Powered by Zoomin Software. For more details please contactZoomin

Flowmon Anomaly Detection System (ADS) Release Notes

Table of Contents

Version 11.0

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 1, 2026
  • 5 minute read
    • Flowmon Products
    • Flowmon Anomaly Detection System
    • Documentation

Version 11.0.11

Date: 2020-12-01

Fixed issues:

  • Fixed a bug that caused SIP data feed restart during SIP flow processing.

  • 7633702: False positive rules with assigned filters are correctly imported from XML configuration.

  • 7633330: Detection method BROKENSEN no longer causes high CPU usage (deadlock).

  • 7633339: Fixed an issue where the data feed was not re-initialized due to changes in available machine memory at runtime.

Known issues:

  • Some false positive rules might not apply properly when the event matches multiple false positive rules (fixed in Flowmon ADS 11.1).

Version 11.0.10

Date: 2020-10-09

What's new:

  • Added support for Flowmon sublicenses.

Fixed issues:

  • Fixed non-running data feeds on the Hyper-V platforms.

Known issues:

  • Some false positive rules might not be applied properly in situations when the event is matched by multiple false positive rules (fixed in Flowmon ADS 11.1).

Version 11.0.9

Date: 2020-09-30

What's new:

  • The backend engine now properly recovers when the database reaches the maximum size limit to prevent processing outage.

  • The user guide for Japanese language is now available.

Fixed issues:

  • Fixed an issue that prevented "Browse IDS Events" from opening properly when accessed through the IP context menu.

Known issues:

  • Some false positive rules might not apply properly when the event matches multiple false positive rules (this will be fixed in Flowmon ADS 11.1).

Version 11.0.8

Date: 2020-08-31

What's new:

  • The maximum number of enabled data feeds increased to 3 (from 1) for appliances with the Flowmon ADS Standard license.

Fixed issues:

  • Fixed an issue that prevents BPATTERNS processing on data feeds with more than 50 assigned channels.

  • The Event Evidence now works properly for events generated before Flowmon ADS 11.

Known issues:

  • Some false positive rules might not apply properly when the event matches multiple false positive rules (this will be fixed in Flowmon ADS 11.1).

Version 11.0.7

Date: 2020-08-04

Fixed issues:

  • Fixed an issue preventing Flowmon ADS logs rotation (deleting old logs to save disk space)

Version 11.0.6 BETA

Date: 2020-07-22

What's new:

  • The term 'timestamp' has been replaced with 'detection time' to reflect its actual meaning.

  • The system now shortens the duration of flows from exporters with non-standard flow duration to 300s instead of dropping them.

  • The system now properly notifies users about invalid custom pattern configuration from previous versions once processed.

Fixed issues:

  • Fixed reporting of incorrect timestamps caused by the invalid default value of the new mindelta parameter after upgrade to 11.0.5.

  • You can now open aggregated events and related events from all modal windows.

  • Fixed the traffic recording filters for detection methods based on the ICMP protocol.

Known issues:

  • The user guide for the Japanese language is not available yet.

Notes:

  • Regular expressions are no longer allowed in the custom pattern configuration.

  • The system now blocks upgrades from Flowmon ADS versions older than v11 when the 'proxy correlation' option is enabled in data feeds settings.

Version 11.0.5 BETA

Date: 2020-07-08

Fixed issues:

  • The system now correctly evaluates false positive rules for event targets.

  • Migration of existing Flowmon ADS reports to Flowmon Dashboard & Reports now works in all cases.

  • Fixed issues with CSV exports in Flowmon Dashboard & Reports.

  • Advanced detection of VPN usage (VPN detection method) now works as intended.

  • The flow chart and aggregated view now show correct data from previous versions of Flowmon ADS.

  • You can now open the aggregated view from the event target.

  • The detection engine now handles flows with 0 packet count.

  • Fixed time range for displayed flows in the event evidence.

Known issues:

  • The user guide for the Japanese language is not available yet.

Notes:

  • Increased performance of event processing.

  • Flows with non-standard flow duration (more than 300s) might be dropped in order to prevent issues with method detection.

  • The system now blocks upgrades from Flowmon ADS versions older than v11 when the 'proxy correlation' option is enabled in data feeds settings.

  • Maximum targets per event is now limited to 1000.

Version 11.0.4 BETA

Date: 2020-06-03

What's new:

  • New stream processing.

  • Significantly increased overall performance of traffic processing (flows per second).

  • Faster detection of network anomalies.

    • The system processes flows continuously and analyzes them immediately when received by the Flowmon Collector.

    • Detected events are reported without any delay.

  • Improved detection quality due to flow data analysis over a larger time period without boundaries.

  • New event concept. The system updates existing events when anomalies remain active instead of creating new events.

  • Improved identification of communication initiators for determining correct event source.

  • Added new descriptions for better understanding of detected events.

  • Added translations of event detail texts for all available languages.

  • Added method subtypes, allowing distinction between various events from one detection method.

  • Added display of event attributes, which construct localized event details in the UI.

  • Revitalized all detection methods.

  • Improved capabilities of detection method TEAMVIEWER.

    • Distinguishes between application start and desktop sharing.

  • Improved capabilities of detection method DHCPANOM.

    • Detects MAC address changes for DHCP servers.

    • Detects overloaded servers (by IP) and clients that overload DHCP servers (by MAC).

  • Redesigned detection method BROKENSEN.

  • Removed obsolete detection methods ICGUARD, LATENCY, DNSREVERSE, and INSTMSG.

  • Removed obsolete part of DNSANOMALY for detecting large UDP packets.

  • New backward-compatible engine for processing behavior patterns (BPATTERNS).

  • Added support for blacklists with longer domains (63 characters instead of 31).

  • PDF/CSV reports and dashboard widgets moved from the Flowmon ADS module to Flowmon Dashboard and Reports.

  • Removed proxy correlation feature (available as an Active proxy option in data feed configuration).

  • Removed SuperFast and filter booster feature as they are no longer needed.

  • Replaced Perspective substring with event subtype.

Known issues:

  • The user guide for the Japanese language is not available yet.

  • Flowmon Dashboard and Reports:

  • CSV exports are missing chapters "Event overview by priority", "Event overview by type", "Top 10 event types by priority and count", and "Security status".

  • Users may encounter incorrect event counts and missing Event Source field in the CSV export of Event matrix chapter.

  • Chapter "Event overview by type" may display fewer methods than detected.

  • Aggregated view fails to open in some cases when accessed from the Analysis tab.

  • False-positive rules may take effect after a short delay (a few minutes).

Notes:

  • The behavior of false positive feature has changed due to the new event concept.

    Adding a new false positive rule affects all active events.

    Events that started previously and are still updating may be deleted due to new false positive rules.

    The disappearance of active events from ADS due to new false positive rules is expected behavior.

  • For upgrading the previous version of Flowmon ADS in DA (Distributed Architecture) mode, contact Flowmon support at support@flowmon.com for assistance.

TitleResults for “How to create a CRG?”Also Available inAlert