Panda Adaptive Defense 360 - Release Notes

Adaptive Defense 360 2.4.1

Release Notes

Ability to export the life cycle details

of one or multiple detections as well as command-line parameter information

This version provides the ability to export the life cycle details of one or multiple detections (or blocked items) to CSV format.

Also, the console will display information about the command-line parameters used by attackers employing PowerShell scripts.

Ability to export the life cycle details

Prioritization of incident analysis

Prioritization of incident analysis (origin, impact, etc.) in the detection of malware or PUP through the Risk indicator.

  • The risk is high when the malware or PUP was run before it was detected and has accessed files and/or established Internet connection.
  • The risk is medium when the malware or PUP was run before it was detected but didn’t access any file and didn’t establish any Internet connection.
  • The risk is low when the malware or PUP was not executed before being detected.
Prioritization of incident analysis

New private mode in Panda Remote Control

This new version of Panda Remote Control incorporates a new privacy level: private mode.

This mode, recommended for computers with confidential information, ensures that every time there is an attempt to access a computer remotely, the computer user is asked to allow or deny the action.

Unlike other modes, "private mode" will take precedence over any change later made by the administrator to the privacy settings from the Web console.

Only end users will be able to disable "private mode" if enabled.

New private mode in Panda Remote Control

Adaptive Defense 360 2.4

Maximize your protection with the new anti-exploit detection technology

We have expanded our protection and containment technologies with a new dynamic and adaptive anti-exploit technology. This new module follows the Adaptive Defense protection model based on continuous process monitoring.

The anti-exploit protection is disabled by default. To enable it, you must modify your security profile settings.

Maximize your protection with the new anti-exploit detection technology

Improve your ability to take preventive and remedial measures on your network computers

If a computer becomes infected after copying a malicious file from another computer on the network, the console and the email alerts will display the name and IP address of the source computer, as well as the user used to access the targeted machine.

This will allow you to identify the computers that are trying to perform malicious actions on other computers, and take preventive and remedial actions to prevent new attacks and clean those systems that are being used to attack other computers.

Improve your ability to take preventive and remedial measures

New report that allows easy integration of protection status information into other corporate systems

A new report has been added that details the characteristics of your network computers, the installation date, the version (of the installation agent and the protection), and the status of the last protection update. This report can be scheduled just like the other reports in the console.

Use this report to, for example, integrate protection status information into other management systems, such as ticketing solutions, SIEM tools, or alerts. You can also schedule report send tasks in CSV format for parsing purposes.

New report that allows easy integration of protection status information into other corporate systems

New Panda Remote Control.

From this version onwards, Panda gives you the option to purchase the new module Panda Remote Control integrated within your Endpoint Protection management console.

Troubleshoot security incidents and technical issues remotely without disrupting users.

Panda Remote Control includes the following features:

  • Remote desktop access with administrator rights.
  • Remote service and process management across your IT network.
  • Remote command line.
  • Bidirectional file transfer.

All this with the peace of mind of knowing that Panda Remote Control encrypts all communications between your computers at all times.

Compatibility with Server Core servers

Now, Adaptive Defense and Adaptive Defense 360 let you protect and monitor your Server Core servers.

From version 2.4 onward, you can safeguard your Server Core installations of Windows Server 2008, 2008 R2, 2012 and 2012 R2 against malicious infections.

Compatibility with Server Core servers

New version of the Mac protection

The new version ( includes a new and improved engine for the protection for OS X systems.

This version is compatible with Mac versions 10.8 (Mountain Lion) and above.

New version of the Mac protection

Adaptive Defense 360 2.3.5

Android protection new version

The new version of the protection for Android devices (3.1.5) can be integrated and distributed from any EMM solution compatible with Android's enterprise features (Android for Work).

Android 3.1.5

Support for Mac OS Sierra

From this version onwards, our protection for Mac is compatible with the new Mac OS Sierra. Remember that your protection will be updated automatically based on the configuration of your existing profiles.

