported. It is true for CC 3.0.11 but not for the SentinelOne Engine, even the 3.6 wasn't working. It seems that the backend isn't even trying to push SentinelOne 4.x to the old macOS 10.12 Client, it's still stuck on 3.4 even I tried a manual Client upgrade. No events, messages or logs therefore.

    --Michael@BWC

  • SuroopMCSuroopMC Moderator

    Thank you for pointing this out - actually 10.12 is not supported by the SentinelOne agents any longer. We will update our release notes accordingly.

    For reference, Sentinelone engine updates are driven by the Threat Protection policy - if you had a Self-managed version (3.6.x or earlier) or a SonicWall-managed General Release version (3.6.x) selected prior to the update we did, it will not auto-update to SentinelOne 4.x (which is a Feature Release). Try changing your policy to choose either a Self-Managed version for 4.x or a SonicWall-managed Latest Release 4.x version.

Sign In or Register to comment.