Credential/Identity Monitoring now includes various VPN, cryptocurrency wallet, and other applications.
In a (this is common) chain of affected processes during an attack (attacker moves from running program A, to B, to C, and D is used for data theft), the “patient 0” program A is suspended, but patient D is reported as the process performing the theft behavior.
Memory state is preserved and reported throughout the process chains, for future forensic analysis.
In the event of an automated response in which a running process' memory was modified, that memory modification is configurably uploaded to Cyber Crucible for reverse engineering and further analysis.
In the event of a non-malicious memory modification bug in an application, behavioral exceptions (“whitelists”) now have the ability to flag certain memory corruption events as benign. This will not stop the program itself from crashing or losing data due to the bug, but Cyber Crucible will know to ignore the bug while searching for malicious injection of code into running processes (process injection/hollowing).
Removed vulnerability where binaries could be deleted by a privileged process while CC binaries are updating.
Removed vulnerability where registry keys could be deleted or altered by a privileged process while CC binaries are updating.
Corrected memory state tracking when a process is patched in-memory during Cyber Crucible evaluation of the memory.
Corrected memory state tracking under certain conditions where memory is re-allocated between memory pages.
Minor CPU efficiency updates, that are likely too minor to register in Task Manager, since usage is normally <1%