Close this search box.

iSecurity Anti-Ransomware Release News

  • IMPROVED: The subsystem ZRANSOM starts on IPL now, if option “11. Activate Real-Time Detection” is activated.
  • ADDED: Auto-activation option on IPL.
  • IMPROVED: Exclusions are now checked before file extensions.
  • IMPROVED: Exclusion patterns, to avoid issues with checking in other CCSIDs.
  • ADDED: Auto-Activation of Anti-Ransomware at IPL
  • IMPROVED: Import/Export function when no ransomware database exists.
  • IMPROVED: Excludes in Anti-Ransomware, to exclude directories or files from being checked.
  • REQUIRED: As of Version 8, new license files are required.
  • ADDED: You can set the length of time to retain logs and CHKISA files in STRAV > 81 > 9.
  • IMPROVED: For better performance, when a system running multiple scanners tries to use a scanner that is already occupied, it proceeds immediately to the next scanner.
  • FIXED: Empty files now are not scanned.
  • Added: New ZRANSOM subsystem, enabling multithreading for faster processing of perceived attacks.
  • Added: New option “Check Ransomware Asynchronous” (STRAR > 81 > 21), which enables the ZRANSOM subsystem.
  • Added: Sandbox for more efficiently and thoroughly testing files that may have been attacked, with greatly reduced false positives. 
  • Added: New option “Print Display IFS Scan Attribute” (DSPSCNA)*CSV
  • Changed: “@” in PGM names are now “8”
  • Improved: Fewer job logs created.
Performance enhancements by using asynchronous processing

A great performance improvement is achieved as Anti-Ransomware can now split its work into two parts. The bulk of its work can now take place asynchronously, outside of the exit programs. Other processing, and the user, no longer have to wait for these operations to complete.

Previously, Anti-Ransomware had worked entirely within exit programs, identifying attacks there. SInce the operating system waited until each exit point returned its decisions, users also had to wait until each individual action was inspected.

The product enables the user to decide which way to work.

Support of Multithread activity on the File Server

iSecurity Anti-Ransomware now supports multithreaded jobs on the File Server. Non-threaded jobs (multiple jobs named QZLSFILE) use separate jobs for each of a user’s shares. In multithreaded environments, a single job (named QZLSFILET) can share activities for multiple users. By sharing the activities, users can experience the benefits of multithreading.

The product enables the user to decide whether or not to use multithreading.

  • We improved activation of AR, taking existing exit programs in parallel mode.
  • AV Pattern download Proxy in German Operating System version was added.
  • The IFS performance Excludes *.extension was improved.
  • We added commands for AR to start in batch.
  • Antivirus signature files and Anti-Ransomware extension files are now downloaded securely via HTTPS.
  • Fixed: Display Ransomware Compromised (SMZ1 missing)
  • Fixed: When GSEPWDR  was missing, AV maintenance closed the jobs and did not restart.
  • New option: Display Ransomware Compromised (DSPRWCMP). It enables displaying files that are suspected to have been compromised.
  • Improved maintenance of recycle bin
  • Enhanced possibility to use existing user exit program for IBM_QPWFS_FILE_SERV in parallel with Anti-Ransomware.
  • The RTVATPSTS command (Retrieve ATP (AV AR) Status) has been improved, to allow receiving of AV FYI status
  • TPFILSR close file TPLSTRWL right after the chain, to release the file when attack is on
  • Fixed false positive reports of attacks on special picture files
  • Fixed: When Client Access IFS selects an QSYS.lib/QGPL.lib object (Access Client Solutions)  a log entry 6V/1 was created alerting about an Ransomware issue
  • Fixed: AR now considers React Y/N. (STRAR > 3)
  • Addition of PC based attack simulator for known and unknown ransomware
  • Addition of menu item to explain how to use the attack simulator
  • Addition of menu item that explains how Anti-Ransomware detects attacks
  • Completely new menu
  • Simplified reaction definitions

Anti-Ransomware is now part of the iSecurity Advanced Threat Protection (ATP) suite. The suite has been restructured to include:

  • Simplified menus and command access:·
      • STRATP         Menu of Anti-Virus, Anti-Ransomware, Object Integrity Validation
      • STRAV           Menu of Anti-Virus
      • STRAR           Menu of Anti-Ransomware
      • STROBJITG    Menu of Object Integrity Validation
  • Threat Control Center – clarified the screen text