RSS Feed
B.O.S.S. upgrade
Posted by Balázs Hadnagy on 2018 February 19 12:11

Dear Customers and Partners,


We would like to inform you that we will be upgrading B.O.S.S. (Balabit Online Support System) on the 20th of February.

The portal will be unreacheable from 6:00 am CET to 8:00 am CET.

Please call us (+36/1-398-6700 or +1 (800) 816-7006), if you encounter any critical issues during this time frame.


Best regards,

BalaBit Support Team

Read more »

An update on Meltdown and Spectre vulnerabilities
Posted by Balázs Hadnagy on 2018 February 02 16:55

Dear Customers,

On January 3, 2018, researchers disclosed three vulnerabilities that take advantage of the implementation of speculative execution of instructions on modern microprocessor architectures to perform side-channel information disclosure attacks. These vulnerabilities allow an unprivileged local attacker to read privileged memory belonging to other processes or memory allocated to the operating system kernel. The first two vulnerabilities, CVE-2017-5753 and CVE-2017-5715 are dubbed as
Spectre, while CVE-2017-5754 is known as Meltdown.


The exploitation of these vulnerabilities requires the attacker to be able running custom code on the affected devices. Even though the CPU and the underlying operating system in Balabit products may be affected, neither the PSM nor the SSB appliance allow running custom code, therefore they are not vulnerable to these attacks.


PSM and SSB products may be deployed as virtual machines. Make sure that the virtual hosting environment running Balabit products have the required security updates installed and are otherwise sufficiently secured.


Best regards,


BalaBit Support Team


Read more »

Regarding Meltdown and Spectre vulnerabilities
Posted by Balázs Hadnagy on 2018 January 05 17:46

Dear Customers,

Balabit Privileged Access Management and syslog-ng Store Box products are affected by both vulnerabilities. However, based on the currently available information, the potential impact of the vulnerabilities is very low as both products run only trusted applications supplied by Balabit and besides troubleshooting, no user access is allowed on the box (troubleshooting access already has high - root - privileges). A potential attacker with code execution capabilities would have also very limited gain from exploiting the vulnerabilities as local code execution would have access to most local services anyhow.
As more information becomes available, Balabit will investigate the problem further and release updates with new information if necessary.


Best regards,


BalaBit Support Team


Read more »

Shell Control Box 4.3.1 has been released
Posted by Gergely Csordás on 2016 June 20 10:36

Dear Customer,

A new maintenance version of Shell Control Box (4 F3) has been released.

Version 4 F3 has extended support time and will be supported for 6 months after SCB 5LTS is released.


SCB 4.3.1 contains improvements and new features, including:

  • A new plugin type (AA) to customize authentication in RDP, SSH and Telnet protocols
  • Resolving hostnames to IP addresses on the UI
  • New Azure Marketplace image with Azure File Storage (Samba share) support


The Audit Player (AP) indexing functionality is deprecated and will be removed from the next feature release (4F4). The Audit Player will still be available and supported for offline playback of audit trails.

Feature highlights

  • With the AA plugin you can enhance the authentication possibilities during inband gateway authentication in the RDP, SSH and Telnet protocols. Such plugins can be useful in various scenarios, for example, two-factor authentication, one-time password authentication, and in cases when extra user input is needed.
  • Hostnames can be used in IP address fields on the UI. In this case, hostnames are automatically resolved to IP addresses.
  • In Azure Marketplace, SCB comes with a 100Gb disk image, and Azure File Storage (Samba share) is supported for backup and archive purposes.

This release contains many security and bugfixes compared to 4.3.0.

The release contains corrections of the following issues:

For the current CVE fixes, see


For all other details, see the following documents:

What is new in Shell Control Box 4.3,
available at

How to upgrade to BalaBit Shell Control Box 4.3,
available at

Balabit Shell Control Box 4.3 Administrator Guide,
available at 



The firmwares and other files of Shell Control Box are available at: 


Best Regards,

BalaBit Support Team

Read more »

Balabit Support General Terms and Conditions
Posted by Bonnyai Emese on 2016 February 25 10:57

Dear Customers!


Our General Terms and Conditions document has taken effect since 15th Feb, 2016.


