Adaptive Protection | Adaptive Protection adaptations are now called exceptions. For more information, see Using Adaptive Protection. |
| Custom Application Behavior | Custom Application Behavior now prevents you from creating a rule that blocks all applications or disables all local drives.A message appears to alert you that you cannot save the rule. The message appears when you use an asterisk wildcard (*) by itself for included applications in a rule with a condition that specifies the asterisk (*) wildcard for a behavior and an action of Block access.For more information, see Configuring rules in Custom Application Behavior rule sets. |
| Policies | On the Versions tab of a policy, a new Modified By column indicates who modified the policy and created the version. A new Time column shows the date and time when the version was created. For more information, see Reviewing the version history for a policy. |
| Endpoint Detection and Response (EDR) | You can now connect to remote devices by launching Live Shell’s Connect with one-time PIN (OTP) authentication setting configured for the corresponding Detection and Response policy enabled for the remote device. This setting can be configured by a Super Administrator only, and is applicable for any custom user role that has permission in the Live Shell > Live Shell Connect with OTP option on the Settings > Administrators and Roles > Roles page of the cloud console.For more information, see Live Shell Connect for Windows.A saved search query retains the same grid columns that were active when the search was saved.For more information, see Saving and sharing search queries.Investigation privileges are enhanced for custom roles. You can now create different roles to view, create, edit and update the incident and incident rules.Users who are assigned to a custom role for managing incidents lose the privileges to view incident rules and adaptations; enable and disable incident rules and adaptations; create, edit, and delete custom incident rules; and edit settings after the August 2023 refresh deployment. The Super Administrator must reconfigure the custom role to enable the privileges for Incident Rules and Adaptations.For more information, see Creating and managing custom roles.You can now expand the incident details flyout pane into a separate browser tab. This allows you to make the maximum use of the available screen size and leverage enhanced event filtering functionality when viewing incident details.For more information, see Expanding the incident details to a new browser tab.The incident rules summary view now includes additional event count columns that give you more confidence in incident volumes if you choose to enable a rule.For more information, see Examining information in the Incident Rules summary view.New monthly updates are available for:MITRE event enrichment updatesAdvanced Attack Technique incident rules updates |
| SEP Mobile | Support has been added for a new Unwanted Mobile Application policy that lets you define an application as unwanted based on permissions or behaviors.For more information, see Defining the risk level for determining a mobile application as unwanted. |
| API | A public API is now available to fetch file details by hash. You can do the following:Retrieve all file details by specifying the hash value in the API.Retrieve a list of devices on which a file hash is seen.Retrieve the file path values on a device by specifying the file hash and the device ID in the API.For more information, see the Symantec Enterprise Security Products API Portal. |