MAC OS Sierra

Ability to configure SMTP alerts

From this version onwards, you can configure the mailbox to use to send SMTP alerts. However, if you would prefer not to use your own mailbox, leave it blank. You will continue to receive detection alerts from computer_name@panda.alert


Ability to configure local alerts in 'Hardening' mode

Until now, if the administrator configured the network computers in 'Hardening' mode, there was no way they could prevent block alerts from being displayed locally on users' computers. This was only possible if the company's computers were configured in 'Lock' mode.


From version 2.3.5 onwards, however, administrators can choose whether or not they want to display those alerts in 'Hardening' mode as well.

Adaptive Defense 360 2.3.1

Create a Panda Account as a security measure.

Create a Panda Account as a security measure:

Creating a Panda Account will increase your account's safety, as it guarantees that you, as the account owner, are the only one who knows the login credentials to access and edit your management console at any time.

From this version, every time a user who doesn't have a Panda Account tries to access the console, they will see a message informing them of the benefits of creating a Panda Account and inviting them to do so.

Cuenta Panda

Two-factor authentication.

Panda's products now allow the use of two-factor authentication for accessing the console.

Two-factor authentication consists of using a code generated on the user's smartphone as a second factor to access our products. Each user will decide whether to enable or not two-factor authentication (2FA) to access the Web console.

Additionally, from version 2.3.1 it will be possible to see from the Web console if users have enabled or not two-factor authentication. This is very useful for administrators, as they will be able to monitor those users who have enabled this feature.

Ability to grant resellers and Panda Security access permissions to customers' consoles.

  • In order to help resellers/service providers and Panda Security deliver the best service possible, customers can now allow them to access their console through the console settings.
  • Customer consoles are configured by default to allow access from resellers, but not from Panda Security. Customers can change these settings at any time.

A new report has been added that logs user access to the console.

This report is only available to users with Total Control permissions.


Automatically uninstalling other security products.

Up to now, administrators could choose whether they wanted to automatically uninstall any competitor security product installed across the network. These solutions where automatically uninstalled prior to installing Panda's solutions.

This behavior has been modified from version 2.3.1 so that administrators can choose to have competitor products removed at any time (even from those computers that have our products installed).


NOTE: Bear in mind that if you choose to uninstall third-party security products on a specific configuration profile, every computer that has that profile assigned will have those products removed as soon as it receives the new configuration.

More information available in the "Action" and "Run" sections of alerts.

From version 2.3.1 we have added a new section (“Last action”) to the information available in alerts. This section specifies the last action taken on the item that triggered the alert. This information is available for those computers with protection version 7.60 or above. Computers with an earlier protection version will display a hyphen (-).

Additionally, in view of the feedback received from our customers and given the importance of this information, we have decided to replace the icon that indicates if an item has been already run or not with a more explicit text ("Already run").

Cuenta Panda

Exclusion history.

Version 2.3.1 includes a history of all items excluded across the IT network. This history details all the actions taken on excluded items, both manual actions taken by users (exclude item, remove exclusion, change the configuration of excluded items) and automatic actions (items reclassified as malware/PUPs/trusted applications, remove exclusion, etc.).

Every action displays the user that performed it as well as the date.

Additionally, clicking an item on the history screen will display the item details available in the Malware/PUP/Blocked item list, as appropriate.


Ability to grant partners access to their customers' Advanced Reporting Tool consoles.

From version 2.3.1, if a customer has the Advanced Reporting Tool service enabled and their reseller or service provider has access to the customer's Web console, they will also be able to access the Advanced Reporting Tool management console.

This allows resellers to deliver a better service to customers, as they will be able to exploit data enriched with the evidence collected from the customer's endpoints and available through Advanced Reporting Tool.

