☰

🌙☀

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Taegis Docs Home
About XDR
Get Started
- Get Started with XDR
- Top 5 Tasks
Integrate with XDR
- Integration Overview
- Data Source Integration Definitions
- All Available Integrations
- Add Data Collectors
- Add Endpoint Agents
- Forward Data to XDR
- Create Custom Parsers
  - Overview
  - Syntax
  - Repeating Fields
  - Overriding and Extending Global Parsers
  - Supported Schemas
  - All Schemas
    - Antivirus
    - Auth
    - CloudAudit
    - DHCP
    - DNS
    - Email
    - Encrypt
    - FileMod
    - HTTP
    - Management Event
    - Netflow
    - NIDS
    - Process
    - Registry
    - Thirdparty
    - Types
Manage Integrations
Alerts, Events, and Investigations
- Alerts
- Events
- Investigations
- CyberChef
Dashboards
Search and Reports
- Search
- Reports
Automation
- Automation Overview
- Supported Playbooks
- Supported Connectors
- Playbooks
- Connectors
- Automation Authoring
  - Building Connector Definitions
  - Building Playbook Templates
  - Common Expression Language (CEL)
Threat Intelligence, Hunting, and Detection
- Threat Intelligence
- Threat Hunting
  - Hunting with Jupyter Notebooks
- Detectors
- Adversary Software Coverage
  - Adversary Software Coverage
  - Frequently Asked Questions
XDR Admin
- Your Account
- Tenant Settings
APIs, SDK, and Magic
- Using XDR GraphQL APIs
- API Authentication
- XDR Python SDK
- Taegis Magic Jupyter Integration
  - Overview
- Alerts API
  - Using the Alerts API
  - Alerts GraphQL API
- Assets API
- Audits API
  - Using the Audits API
  - Audits GraphQL API
- Automations APIs
- Bring Your Own Threat Intelligence API
  - Using the BYOTI API
  - BYOTI GraphQL API
- Collector APIs
- Investigations API
  - Using the Investigations API
  - Investigations GraphQL API
- Threat Intelligence API
  - Using the Threat Intelligence API
  - Threat Intelligence GraphQL API
- Using the Users GraphQL API
- Using the Tenants GraphQL API
- Using the Countermeasures API
- Using the File Upload API
Secureworks Products, Services, and Policies
- Managed iSensor
- ManagedXDR
- ManagedXDR Elite
  - Service Description
  - Onboarding Guide
- ManagedXDR for OT
- ManagedXDR Enhanced
  - Service Description
  - Onboarding Guide
- ManagedXDR–Managed iSensor Add-on
- Secureworks Professional Services
- Legal

Taegis Endpoint Agent Changelog

integrations endpoints edr taegis agent secureworks

Find release notes for the Taegis™ XDR Endpoint Agent for Windows, macOS, and Linux below. Blue badges appended to version numbers indicate which release channel the version is currently promoted to. For more information on assigning groups to a channel to auto-update endpoints in that group when agent versions promoted to the chosen channel are released, see Group Configuration.

Note

Release dates are provided for each release channel as of the introduction of this feature. Not every version is promoted to each channel.

Tip

If you would like notifications when there is an update to a Taegis Endpoint Agent, subscribe to the Changelog RSS Feed. You'll need an RSS Reader or an RSS Extension for your browser.

Windows ⫘

2.0.8 ⫘

Released: Beta—15 April 2024

Fixes & Improvements ⫘

Fix for failure of the agent to update from 2.0.0 or 2.0.4
Fix for RPC telemetry not reporting Mimikatz-related telemetry
Fix for agent causing some Microsoft Office apps to crash
Fix for agent causing incompatibility issues with Tableau
Fix for issues with accessing Sharepoint sites when running agent alongside Cisco Umbrella
Fix for agent blocking Citrix installations

2.0.4 ⫘

Released: Beta—22 February 2024

Features ⫘

Remote Procedure Call telemetry

Fixes & Improvements ⫘

AMSI bug fix
Fix to incompatibility issue found when running Bitdefender and Taegis Endpoint Agent on same endpoint
Fix for slow file opening across network share
Japan language uninstall screen fix

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version and an overview of compatibility with other products.

1.2.84 ⫘

Released: Beta—25 January 2024; Preview—25 January 2024; Production Stable—1 February 2024

Fixes & Improvements ⫘

Fixed an intermittent upgrade issue

Important

Customers running Siemens PLC software may experience compatibility issues with this version. See Taegis Endpoint Agent Known Issues for more information on compatibility issues.
Customers may also experience intermittent network connectivity issues with this version when running patches KB5035854, KB5035853, KB5035853, and KB5035845.

1.2.82 ⫘

Released: Beta—4 January 2024; Preview—11 January 2024

Fixes & Improvements ⫘

Compatibility issue with some antivirus vendors resulted in Windows becoming unstable

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version.

1.2.64 ⫘

Released: Beta—2 November 2023; Preview—2 November 2023

Fixes & Improvements ⫘

Ensure agents are in an upgradeable state

1.2.44 ⫘

Released: Beta—5 October 2023; Preview—19 October 2023

Features ⫘

Improved telemetry:
- File upload for scanning via backend YARA rules
- Additional telemetry types:
  - API call telemetry
  - Code injection
  - Keylogger activity detection
  - MBR and GPT modifications
DNS over HTTPS and multiple DNS server support; see DNS Resolution for more information
Files referenced with NT device paths uploaded

Fixes & Improvements ⫘

File copy performance over SMB

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version.

