Red Cloak& Endpoint Agent Changelog
integrations
endpoints
red cloak
secureworks
edr
Red Cloak Endpoint Agent for Windows
Version |
Date |
Change |
2.8.5.0 |
1 Mar 2022 |
- Fix Cross sign certificate for Windows agent drivers
- Updates from the 2.8.4.0 agent included in this release:
- Fix for Inspector scan results that were expiring prematurely, thus creating a blind spot for certain rule results
- Renewed signing certificate
- Ability to upgrade Red Cloak™ Endpoint Agent if Taegis NGAV Agent is already installed
|
2.8.3.0 |
24 Mar 2021 |
- Fix for digital signature errors when upgrading the Red Cloak Agent on older Windows Operating Systems
- Updates from the 2.8.2.0 agent included in this release:
- Ability to exclude files and folders from being scanned by the Procwall module, with configuration assistance from Secureworks
- Performance and storage improvements by purging duplicate events
- Better detection for PID Spoofing
- Stability and security improvements from upgraded toolset
NOTE: After Red Cloak upgrade/installation, endpoints may not reboot even if there were reboots pending. |
2.8.1.0 |
18 Sept 2020 |
- Ignition module is now removed during a remote uninstall of the agent:
- All relevant registry entries and files are now removed during an uninstall of the agent
- The ’rcnotify’ process is now stopped and removed during an uninstall of the agent
|
2.8.0.0 |
16 Sept 2020 |
NOTE: We are making changes to improve our version control, and are therefore labeling our latest Windows Red Cloak Endpoint Agent as version 2.8.x.x. - Stability of the Procwall and Cyclorama modules improved
- Stability and resilience of the Ignition module while performing agent updates improved in cases when another msiexec process is running
- Ignition module will now perform a CRL (Certificate Revocation Lists) cache refresh if it encounters an expired certificate during the agent update process
- Mukluk module’s ability to delete host files is now restricted to just Secureworks® Taegis™ XDR files
|
2.1.5.0 |
28 Jan 2020 |
- Stability/Performance improvements to Inspector, Lacuna, and Groundling modules
- Improvements to Ignition
- Compatibility with SHA2 signed MSIEXEC.exe
|
2.1.4.0 |
05 Dec 2019 |
- Red Cloak Endpoint Agent now supports upgrading agents on Windows endpoints from within the Red Cloak Endpoint Agent system
- MITRE Eval fix from 2.0.7.10 release
- Release now signed by SHA256 certificate only
|
2.0.7.10 |
03 Dec 2019 |
|
2.0.7.9 |
27 Oct 2019 |
- Performance improvement and able to gather more telemetry from Entwine without dropping predicates
|
2.0.7.8 |
14 Oct 2019 |
- Logging level service improvement
- Add IP address safelisting capability for Hostel
- Detect parent create time for a process correctly during scan
|
2.0.7.7 |
13 Aug 2019 |
- Inspector changes for IR/TTH engagements
- Bug fixes
|
2.0.7.6 |
19 Jul 2019 |
- Support for Windows Server 2019
- TLS 1.2 Upgrade
- Critical bug fixes/improvements
|
2.0.7.5 |
11 Jun 2019 |
- RCE-414: Mukluk should consider page file bytes during calculation of memory utilization by modules
|
2.0.7.4 |
24 Apr 2019 |
- Self-recovery mechanism in case of deadlocks in agent 2.0 modules
- Bug fixes
|
Red Cloak Endpoint Agent for Linux
Version |
Date |
Change |
1.2.15.0 |
22 Feb 2021 |
- RHEL/CentOS 7.9 and 8.3 now supported
- Upon upgrade, Red Cloak Linux Agent service no longer re-enables if the service was disabled prior to upgrade
- A bug where after the
service redcloak stop command is run, it doesn't return to the command prompt fixed - A bug where the Procwall module does not operate correctly if auditd is restarted fixed
|
1.2.13.0 |
29 Sept 2020 |
- Ubuntu 16.04, 18.04, and 20.04 now supported
- .DEB agent package now included for version 1.2.13.0 and later to install on supported Ubuntu devices
- Oracle Linux 6.4 to 6.10, 7.0 to 7.8, and 8.0 to 8.2 now supported
|
1.2.12.0 |
16 Sept 2020 |
- Dependency issue reported in the recently pulled 1.2.10.0 release fixed
- Agent now installed under /opt instead of /var and can also be relocated to your desired path
- Lacuna module now captures traffic only on physical interfaces
- 32-bit packages installed by the 1.2.10.0 agent can be removed by running the 'rc_clean_32bitpkgs.run' script, included along with instructions in this .zip file
- A bug where Linux port 22 local_port netflows were not being seen by the agent fixed
- A bug where source and destination ports and IPs were being swapped fixed
- RHEL/CentOS 8.0 and 8.1 are now supported
- RedHat Certified Partner from RHEL 8.0 onwards. View details on this accomplishment in the Red Hat Ecosystem Catalog
|
1.2.9.0 |
24 Mar 2020 |
- The following changes have been made to the Lacuna module resulting in significant performance improvements:
- Avoid capturing duplicate NetFlows sourcing from containers (e.g. Docker)
- Improved the indexing of NetFlows, allowing better tracking and capturing
- Created an alternate method to lookup, and associate, process IDs (PID lookup) with netflow telemetry
|
1.2.8.0 |
25 Oct 2019 |
- Performance improvements to both Lacuna and Procwall
|
1.2.7.0 |
11 Oct 2019 |
- Improvement in Lacuna performance by altering PID Lookup algorithm and DNS Query
- Support DNS type TXT records.
- Detect parent create time for a process correctly during scan
- Red Cloak Endpoint Agent will communicate via TLS v1.2+.
|
1.2.6.1 |
08 May 2019 |
- Added more logging
- Bug fixes
|
1.2.6.0 |
07 Feb 2019 |
|