Product Update - July 21, 2025

New Features & Enhancements

• Enhanced Admin Experience for Managing the Always-On Policy at Scale: We improved management of the Always-On Policy with the following features:
  • Ability to modify the policy in parallel by multiple admins
  • A faster and more responsive page for policies with many rules
  • Public API support will be available soon
• New Release for iOS Client v5.6: Starting the week of July 21, 2025, a new Client version 5.6 for iOS will be available for download in the App Store. This version includes:
  • Support for Internet recovery when a connection to Cato can’t be established
    • Previously, this was only supported for Windows and macOS Clients
  • Support for users to control temporarily bypassing Always-On
    • Previously, this was only supported for Windows and macOS Clients
  • Security update: Client embedded browser upgraded to Chromium version 135.0.220
  • Performance enhancements and bug fixes
  • Click here to watch a video recording of this feature
• Improved Management of IoC Lists using Containers: To provide increased granularity, flexibility, and control of threat intelligence data, you can make the following updates to Containers (Resources > Categories > Containers):
  • Add or remove individual IoCs within a Container
  • Create new Containers without uploading a file
  • View and search IoCs within a Container
  • Click here to watch a video recording of this feature
• CMA Notifications for Shipping Page: The Shipping page lets you manage hardware shipments more efficiently, including: enter and validate shipping addresses, and import/export CSV files. Now you can also receive CMA notifications when shipping details are missing for hardware orders.
  • The Hardware and Shipping notifications are enabled by default, you can manage them in the Account > System Notifications page

PoP Announcements

Oslo, NO: A new Cato PoP is now available in Oslo with the IP range 85.255.22.0/24

Security Updates

• IPS Signatures:
  • View more details about the IPS signatures and protections in the Threats Catalog:
    • CVE-2017-7921 | Hikvision IP Camera Authentication Bypass
    • Darkness Ransomware (Enhancement)
    • Ziver Ransomware (Enhancement)
    • Sinobi Ransomware (Enhancement)
    • BlackFL Ransomware (Enhancement)
    • Blocker Ransomware (Enhancement)
    • Kyj Ransomware (Enhancement)
    • Vatican Ransomware (Enhancement)
    • Blackransombdbot Ransomware (Enhancement)
    • KaWaLocker Ransomware (Enhancement)
    • UraLocker Ransomware (Enhancement)
    • THRSX Ransomware (Enhancement)
    • Dire Wolf Ransomware (Enhancement)
    • DELTA Ransomware (Enhancement)
    • AMERILIFE Ransomware (Enhancement)
    • DataLeak Ransomware (Enhancement)
    • Puld Ransomware (Enhancement)
    • Backups Ransomware (Enhancement)
    • ZV Ransomware (Enhancement)
    • SafeLocker Ransomware (Enhancement)
    • NightSpire Ransomware (Enhancement)
    • BlackHeart (MedusaLocker) Ransomware
    • EnCiPhErEd Ransomware (Enhancement)
    • Pgp Ransomware (Enhancement)
    • Harma Ransomware (Enhancement)
    • CVE-2025-34085 (New)
    • CVE-2019-18211 (New)
    • CVE-2025-32813 (New)
    • CVE-2025-5777 (Enhancement)
    • CVE-2025-33071 (New)
    • CVE-2025-33070 (New)
    • CVE-2025-33053 (New)
    • CVE-2025-32756 (New)
    • CVE-2022-44356 (New)
    • CVE-2025-5777 (New)
    • Fake Captcha Detection (Enhancement)
• Suspicious Activity Monitoring:
  • These protections were added to the SAM service:
    • Access Executable on External WebDAV Server
    • Utilizing ADWS to Gain Domain Information, Associated with SoapHound
• Apps Catalog
  • New Cloud Apps (see Apps Catalog), including:
    • Kandji (Enhancement)
    • Japanese apps (New)
    • datart (New)
    • gen ai apps (New)
    • ultraviewer (New)
    • WhatsApp (Enhancement)
• XDR Indications Of Attack Signatures:
  • Anomaly Detection:
    • Abnormal Suspicious Activity
    • Abnormal ICMP Network Scanning Activity
• Application Control (CASB and File Control):
  • Application Control:
    • Granular App: Adobe Creative Cloud - Login (New)
    • Granular App: Adobe Creative Cloud – Upload (new)
• Device Inventory:
  • These are the updates to the Device Inventory detection engine:
    • Generic Server (Enhancement)
    • Unidentified IoT (Enhancement)