Syspeace 3.1.0

February 26, 2019

Big changes and new features:

  • Added support for “Remote Status”, to view the status of Syspeace from another computer with the new freely available Remote Status Console application. For more information, see the Remote Status page on syspeace.com or the Getting Started with Remote Status document.
  • Added support for /postinstall mode to activate license and import settings, which enables deployment of Syspeace. For more information, see the Deploying Syspeace document.
  • Improved the performance of matching login attempts to rules and producing blocks. It now completes faster while using less memory.
    • Syspeace now uses a “rule matching database” to match login attempts to rules, instead of keeping all the information in memory. This speeds up matching in most cases and consumes much less memory. Most of the matching work does not change over time and this work is precalculated and stored in the database.
    • This database will need to be calculated the first time, and starting the Syspeace service the first time after upgrading will be slower than usual. Subsequent startups should be much faster than with previous versions of Syspeace.
    • Manually changing a rule requires recalculating the rule’s matching information, since it may now match more or fewer login attempts than before. Usually it will happen within seconds, but it is proportional to how many login attempts there have been and the longest rule block duration. Status information is shown in the main window when this happens.
    • Toggling the Reset on success setting will cause *all* rules to be rematched and may thus cause a noticeable delay in extreme cases.
  • Added ability to show/hide country rule-based blocks in main window.
  • Allow specifying which form of TLS/SSL is used when sending mail messages over a TLS/SSL encrypted SMTP connection.

Performance/stability improvements and bug fixes:

  • Improved performance when pasting many entries into the local blacklist.
  • Dramatically improved performance when searching Access log for high traffic servers.
  • The cause of a block now takes up less space in Syspeace’s internal database.
  • Improved handling of unexpected reply during MaxMind database update process.
  • Improved handling of errors from the backend server.
  • Fixed an issue in the Syspeace engine that could cause the list of ban instructions to stop updating.
  • Fixed an issue in detectors that could cause a crash if the event viewer system component encountered an error trying to read the event log.
  • Fixed an issue where the FIPS compliant AES algorithm would be rejected when Windows is running in FIPS compliant mode because the wrong AES algorithm implementation was used.
  • Fixed a bug that prevented an old, space-inefficient form of data from being removed from the Syspeace database as it was migrated to a more compact form in a previous version. If you have already upgraded, the data will be removed when Syspeace is started.
  • Fixed an issue in RDP traffic detection that could cause the IP address of a successful login attempt to be used as the IP address of a failed Windows audit log event missing an IP address under very specific circumstances.
  • Fixed a bug where some successful login attempts would not trigger country rules triggered by “any login attempt”.