5. Hotfix

5.1. Package 1 (HF1 / SHA256)

Hotfix no. 1 fixes the problem of duplicate sigflow alerts in the syslog export (see: ref:Duplicate sigflow alert export <known_bug_alert_sigflow_in_double> )

5.2. Package 2 (HF2 / SHA256)

Warning

HF2 updates internal Gcenter product licenses and must be imperatively be applied before 12/31/2021.

Update package must be applied in the GUM > upgrade interface (which implies a mandatory restart). This fix can’t be applied like a hotfix as it brings, among others, a kernel patch.

Hotfix no. 2 applies to following versions :

• version 2.5.3.101

• version 2.5.3.101-HF1

Hotfix no. 2 fixes the following issues :

• Megaraid driver exception (cf. Exception caused by the megaraid driver)

• Malcore reliability (cf. Malcore - Service stop due to saturation)

• Hot Cold data handling exception cf. Cold or hot data handling exception)

• Malcore - no flow_id (cf. Malcore - Malcore - Log export with flow_id=0)

• Data loss when exporting to syslog cf. Syslog export: behaviour during saturations)

• Performance, files are processed 50% to 100% faster (cf. Malcore - Analysis engine saturation)

• Kibana dashboard corruption (cf. Kibana - UPGRADE)

• API Error (cf. API unavailable during use of LDAP module)

Important

Following bugs require special attention :

• Operator and administrator accounts deactivation (cf. Default accounts reactivation)

• Manual index sizes check before upgrading (cf. Cold or hot data handling exception)

• Deactivation of one AV engine (cf. Malcore - AV engine deactivation)

• Kibana manual restart (cf. Kibana - inaccessible tables)

5.3. Package 3 (HF3 (upgrade mode) / SHA256 // HF3 (hotfix mode) / SHA256)

Hotfix no. 3 applies to following versions :

• version 2.5.3.101-HF2

Hotfix no. 2 fixes the following issues :

• IPsec - Can not establish IPsec link in NAT network (cf. Can not establish IPsec link in NAT network)

• Blocked Powershell analysis (cf. Blocked Powershell analysis)

• Filebeat Instability (cf. Filebeat instability)

• Malcore - error code 3 (cf. Error code 3)

• Malcore - error code 10 (cf. Error code 10)

• Malcore - AV engine Reactivation (cf. Malcore - AV engine deactivation)

This hotfix enable hotfix feature for LPM clients.

5.4. Package 4 (HF4 (hotfix mode) / SHA256)

Hotfix no. 4 applies to following versions :

• version 2.5.3.101-HF3

• version 2.5.3.101-HF3 (LPM)

Hotfix no. 4 will :

• Fix the bug of LDAP connections which are never closed. (cf. LDAP - GCenter doesn’t close connections)

• Fix a bug of filebeat after applying HF3 in upgrade mode. (cf. Filebeat instability)

• Improve the stability of Malcore module with the implementation of an orchestrator.

• Improve the online update of Malcore module.

• Disable an unstable antimalware engine.

• Improve the management of some services with a automatic restart in case of failure.

• Improve the management of GCenter log files to avoid a full disk space.