Content Analysis 1.3.1.1 GA has been released on the BlueTouch Online download page. After you log in with your BlueTouch Online credentials, you can download the image and release notes .
This release includes the following new features:
  • Static Analysis. Advanced AI-based malware detection from Cylance.
  • Improved Sandboxing Experience. This release includes real-time sandboxing, and introduces support for FireEye NX and Lastline Sandboxes.
  • Endpoint Integration with CounterTack Sentinel. When malware is identified, Content Analysis can query your configured CounterTack Sentinel service to determine if that malware reached any workstations in the environment.
  • SNMP v3 support.
  • SSL/TLS Certificate import and management support.
This release resolves the following issues:
  • When integrated with Management Center, Content Anlaysis consumes high memory. Memory consumption has been limited when communicating with Management Center. 
  • Content Analysis reports decompression alerts. 
  • The Content Analysis appliance does not respond to health checks, SSH. 
  • Kaspersky engine and malware database updates fail unless Sophos is also enabled. 
  • Kaspersky process crashed with out of resource error. 
  • ICAP header X-Error-Details does not show %TIMESTAMP and %CLIENT in the message. 
Content Analysis documentation is available at:
https://bto.bluecoat.com/documentation/All-Documents/Content%20Analysis/Version%201.3
  • Cylance static analysis does not block files sent to Content Analysis in ICAP reqmod from a ProxySG appliance.
  • Duplicate RADIUS users cause the Content Anlaysis authentication service to fail.
  • Unable to view Packet Capture (PCAP) in the Content Analysis management console. 
  • When files processed as part of reqmod processing, MSI files are not blocked when the MSI file type is set to block.
  • NTP settings are inconsistent. Management Console reports that the NTP service is enabled, even when set to disabled. 
  • Users can disable all administrator accounts.
  • The system information statistic, SANDBOX COMPLETE, is not being populated. 
  • The incorrect error message is produced if the CounterTack server details are not configured correctly. 
  • Certificate import sticks in error condition when a bad passphrase is used.
Imported Document ID: 000027713

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2020 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.