With this release we add four new features to Impex:

  • More user friendly offline upgrades for Impex stations. When inserting a USB drive containing a signed IMPEX update, an Impex station will now display a new button on the user interface of the station making it possible to do offline updates. This is an important feature for air-gapped networks, but also useful when having network problems or trouble shooting Impex.

  • The old limitation in ICC, in which search or sort operations were only applied to the latest 1000 entries, has been eliminated. Now searches in the file, scan and contacts view will search the full database.

  • We further extend the work started in 2.7.0 with USB port mapping in the stations. In 2.8.0 a graphical window is shown on the station to allow for mapping of physical USB ports to logical ports within impex (e.g. which physical port is considered left port). In this release we introduce a feature on the server side to reset this setup on a specific station, if the setup has been changed (e.g. changes in cables and port connections behind the Impex station)

  • Pause AV and system updates with time limits: it used to be a boolean toggle, now it is a date that can be set so updates get automatically turned on again after a certain date.

This release also comes with significant updates to the yara parts of Impex. Some curated yara scripts are distributed with the release, to add security controls and also to demonstrate the power of this technology. Using the yara view in the ICC, it is now possible to enable those scripts (curated scripts are disabled by default) to filter files based on policy rather than malware content, e.g. block all files from MS office applications or all Windows PE binaries. The documentation related to yara is also updated to describe how Impex customers can write local, and customized, rules.

A noteworthy change in the 2.8 release is the move of ICC frontend code from AngularJS to the latest, Angular 13, framework. This required a total rewrite of all GUI code from Javascript to Typescript. This is part of the regular improvement of the IMPEX product. Moving to more statically typed languages improves product stability, and speeds up the development life cycle of products. This upgrade to the latest Angular version is also an intermediate step for further, more visible, changes to ICC that will come in the next few releases.

This release also contains a number of fixes and bug fixes that have been resolved in the station and in the ICC.

Station

  • In the station user interface, a new button will be shown if a USB drive containing a SYSCTL signed package is inserted. Pressing this button will launch the signed package. This feature is used for doing offline upgrades of OS and AV signatures - most useful in situations where non-networked, stand-alone Impex stations exist - but can also be used for other administrative actions like station changes that cannot be done through the ICC GUI.

  • Operating system updates applied, including security updates and more hardening.

  • Regression-fix: the identification field was again added to the receipts (it got removed in 2.7)

ICC

  • A new Reset USB ports task was added to the station cards. This can be used to reset the USB port mapping on a station in case the cabling was changed or for example when a CD-ROM/DVD has been added to one of the available ports on the back side.

  • Search and sort orders on the file, scan and contact views are now doing back-end database queries and no longer only operate on the current view.

  • More operations are getting logged.

  • Operating system updates applied, including security updates and more hardening.

Repo server

  • Operating system updates applied, including security updates and more hardening.

Documentation

  • Documentation on YARA has been added to the ICC manual. This documentation includes info on Yara, how to use it in Impex, how to write customized rules.

Known issues

  • Due to the ICC web framework upgrade to Angular 13, Internet Explorer 11 is no longer supported. Angular 13 dropped support for it and Microsoft has marked it for End of Life in June 2022. If there are any customers affected by the discontinued support of IE 11, we recommend switching to any of the other more modern browsers, since this will also come with a huge enhancement in browser security.

  • Adding new rules to set/group only works if the set/group has been saved first.