The IMPEX 4.0.0 release

This release contains a redesigned and rewritten USB Protect graphical user interface that we think looks better, is easier to read and has more and clearer information. The best part though, is what happened behind the scenes; the backend parts of the station has been rewritten in a modern language (Golang) which will enable a faster and safer development pace for the USB Protect product.

We have also added some more curated yara rules for detecting, and thus blocking, different kinds of file types. You can look at them in the Yara view on the ICC. They are of course disabled by default since, for example, blocking unsigned PE files might not be in everyone’s interest.

ICC changes

  • Checkboxes are now right aligned instead of left everywhere

ICC fixes

  • Added support for infinity-scroll on the SSH keys page

  • YARA rules evaluation has been extended to automatically rename rules with conflicting names. Uploads also now refuse to overwrite an existing rule with the same name

  • Upload file explorer now also shows local .yara files, not only .yar files. Anything not called .yar will now automatically be renamed to .yar on the backend on upload

  • Fixed a bug where removing a yara rule and then uploading a new one with the same name would automatically be enabled (if the previous one with the same name was enabled)

  • Fixed a bug in the ICC frontend; removing an included Device Rule Set from a Rule Set did not work and created an invalid Rule Set

Station changes

  • GUI frontend rewrite from scratch, new design, new fonts, new error handling and some new features like:
    • Scanning view now shows elapsed time per scanning engine
    • Showing source/target USB info in the receipt view
    • Keyboards are now layout-wise more like real keyboards
    • Scanning time is now displayed in the receipt view
    • Clarify the design in the system information tabs
  • Improved design in the execution of bundles

  • Improved design for offline upgrade

  • Backend services, almost all, rewritten in Golang

  • Bitlocker: formatting an unlocked bitlocker device now creates a new NTFS filesystem on the bitlocker device and thus preserves the bitlocker container. It used to format the entire drive and thus wipe the bitlocker container. Note that formatting a locked Bitlocker device still wipes it, as before.

Station fixes

  • The UDEV feature supposed to block all non-usb storage devices had a regression that allowed USB Network devices and USB Serial Devices (but not HID devices) to attach. This has been fixed.

  • Boot loader password has been activated again and will be rotated nightly and be the same as the Daily Token. Boot loader password protects from an attacker with physical presence to be able to single boot into the station. We want to point out that anyone with physical presence can still disassemble the station, reset the BIOS and bypass this hurdle.

Documentation

  • Station manuals have been updated with new screenshots matching the new look and feel

Security

  • Upgraded Django to 3.2.25, fixes CVE-2024-27351 which is a potential DoS issue with severity medium

Operating system packages

  • As usual this new release also brings upstream operating system updates and fixes

Known issues

Station

  • The format and shred buttons become visible before the files on an inserted drive have been parsed. If either is pressed before the files have been fully read, an error will occur. To avoid this error, wait until all files have been read. The error is due to the drive being used when the format/shred process tries to unmount it. This will be handled better in the next release.

Information

Portal

https://portal.sysctl.se is now available for Sysctl customers. The portal is used to distribute files and information that have restricted distribution. In this initial release, the portal provides specific program files for IMPEX customers, and especially those customers that have standalone or offline USB Protect. From the portal customers can download offline updates and AntiVirus definitions updates. It is also possible to download installation media for

  • ICC server
  • Repository server
  • IMPEX USB Protect
  • IMPEX DataLock

Email SYSCTL support to get access to the portal.

Atom (RSS-like) feed

The feed includes sysctl news and release information

https://sysctl.se/feed.xml