Documente Academic
Documente Profesional
Documente Cultură
4 Release Notes
Version: 1.2.4.4
Build: 157593
Release Date: 5/15/2015
Document Revision: 2.0 on 5/18/2015
Introduction
These release notes apply to the Blue Coat Content Analysis appliance. For
release specific information, refer to the following:
p
"Support" on page 18
Upgrade Notice
Upgrades to Content Analysis version 1.2 releases are only supported from version
1.1.5.2 or above.
If your appliance is running a release earlier than version 1.1.5.2, please upgrade to
1.1.5.2 prior to upgrading to 1.2 releases.
When a file is found to not be a virus and is not in the file whitelist, Content
Analysis can send the file to an external appliance (Blue Coats Malware Analysis
Appliance or FireEye appliance) to run the file in a virtualized Windows
workstation environment. The actions of the file (registry edits, requests to
malicious web sources),are identified and included in a detailed report sent to the
Content Analysis administrator.
Cached Responses can be used to speed up processing for files that have been
scanned previously.
The Blue Coat WebPulse service is an integral part of Content Analysis protection.
Users are protected by the BCWF database on the ProxySG appliance, and when
viruses and malware are discovered through scanning, those results can be shared
with Blue Coat to classify bad URLs for the benefit of all WebPulse users
worldwide.
Dashboard Updates
Content Analysis has added increased visibility from the management console
into threats detected, scanned, and scanning as well as a system summary and
last antivirus pattern updates. The home page of the management console
includes the Last 5 Threats Discovered.
To drill down on any information in the home page, go to Statistics > Overview,
as shown in the following example:
MAA reports error, 'failed with HTTP code 404' when trying to send .zip
archives. (B#214286)
Initial Configuration
1. Connect to the appliance through the Serial Console connection at the rear
of the appliance.
2. Launch a terminal application, such as hyperterm. Enter the following
connection settings:
BPS: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: none
3. To start the initial configuration wizard, select Initial Setup. This wizard
prompts you to define the following settings:
IP Address
Subnet Mask
Default Gateway
DNS Server
Alternate DNS Server
Administrator password
4. After you have defined the settings in Step 3, you can reach the CAS
management console via a web browser as follows:
https://x.x.x.x:8082 (replace x.x.x.x with the CAS appliance IP address
defined in the previous step)
5. Enter the administrative credentials to log in to the appliance:
username: admin
password: <defined in step 3>
6. On first access, Content Analysis prompts you to apply a license file. You
can obtain your license file by registering your appliance at https://
bto.bluecoat.com/licensing.
Java script was not available as a data type to select in the UI to create
policy. (B#211586)
Note: Note: If the policy for CAS is to block or ignore java script files but
the web server sends the files compressed or otherwise encoded, CAS does
not recognize those files as java script and does not perform the expected
action (to block or ignore java script files).
p
p
Selecting an MAA plugin to use (for sample detonation) was not available
in the CAS UI. (B#211585)
Files within archives were not being passed to MAA sandbox for
detonation. (B#211584)
CAS sends host name rather than FQDN (fully qualified domain name) on
SMTP connection. (B#210884)
(SR 2-1003787288) 10G Fiber NIC card does not support bypass mode.
(B#209707)
(SR 2-929566911) Added the ability to disable SNMP (B#209256)
(SR 2-989676102) Some MP3 files were being treated as executables.
(B#209301)
CAS was not properly checking content length of headers when scanning.
(B#208796)
In some circumstances when ICAP Preview is enabled, CAS will return 400
bad requests. (B#208498)
After pattern updates, under some circumstances some files will return an
error. (B#206570)
AVWatchdog aggressively restarts SNMP server. (B#205414)
CRC errors on sending .rar file to MAA. (B#211270) MERGED WITH Files
inside a .rar archive not being sent to MAA. (B#211302)
CAS HAS LIMITED RAR SUPPORT: Libachive has limited support for
reading RAR archives. Currently, Libarchive can read RARv3 format
archives which have been either created un-compressed, or compressed
using any of the compression methods supported by the RARv3 format.
Libarchive can also read self-extracting RAR archives.
p
Files are passed to the MAA sandbox (maximum allowed: 5 archive layers)
for detonation. (B#211584)
10
Blue Coat Support Service Request (SR) numbers higher than 2-xxxxxxxxx
are now supported (B#200992).
Sophos fails to block a file when it is larger than the defined Maximum
Inividual File Size (MIFS) (B#201706).
McAfee incorrectly identifies Maximum Individual File Size as File Within Archive
Size Exceeded (B#201707).
Anti-virus setting for Allow generated a File Blocked message but served the
file (B#201361).
McAfee update fails with the error, Incremental resolver failed
(B#201197).
p
p
11
12
13
14
If you are changing explicit proxy settings, you must restart the ICAP
service, in order for whitelisting traffic to use the new settings (B#199781).
Premature failed update alerts are sent on pattern download failures even
though the server recovers automatically (B#199019).
15
Issue: DNS cache is not cleared automatically when you change the DNS server
addresses (B#198569).
Workaround:
Issue: Upon initial boot or after restoring the appliance to a factory default
state, the Onboard Diagnostics tab may display no data (B#198178).
Workaround:
Issue: The Quick Start Guide Addendum Step #1 indicates that there is a default
password.
Workaround: This is no longer valid: you can set the default password. For more
information, see previous section within these Release Notes.
16
The CAS management console does not report the SNMP version being
used for SNMP messaging (B#195459).
Workaround: The CAS appliance uses SNMP version 3 for traps.
Issue: Audit logs shows enable/disable, serve/block as 0 and 1 when setting
file behavior (B#190807).
17
Use caution when using Troubleshooting > PCAP, as the delete button
provides no warning.
Issue: After committing a change to the appliance configuration, a message
appears at the bottom of the CAS UI to advise that the change was successful.
This message does not clear from AV Scanning Behavior (B#195266).
Workaround:
Issue: Using HTTPS for image or license downloads from an internal HTTPS
server requires that the server have a trusted certificate installed. Self-signed
certificates are not supported.
Workaround:
Support
For general information about Blue Coat: bcs.info@bluecoat.com.
Direct support questions regarding this release to Blue Coat Support. For more
information, visit: http://www.bluecoat.com/support/contactsupport
18
Americas:
Blue Coat Systems, Inc.
420 N. Mary Ave.
Sunnyvale, CA 94085
19
20