Related documents: SA44784; KB44755On March 31, we released the Integrity Checker Tool (ICT) to the Pulse Secure community. This tactical tool was developed and quickly made available for detecting compromised PCS appliances as part of our recent investigation. It has been effective in what it was designed to do, even finding compromised appliances in cases where the Threat Actor tried to remove their tracks.We are committed to continually improving the PCS product and in collaboration with experts such as CERT, Mandiant, and Stroz Friedberg, we are incorporating lessons learned and best practices to harden security measures and adding new features designed to improve the customer experience. Our customers will see the beginning of this journey in the upcoming release of version 9.1R12 in early August.In version 9.1R12 we are incorporating the positive aspects of the ICT while also looking to address some issues directly in the product. Specifically:
Version 9.1R11.5 released on 11 June will be the final version supported by the standalone ICT. FAQ1) Can I still use the current release of the ICT? Yes, the current release of the ICT has proven to be highly effective in discovering malicious activity on the gateway.2) Has the ICT been circumvented by anyone? To date, we have not had any reports of a threat actor circumventing the ICT, nor have any of our security partners. However, since it is theoretically possible on a fully compromised system to circumvent the ICT with sufficient time and effort, we are building improved integrity checking capabilities into upcoming releases.3) When will the ICT replacement be available? Current delivery date is planned for the 9.1R12 release tentatively scheduled for early August release.
- Eliminating the need for scheduled downtime to run an integrity check.
- Automating the process to update the integrity definitions to the latest version.
- Improving administrator feedback, including logging when the integrity check runs and showing the results.
- Addressing a few edge cases where false positives can occur.