Taegis Endpoint Agent Changelog
integrations endpoints edr taegis agent secureworks
Find release notes for the Taegis™ XDR Endpoint Agent for Windows, macOS, and Linux below. Blue badges appended to version numbers indicate which release channel the version is currently promoted to. Not every version is promoted to each channel. For more information on assigning groups to a channel to auto-update endpoints in that group when agent versions are released, see Agent Groups.
Important
Production Stable and Preview agent releases occur in staged rollouts that may take up to two weeks. Release dates indicate the initiation of a staged rollout.
Tip
Subscribe to the Changelog RSS Feed for notifications when there is an update to a Taegis Endpoint Agent. You'll need an RSS Reader or an RSS Extension for your browser.
Windows ⫘
2.1.2 ⫘
Released: Beta—30 May 2024; Preview—20 June 2024; Production Stable—11 July 2024
Features ⫘
- Tamper Protection Uninstall Resistance, now available in Agent Settings
- Telemetry Sink change; tries new FQDN and IP, will fall back to existing connection; see the version 2.0.10 note for more information
Fixes & Improvements ⫘
- Occasional upgrade hang
-
Compatibility:
- Firefox 64 bit
- FortiClient
-
Telemetry:
- Additional RPC telemetry (requires Advanced Kernel Telemetry to be enabled)
- RPC telemetry duplicate removal
- Filemod not sent if cmd output was redirected
- Sending process associated with filemod including remote drives
- APC telemetry volume reduction
- Additional RPC telemetry (requires Advanced Kernel Telemetry to be enabled)
-
Proxy reconnection reliability
- File uploads support NT path names
- Network file copy slowdown
-
AKT-enabled fixes
- Occasional application crashes
2.0.10 ⫘
Released: Beta—23 May 2024; Preview—30 May 2024; Production Stable—13 June 2024
Features ⫘
- Update to URLs used for agent telemetry
Note
Starting with the Windows Taegis Endpoint Agent 2.0.10, the following changes were made to opportunistically try to connect to new FQDNs and IP addresses.
For versions 2.0.10 / 2.1.2 and onward, when attempting to register the destination for telemetry from the agent, this will be the order of operations:
- The agent will first attempt to connect to:
wss://telemetry.<ENV>.taegiscloud.com:443/ws -
If there’s no response, the agent will fall back to the telemetry destination used prior to 2.0.10:
wss://sink.<ENV>.taegiscloud.com:8443/wsWhere
<ENV>is only one of --> c | d | e | f
Existing network connectivity for file-receiver, reg, and drivers will remain unchanged.
This logic was implemented so that no change in networking, firewalls, or IP routing would be required by tenant admins or customer IT personnel.
Fixes & Improvements ⫘
- Fix for code injection failing with hook already exists error
- Fix for missing RPC telemetry
- Fix for applications crashing after agent installation
2.0.8 ⫘
Released: Beta—15 April 2024; Preview—2 May 2024; Production Stable—16 May 2024
Fixes & Improvements ⫘
- Fix for failure of the agent to update from 2.0.0 or 2.0.4
- Fix for RPC telemetry not reporting Mimikatz-related telemetry
- Fix for agent causing some Microsoft Office apps to crash
- Fix for agent causing incompatibility issues with Tableau
- Fix for agent blocking Citrix installations
Note
See Taegis Endpoint Agent Known Issues for a known issue with this version.
2.0.4 ⫘
Released: Beta—22 February 2024
Features ⫘
- Remote Procedure Call telemetry
Fixes & Improvements ⫘
- AMSI bug fix
- Fix to incompatibility issue found when running Bitdefender and Taegis Endpoint Agent on same endpoint
- Fix for slow file opening across network share
- Japan language uninstall screen fix
Note
See Taegis Endpoint Agent Known Issues for a known issue with this version and an overview of compatibility with other products.
1.2.84 ⫘
Released: Beta—25 January 2024; Preview—25 January 2024; Production Stable—1 February 2024
Fixes & Improvements ⫘
- Fixed an intermittent upgrade issue
Important
- Customers running Siemens PLC software may experience compatibility issues with this version. See Taegis Endpoint Agent Known Issues for more information on compatibility issues.
- Customers may also experience intermittent network connectivity issues with this version when running patches KB5035854, KB5035853, KB5035853, and KB5035845.
1.2.82 ⫘
Released: Beta—4 January 2024; Preview—11 January 2024
Fixes & Improvements ⫘
- Compatibility issue with some antivirus vendors resulted in Windows becoming unstable
Note
See Taegis Endpoint Agent Known Issues for a known issue with this version.