Cuenta Panda

Compatibility with Windows 10 Anniversary Update

The new version of Windows 10 (Anniversary Update), recently rolled out by Microsoft, causes errors installing the Adaptive Defense protection on computers with this operating system installed and under very specific circumstances (Secure Boot enabled, GPT partitions, etc.). To avoid these problems, we advise that you update to version 2.3.1.

*Version 2.3.1 does not update the protection on computers with an operating system other than Windows 10, therefore, the protection version will continue to be Computers with Windows 10 will be automatically updated to version 7.62, provided the automatic updates option is enabled for the relevant profile. This update is seamless for users and will only take place on computer restart

Compatibility with Windows 10 Anniversary Update

Adaptive Defense 360 2.3

Classification of all programs run and scanned

The dashboard includes a new chart that classifies all of the programs run and scanned on all your computers.
Remember that, to ensure maximum security, Panda Adaptive Defense scans and classifies every single program run on your network.

Program classification

New email alerts

As soon as a new threat is detected, an item is blocked, or an item that was excluded from scans is classified, an alert will be sent to you from the cloud.

New email alerts

Blocking history

This new view provides you with a list of all items blocked and the actions they performed.

Blocking history

More information about malware detections

A column has been added showing the action taken on the detected malware.

More information about malware detections

Quick access to remediation actions

The malware activity pane now allows you to directly clean infected computers.
Thanks to this new feature, ridding your computers of every trace of malicious applications is now easier than ever.

Quick access to remediation actions

Improved detection capabilities

We have continued to improve the efficiency and capabilities of our detection systems.

  • Among other things, this version adds the ability to detect compressed CryptoLocker-type threats as well as other new techniques used by malware.
  • Additionally, we have improved the detection engine to reduce the number of items that need to be blocked in “Lock” mode.
Improved detection capabilities

Ability to export data to other SIEM solutions

From now on, you can collect the data gathered by Adaptive Defense in order to analyze it with other SIEM tools.

This represents a useful alternative to the Advanced Search tool integrated in Adaptive Defense, as it allows organizations to correlate the events gathered by Adaptive Defense with any other data available in other SIEM solutions.

Ability to export data to other SIEM solutions

Improved documentation and help files

Both the Adaptive Defense help file and Advanced Administration Guide have been reviewed and improved for this version.

Improved documentation and help files

Adaptive Defense 360 2.2.3

Bug fixes

This version includes fixes for bugs detected in previous versions:

  • Slowdown problems under specific circumstances.
  • Unexpected blocking of third-party applications that use the user's TEMP directory to work.
  • Bug that caused computers to be sporadically moved to the Unprotected tab.
  • Temporary loss of detection power on Exchange servers.
  • Fixed management of excluded device lists in the Device Control feature.
  • Minor bug fixes.

Bug fix

Adaptive Defense 360 2.2

Easier identification of blocked items

To help administrators identify currently blocked applications more quickly, the Items under investigation panel on the home page has been replaced with Currently blocked items being classified.

Herramientas agiles para el administrador

More detailed information

In addition to that panel, administrators can access detailed information about each currently blocked item.

Herramientas agiles para el administrador

Temporarily excluded items

If necessary, and after evaluating the information available about an item, administrators can exclude it temporarily, allowing it to run.

Excluding a currently blocked item that is being classified is not recommended. However, under certain circumstances, it may give administrators greater control over the company's security and operation.

Elementos excluidos temporalmente

Ability to set actions on excluded items

To facilitate global management of excluded items, administrators can specify what to do with an excluded item when a classification is returned by our Big Data platform in the cloud: keep or remove the exclusion.

Elementos excluidos temporalmente

New local console.

The local console now includes information about the Advanced Protection.

The protection status section on the home page shows the Advanced Protection status and operating mode (if enabled).


If the Advanced Protection or the endpoint's traditional protection are disabled, the console will clearly indicate so:


Also, information is shown about quarantined items and currently blocked items.


Additionally, the scan results section now shows information about currently blocked items, along with details about the malware and PUPs found.