iSecurity Anti-Ransomware Release News

Performance enhancements by using asynchronous processing

A great performance improvement is achieved as Anti-Ransomware can now split its work into two parts. The bulk of its work can now take place asynchronously, outside of the exit programs. Other processing, and the user, no longer have to wait for these operations to complete.

Previously, Anti-Ransomware had worked entirely within exit programs, identifying attacks there. SInce the operating system waited until each exit point returned its decisions, users also had to wait until each individual action was inspected.

The product enables the user to decide which way to work.

Support of Multithread activity on the File Server

iSecurity Anti-Ransomware now supports multithreaded jobs on the File Server. Non-threaded jobs (multiple jobs named QZLSFILE) use separate jobs for each of a user’s shares. In multithreaded environments, a single job (named QZLSFILET) can share activities for multiple users. By sharing the activities, users can experience the benefits of multithreading.

The product enables the user to decide whether or not to use multithreading.

  • We improved activation of AR, taking existing exit programs in parallel mode.
  • AV Pattern download Proxy in German Operating System version was added.
  • The IFS performance Excludes *.extension was improved.
  • We added commands for AR to start in batch.
  • Antivirus signature files and Anti-Ransomware extension files are now downloaded securely via HTTPS.
  • Fixed: Display Ransomware Compromised (SMZ1 missing)
  • Fixed: When GSEPWDR  was missing, AV maintenance closed the jobs and did not restart.
  • New option: Display Ransomware Compromised (DSPRWCMP). It enables displaying files that are suspected to have been compromised.
  • Improved maintenance of recycle bin
  • Enhanced possibility to use existing user exit program for IBM_QPWFS_FILE_SERV in parallel with Anti-Ransomware.
  • The RTVATPSTS command (Retrieve ATP (AV AR) Status) has been improved, to allow receiving of AV FYI status
  • TPFILSR close file TPLSTRWL right after the chain, to release the file when attack is on
  • Fixed false positive reports of attacks on special picture files
  • Fixed: When Client Access IFS selects an QSYS.lib/QGPL.lib object (Access Client Solutions)  a log entry 6V/1 was created alerting about an Ransomware issue
  • Fixed: AR now considers React Y/N. (STRAR > 3)
  • Addition of PC based attack simulator for known and unknown ransomware
  • Addition of menu item to explain how to use the attack simulator
  • Addition of menu item that explains how Anti-Ransomware detects attacks
  • Completely new menu
  • Simplified reaction definitions

Anti-Ransomware is now part of the iSecurity Advanced Threat Protection (ATP) suite. The suite has been restructured to include:

  • Simplified menus and command access:·
      • STRATP         Menu of Anti-Virus, Anti-Ransomware, Object Integrity Validation
      • STRAV           Menu of Anti-Virus
      • STRAR           Menu of Anti-Ransomware
      • STROBJITG    Menu of Object Integrity Validation
  • Threat Control Center – clarified the screen text