1.2.64 ⫘
Released: Beta—2 November 2023; Preview—2 November 2023
Fixes & Improvements ⫘
- Ensure agents are in an upgradeable state
1.2.44 ⫘
Released: Beta—5 October 2023; Preview—19 October 2023
Features ⫘
- Improved telemetry:
- File upload for scanning via backend YARA rules
- Additional telemetry types:
- API call telemetry
- Code injection
- Keylogger activity detection
- MBR and GPT modifications
- DNS over HTTPS and multiple DNS server support; see DNS Resolution for more information
- Files referenced with NT device paths uploaded
Fixes & Improvements ⫘
- File copy performance over SMB
Note
See Taegis Endpoint Agent Known Issues for a known issue with this version.
1.0.50 ⫘
Released: Production Stable—2 November 2023
Fixes & Improvements ⫘
- Ensure agents are in an upgradeable state
1.0.44 ⫘
Released: Beta—7 June 2023
Features ⫘
- Query default DNS server over HTTPS to mitigate any infrastructure restrictions and allow multiple local DNS overrides
1.0.42 ⫘
Released: Beta—22 May 2023; Preview—22 May 2023; Production Stable—13 June 2023
Fixes & Improvements ⫘
- Disable code injection across all policy tiers
1.0.40 ⫘
Released: Beta—10 May 2023
Fixes & Improvements ⫘
- Fixed race condition that could lead to failure in upgrade process
- Corrected AMSI module installation location
- Memory commit charge optimization in telemetry processing/serialization
- Report endpoint agent version in telemetry
- Provide Japanese translations for the installer UI
- Optimized telemetry handling
- Support Kit Improvements:
- Add machine GUID
- List running processes including CPU usages
- Fetch the network gateways and add them to the allow list
1.0.26 ⫘
Released: 12 Dec 2022
Features ⫘
- Added support for Windows Server 2022
Fixes & Improvements ⫘
- Fixed collision with Sophos Updater which was preventing Sophos agent updates to occur
- Improvements to File Handles to avoid interoperability problems with 3rd-party vendors
- Process mapping for Netflows
- Installer now accepts DNS server if proxy is provided
- TaegisAgentSupportKit:
- Information about AV products installed
- Taegis Service Status
- Taegis related logs from Windows Event Logs: Application, System
1.0.24 ⫘
Released: 17 Oct 2022
Fixes & Improvements ⫘
- Additional stability improvements for handling of telemetry messages from driver
1.0.22 ⫘
Released: 13 Oct 2022
Fixes & Improvements ⫘
- Fixed performance issues on endpoints with high netflow traffic:
- Optimized netflow capture
- Performance improvements in driver lookup of process details
- Substantially improved handling of telemetry messages from driver
- Improved handling of large file transfer over the network
- Installer to validate user input fields
- Improved quality of injected thread telemetry
- Improved information provided by TaegisAgentSupportKit.x64.exe tool
- Detect pre-existing processes upon service start
- Allow protected process to access network during isolation
- Improved handling of isolation status
- Security improvements:
- Do NOT use Microsoft DNS Cache for the Taegis Agent; prevents DoS, etc. via etc/hosts manipulation
- Added quote paths to system service with spaces
1.0.16 ⫘
Released: 2 Aug 2022
Features ⫘
- Added TaegisAgentSupportKit.x64.exe tool to make agent information available for support
- Added Windows DNS response as telemetry
Fixes & Improvements ⫘
- Host Isolation improvements: terminate existing connections from non-SCWX signed processes, terminate RDP, and allow DHCP when isolated
- Taegis Service Shutdown
- Disabled signature check on MSI for upgrades
macOS ⫘
2.0.9 ⫘
Released: Beta—11 July 2024
Features ⫘
- Tamper Protection Uninstall Blocking, now available in Agent Settings
- Unattended uninstall via XDR is now possible for correctly configured macOS Managed endpoints; see Uninstall Taegis Agents
Fixes & Improvements ⫘
- Telemetry improvements relating to thread injection, packet capture, time-stomping, and script interpreter processes
- Diagnostics reliability improvements
1.5.15 ⫘
Released: Beta—27 June 2024; Preview—9 July 2024; Production Stable—11 July 2024
Fixes & Improvements ⫘
- Fix for intermittent connectivity failure
1.5.14 ⫘
Released: Beta—2 May 2024; Preview—9 May 2024; Production Stable—23 May 2024
Fixes & Improvements ⫘
- Miscellaneous fixes
1.5.11 ⫘
Released: Beta—28 March 2024
Features ⫘
- Packed executable detection
- Isolated endpoints have different icon in macOS menu bar
- Registration using new key and/or server will happen without waiting up to five minutes
- App shows MDM Managed text in status view on managed endpoints
Fixes & Improvements ⫘
- FileMod events have process_image_path
1.4.9 ⫘
Released: Beta—9 January 2024; Preview—18 January 2024; Production Stable—1 February 2024
Features ⫘
- SecureworksTaegis.app new Diagnostics view and taegisctl command-line tool for Diagnostics. For more information, see macOS Agent Troubleshooting
- Restrict access to
/Library/Application Support/secureworksand/Library/Logs/Secureworksfolders
Fixes & Improvements ⫘
- Network extension logging false message of exiting host isolation after registrations
- Fix reporting of AWS instance ID
- Logging improvements
Note
See Taegis Endpoint Agent Known Issues for known issues with this version.