Let me draw your attention to some of the changes you will meet while submitting a support case:

  • severity level Minor Impact has changed to Normal Impact
  • business hours changed to 8:00 - 17:00 (CET/CEST) on the Business Days
  • new item: Extended Business Hours (from 08:00 to 20:00 (CET/CEST) on Business Days)
  • Maximum number of contact people from partner removed

The GTC is available at:


Kind regards,


Emese Bonnyai

Balabit Support


Read more »

BalaBit Support General Terms and Conditions update
Posted by Kálmán Kővári on 2016 January 15 17:23

Dear Customers!


Our General Terms and Conditions document update has been released.

The new GTC is in effect from 15th Feb, 2016.


The changes since the previous release are listed below.

The new GTC is available at:


Kind regards,

BalaBit Support


Changes of BalaBit Support General Terms and Conditions between the version on 23/04/14 and the current one:


Date: Thu Jan 7 20:59:15 2016 +0100

Legal review results merged into GTC:

  • minor rephrasings of definitions
  • general phrasing update
  • removed section 'Miscellaneous provisions'

Date: Tue Nov 24 17:54:11 2015 +0100

added holidays in 2016

Date: Wed Sep 16 10:24:42 2015 +0200

added Blindspotter support package.

Date: Mon Feb 16 15:58:58 2015 +0100

Hungarian holidays in 2014 table has been removed.

Date: Mon Feb 16 14:13:18 2015 +0100

  • Every appearence of 'Support Agreement' has been changed to
    'Support Service Agreement'
  • The definition of customer have been referred to electronic licence key
    rather then balabit licence key.
  • The definition of EULA has been moved to its alphabetical place.
  • The definition of Maximum engineer hours has been refactored
  • The definition of Partner has been extended with distributor and reseller.
  • The patch expression has been changed in the definition of Workaround
  • The by-pass expression has been changed in the definition of Workaround
  • Every Engineering Release and Workaround have been capitalized,
    because these are definitions
  • In the other service limitations table Maximum Engineer Hours
    has been changed to Maximum Engineer Hours of non-charged engineer hours.
  • A typo has been fixed in Escalation process
  • In hardware replacement session the 'non defective' clause was missing,
    this has been fixed. In the same sentence some semantical modifications
    has been made.
  • In the section of limitation of liability the second session which
    referred to the '314. of Act IV of 1959 on the civil code of hungary'
    has been removed.
  • The notices section has been expanded with email
  • In the governing law section the reference for Act IV of 1959
    has been changed to Act V of 2013
  • In modifications of GTC section the withdrawal part has been removed.
  • In modifications of GTC section from the clause 'immediately upon 30 days'
    the immediately has been deleted.
  • In version policy appendix the word: customer has been changed to partner.

Date: Wed Nov 19 10:51:22 2014 +0100

rephrasing of the chapter 7. 'Request handling process'

Date: Thu Nov 13 11:26:18 2014 +0100

1. Definitions:

  • firm changed to Balabit Europe Ltd. further reffered to as BalaBit
  • business hours changed to 8:00 - 17:00
  • new item: Extended Business Hours
  • L1, L2, L3 Support removed
  • severity levels: Minor Impact changed to Normal Impact

2. Technical Support definitions and prerequisites

  • minor changes in paragraph 5.
  • Hardware replacement paragraph 8 only refers to Section 9.

4. Service Level Objectives

  • removed Work Effort column
  • Communication frequancy changed to Status Update Frequency with footer
  • Changed SLO for ExtSU S1 and S3
  • Maximum number of contact people from partner removed

7. Incident handling process

  • clarified "work in progress"

8. Escalation procedure

  • minor changes in escalation handling (paragraph 3)
  • deleted para 6.

9. Hardware replacement

  • minor changes in para 2.

Appendix A:

  • added Hungarian work days and vacations for year 2015.

Appendix C:

  • Headline changed.

Date: Wed Oct 1 09:59:46 2014 +0200

fixed hardware replacement structure

Date: Wed Oct 1 09:10:04 2014 +0200

Added advanced replacement

Date: Wed Apr 23 16:18:55 2014 +0200

changed the company name in accordance with the ongoing legal changes

Read more »