Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Red Cloak™ Endpoint Agent Changelog

integrations endpoints red cloak secureworks edr

Red Cloak™ Endpoint Agent for Windows

Version Date Change 1 Mar 2022
  • Fix Cross sign certificate for Windows agent drivers
  • Updates from the agent included in this release:
    • Fix for Inspector scan results that were expiring prematurely, thus creating a blind spot for certain rule results
    • Renewed signing certificate
    • Ability to upgrade Red Cloak™ Endpoint Agent if Taegis™ NGAV Agent is already installed 24 Mar 2021
  • Fix for digital signature errors when upgrading the Red Cloak Agent on older Windows Operating Systems
  • Updates from the agent included in this release:
    • Ability to exclude files and folders from being scanned by the Procwall module, with configuration assistance from Secureworks
    • Performance and storage improvements by purging duplicate events
    • Better detection for PID Spoofing
    • Stability and security improvements from upgraded toolset
NOTE: After Red Cloak upgrade/installation, endpoints may not reboot even if there were reboots pending. 18 Sept 2020
  • Ignition module is now removed during a remote uninstall of the agent:
    • All relevant registry entries and files are now removed during an uninstall of the agent
    • The ’rcnotify’ process is now stopped and removed during an uninstall of the agent 16 Sept 2020 NOTE: We are making changes to improve our version control, and are therefore labeling our latest Windows Red Cloak™ Endpoint Agent as version 2.8.x.x.
  • Stability of the Procwall and Cyclorama modules improved
  • Stability and resilience of the Ignition module while performing agent updates improved in cases when another msiexec process is running
  • Ignition module will now perform a CRL (Certificate Revocation Lists) cache refresh if it encounters an expired certificate during the agent update process
  • Mukluk module’s ability to delete host files is now restricted to just Secureworks® Taegis™ XDR files 28 Jan 2020
  • Stability/Performance improvements to Inspector, Lacuna, and Groundling modules
  • Improvements to Ignition
  • Compatibility with SHA2 signed MSIEXEC.exe 05 Dec 2019
  • Red Cloak™ Endpoint Agent now supports upgrading agents on Windows endpoints from within the Red Cloak™ Endpoint Agent system
  • MITRE Eval fix from release
  • Release now signed by SHA256 certificate only 03 Dec 2019
  • Fixes for Procwall 27 Oct 2019
  • Performance improvement and able to gather more telemetry from Entwine without dropping predicates 14 Oct 2019
  • Logging level service improvement
  • Add IP address safelisting capability for Hostel
  • Detect parent create time for a process correctly during scan 13 Aug 2019
  • Inspector changes for IR/TTH engagements
  • Bug fixes 19 Jul 2019
  • Support for Windows Server 2019
  • TLS 1.2 Upgrade
  • Critical bug fixes/improvements 11 Jun 2019
  • RCE-414: Mukluk should consider page file bytes during calculation of memory utilization by modules 24 Apr 2019
  • Self-recovery mechanism in case of deadlocks in agent 2.0 modules
  • Bug fixes

Red Cloak™ Endpoint Agent for Linux

Version Date Change 22 Feb 2021
  • RHEL/CentOS 7.9 and 8.3 now supported
  • Upon upgrade, Red Cloak Linux Agent service no longer re-enables if the service was disabled prior to upgrade
  • A bug where after the service redcloak stop command is run, it doesn't return to the command prompt fixed
  • A bug where the Procwall module does not operate correctly if auditd is restarted fixed 29 Sept 2020
  • Ubuntu 16.04, 18.04, and 20.04 now supported
  • .DEB agent package now included for version and later to install on supported Ubuntu devices
  • Oracle Linux 6.4 to 6.10, 7.0 to 7.8, and 8.0 to 8.2 now supported 16 Sept 2020
  • Dependency issue reported in the recently pulled release fixed
  • Agent now installed under /opt instead of /var and can also be relocated to your desired path
  • Lacuna module now captures traffic only on physical interfaces
  • 32-bit packages installed by the agent can be removed by running the 'rc_clean_32bitpkgs.run' script, included along with instructions in this .zip file
  • A bug where Linux port 22 local_port netflows were not being seen by the agent fixed
  • A bug where source and destination ports and IPs were being swapped fixed
  • RHEL/CentOS 8.0 and 8.1 are now supported
  • RedHat Certified Partner from RHEL 8.0 onwards. View details on this accomplishment in the Red Hat Ecosystem Catalog 24 Mar 2020
  • The following changes have been made to the Lacuna module resulting in significant performance improvements:
    • Avoid capturing duplicate NetFlows sourcing from containers (e.g. Docker)
    • Improved the indexing of NetFlows, allowing better tracking and capturing
    • Created an alternate method to lookup, and associate, process IDs (PID lookup) with netflow telemetry 25 Oct 2019
  • Performance improvements to both Lacuna and Procwall 11 Oct 2019
  • Improvement in Lacuna performance by altering PID Lookup algorithm and DNS Query
  • Support DNS type TXT records.
  • Detect parent create time for a process correctly during scan
  • Red Cloak™ Endpoint Agent will communicate via TLS v1.2+. 08 May 2019
  • Added more logging
  • Bug fixes 07 Feb 2019
  • Bug Fixes