1.3.9 ⫘
Released: Beta—5 October 2023; Preview—19 October 2023; Production Stable—26 October 2023
Features ⫘
- Telemetry enhancements:
- Filemod telemetry for read-only open events
- Additional auth events
- Applescript detection events
- Ventura relevant installation UI examples added
Fixes & Improvements ⫘
- Add support for AWS IMDSv2 metadata
- About dialog box now appears in front of other windows
- Main app now shows Connected state accurately
- Improve clarity of host isolation log messages
- Agent now allows MDM to change registration information
1.2.12 ⫘
Released: Beta—5 July 2023; Preview—5 July 2023; Production Stable—13 July 2023
Fixes & Improvements ⫘
- Backend update
1.2.11 ⫘
Released: Beta—12 June 2023
Features ⫘
- Agent dialog changes to yellow when in registering state
Fixes & Improvements ⫘
- File upload:
- Add additional fidelity to file upload logs
- Improve upload retry resilience
- Apple Endpoint Security API Telemetry:
- Capture authentication events for Ventura and later releases
- Event timestamp reflects creation time
1.0.55 ⫘
Released: Beta—2 Mar 2023; Preview—29 Mar 2023; Production Stable—29 Mar 2023
Fixes & Improvements ⫘
- Resolved issues with agent upgrade and uninstall:
- Two agent icons appearing in menu bar after upgrade
- Uninstaller doesn’t unload tray app
1.0.49 ⫘
Released: 5 Jan 2023
Features ⫘
- Added support for macOS Ventura
- Localized support for Japanese and Spanish: when system language is set to Japanese or Spanish, main and tray user-facing strings are shown in that language
- Error and warning logging added under
/Library/Logs/Secureworks/directory in addition to the unified logger
Fixes & Improvements ⫘
- Compatibility with Microsoft Intune, by removing a version string incompatibility
- When registering, the registration button appears inconsistently when incorrect registration information is entered or the agent cannot connect
- Daemon doesn't restart when a package install is done manually
- Host isolation CIDR range only works with a subnet of 128, and now works with 32, 64 & 96
1.0.43 ⫘
Released: 18 Oct 2022
Features ⫘
- Host isolation:
- IPV6 support
- Customer-configured CIDR
Fixes & Improvements ⫘
- Major or minor macOS upgrades cause the appearance of abandoned agents in XDR
- Agent reports Taegis agent version
- Known issues:
- If running agent 1.0.37 or before and deploying via MDM:
- Deploying Taegis agent won't restart daemon
- After updating to new version of OS or agent, duplicate entries may temporarily appear in XDR endpoints list and will be resolved via server-side batch processing
- If running agent 1.0.37 or before and agent auto-upgrades (non-MDM), after updating to the new version, agents may temporarily have trouble registering, which will be resolved via server-side batch processing
- IPV6 isolation limitations: exclusions for IPV6 do not work when a mask is present
- If running agent 1.0.37 or before and deploying via MDM:
1.0.37 ⫘
Released: 2 Aug 2022
Features ⫘
- Improvements to Registration pane in SecureworksTaegis.app to fix user entry errors during initial registration
- Allow CMD+V to paste Registration details during initial install
- Terminate all existing connections upon isolation
- Telemetry enrichment for better correlation
Fixes & Improvements ⫘
- Fixes to potential Memory Leak within Taegis daemon
- Stability improvements to daemon
Linux ⫘
1.4.2 ⫘
Released: Beta—27 June 2024
Features ⫘
- ARM support for currently supported distros
- Added additional diagnostics:
Taegisctl diagnostics –detail - Support for SUSE/SLES Linux Distros in LTS with kernels older than 5.8
- Specifically SLES 12 SP 4 and 5; SLES 15 SP 3, 4, and 5
- Kernels 5.8 or newer will be supported via eBPF, enabled by default with agent version 1.3.x
- Support for newer distros, including Ubuntu 24.04
Fixes & Improvements ⫘
- Agent now follows the Staged Rollout model
- Added additional host identifiers for driver lookups
- Reduce default log file verbosity
- Preserve proxy settings on upgrade
1.3.10 ⫘
Released: Preview—26 June 2024; Production Stable—26 June 2024
Fixes & Improvements ⫘
- Resolved excessive permissions granted to files staged in package manager cache directories
Note
Changes for 1.3.10 were made solely to the .deb package. The agent binary and .yum packages remain unchanged from 1.3.9.
1.3.9 ⫘
Released: Beta—2 May 2024; Preview—16 May 2024; Production Stable—6 June 2024
Fixes & Improvements ⫘
- Fix to Websocket issue that could result in loss of telemetry
Note
See Taegis Endpoint Agent Known Issues for known compatibility issues with this version.
1.3.7 ⫘
Released: Beta—11 April 2024
Features ⫘
- Added tenant ID for driver lookups
Fixes & Improvements ⫘
- Agent occasionally hangs during shutdown
- Save agent proxy settings when upgrading
- Rare agent crash when network is unreliable
- Taegisctl proxy settings don’t operate as documented
- Host isolation for SUSE 15
Important
Known Issue: Agent may end up consuming all File Descriptors associated with the process when run over time. This will result in the agent silently stopping sending telemetry while still showing as connected.
1.3.3 ⫘
Released: Beta—4 December 2023; Preview—11 January 2024
Features ⫘
- Defaults to trying eBPF for kernels 5.8 or newer
- Updated taegisctl from a .sh to a functionally equivalent static binary
Fixes & Improvements ⫘
- Updater not starting if drivers were unable to load
- Volume activity telemetry not sent on unmount
- An incorrect command line registration would invalidate the previous functioning one
- Remove symlinks on uninstall
1.2.27 ⫘
Released: Beta—22 September 2023; Preview—5 October 2023; Production Stable—19 October 2023
Features ⫘
- Added support for the following additional distros via drivers (kernel modules):
- CentOS 8 and 9
- Oracle Linux Enterprise 8 and 9
- Ubuntu 22.04
- Debian 11 and 12
- Amazon Linux 2023
Fixes & Improvements ⫘
- Improved netflow telemetry aggregation
- Improved logging along with
taegisctloutput in the driver-not-found case - Upgrade to use Falco Libraries 5.0.1
- After reconnecting to network, throttle bandwidth used to send cached telemetry
- Volume Mount telemetry indicative of container escapes labeled with a MITRE tag
- Increase allowable size of update packages
- Username, terminal, and program fields missing in Auth sudo events for RHEL 9
- Allow
--enforce_selinuxon Oracle - Driver remains loaded after uninstall on Ubuntu 18 fixed
- Improved Auth event telemetry for sudo operations
1.1.32 ⫘
Released: Beta—30 August 2023; Preview—30 August 2023; Production Stable—30 August 2023
Fixes & Improvements ⫘
- Fixed rare issue of healthy agents unable to update
1.1.30 ⫘
Released: Beta—10 August 2023; Preview—10 August 2023; Production Stable—17 August 2023
Fixes & Improvements ⫘
- Package improvement
1.1.29 ⫘
Released: Beta—19 June 2023; Preview—19 June 2023; Production Stable—29 June 2023
Fixes & Improvements ⫘
- Improvements to reduce telemetry volume from customer tenants
--enforce-selinuxnow works as intended for Amazon Linux
1.1.28 ⫘
Released: Beta—17 Apr 2023; Preview—23 May 2023; Production Stable—23 May 2023
Features ⫘
- Support for Host Isolation Exception CIDR rules. See Host Isolation Exceptions for more information
- Agent looks for
http_proxyandhttps_proxyenvironment variables to identify and use a proxy to communicate with the Taegis backend. Credentials are obfuscated in theagent.logfile
Fixes & Improvements ⫘
- Removed x86 packages labeled as ARM from download
- Agent fails to start on AmazonLinux2 with
--enforce_selinux - Improved reliability of the agent to reconnect to the Taegis backend services
UnixTimestampNsecoriginal data is zero when telemetry originates from the kernel; this telemetry isn't available normalizedTaegisctlsymlink removed after upgrade- Host isolation doesn't restore iptables to prior state
1.0.54 ⫘
Released: 15 Dec 2022
Fixes & Improvements ⫘
- Fixed a bug that could cause a crash of agent on some kernels
1.0.53 ⫘
Released: 17 Nov 2022
Features ⫘
- We now support RHEL 7, 8, and 9
Fixes & Improvements ⫘
- Fixed bug related to Taegis agent updater
1.0.51 ⫘
Released: 2 Aug 2022
Features ⫘
- We now support all the latest available kernels for Centos7, Ubuntu 18.04, 20.04, and Amazon Linux2
- Added support diagnostic tool to make system information available for support; available on Linux Troubleshooting for download
- Use cached DNS when isolated
- Telemetry enrichment for better correlation
Fixes & Improvements ⫘
- Fixed the naming convention used for downloading Falco kernel drivers, particularly with Ubuntu
- Improved stability for Agent and Updater services