1.0.50 ⫘

Released: Production Stable—2 November 2023

Fixes & Improvements ⫘

Ensure agents are in an upgradeable state

1.0.44 ⫘

Released: Beta—7 June 2023

Features ⫘

Query default DNS server over HTTPS to mitigate any infrastructure restrictions and allow multiple local DNS overrides

1.0.42 ⫘

Released: Beta—22 May 2023; Preview—22 May 2023; Production Stable—13 June 2023

Fixes & Improvements ⫘

Disable code injection across all policy tiers

1.0.40 ⫘

Released: Beta—10 May 2023

Fixes & Improvements ⫘

Fixed race condition that could lead to failure in upgrade process
Corrected AMSI module installation location
Memory commit charge optimization in telemetry processing/serialization
Report endpoint agent version in telemetry
Provide Japanese translations for the installer UI
Optimized telemetry handling
Support Kit Improvements:
- Add machine GUID
- List running processes including CPU usages
Fetch the network gateways and add them to the allow list

1.0.26 ⫘

Released: 12 Dec 2022

Features ⫘

Added support for Windows Server 2022

Fixes & Improvements ⫘

Fixed collision with Sophos Updater which was preventing Sophos agent updates to occur
Improvements to File Handles to avoid interoperability problems with 3rd-party vendors
Process mapping for Netflows
Installer now accepts DNS server if proxy is provided
TaegisAgentSupportKit:
- Information about AV products installed
- Taegis Service Status
- Taegis related logs from Windows Event Logs: Application, System

1.0.24 ⫘

Released: 17 Oct 2022

Fixes & Improvements ⫘

Additional stability improvements for handling of telemetry messages from driver

1.0.22 ⫘

Released: 13 Oct 2022

Fixes & Improvements ⫘

Fixed performance issues on endpoints with high netflow traffic:
- Optimized netflow capture
- Performance improvements in driver lookup of process details
- Substantially improved handling of telemetry messages from driver
Improved handling of large file transfer over the network
Installer to validate user input fields
Improved quality of injected thread telemetry
Improved information provided by TaegisAgentSupportKit.x64.exe tool
Detect pre-existing processes upon service start
Allow protected process to access network during isolation
Improved handling of isolation status
Security improvements:
- Do NOT use Microsoft DNS Cache for the Taegis Agent; prevents DoS, etc. via etc/hosts manipulation
- Added quote paths to system service with spaces

1.0.16 ⫘

Released: 2 Aug 2022

Features ⫘

Added TaegisAgentSupportKit.x64.exe tool to make agent information available for support
Added Windows DNS response as telemetry

Fixes & Improvements ⫘

Host Isolation improvements: terminate existing connections from non-SCWX signed processes, terminate RDP, and allow DHCP when isolated
Taegis Service Shutdown
Disabled signature check on MSI for upgrades

macOS ⫘

1.5.11 ⫘

Released: Beta—28 March 2024

Features ⫘

Packed executable detection
Isolated endpoints have different icon in macOS menu bar
Registration using new key and/or server will happen without waiting up to five minutes
App shows MDM Managed text in status view on managed endpoints

Fixes & Improvements ⫘

FileMod events have process_image_path

1.4.9 ⫘

Released: Beta—9 January 2024; Preview—18 January 2024; Production Stable—1 February 2024

Features ⫘

SecureworksTaegis.app new Diagnostics view and taegisctl command-line tool for Diagnostics. For more information, see macOS Agent Troubleshooting
Restrict access to /Library/Application Support/secureworks and /Library/Logs/Secureworks folders

Fixes & Improvements ⫘

Network extension logging false message of exiting host isolation after registrations
Fix reporting of AWS instance ID
Logging improvements

Note

See Taegis Endpoint Agent Known Issues for known issues with this version.

1.3.9 ⫘

Released: Beta—5 October 2023; Preview—19 October 2023; Production Stable—26 October 2023

Features ⫘

Telemetry enhancements:
- Filemod telemetry for read-only open events
- Additional auth events
Applescript detection events
Ventura relevant installation UI examples added

Fixes & Improvements ⫘

Add support for AWS IMDSv2 metadata
About dialog box now appears in front of other windows
Main app now shows Connected state accurately
Improve clarity of host isolation log messages
Agent now allows MDM to change registration information

1.2.12 ⫘

Released: Beta—5 July 2023; Preview—5 July 2023; Production Stable—13 July 2023

Fixes & Improvements ⫘

Backend update

1.2.11 ⫘

Released: Beta—12 June 2023

Features ⫘

Agent dialog changes to yellow when in registering state

Fixes & Improvements ⫘

File upload:
- Add additional fidelity to file upload logs
- Improve upload retry resilience
Apple Endpoint Security API Telemetry:
- Capture authentication events for Ventura and later releases
- Event timestamp reflects creation time

1.0.55 ⫘

Released: Beta—2 Mar 2023; Preview—29 Mar 2023; Production Stable—29 Mar 2023

Fixes & Improvements ⫘

Resolved issues with agent upgrade and uninstall:
- Two agent icons appearing in menu bar after upgrade
- Uninstaller doesn’t unload tray app

1.0.49 ⫘

Released: 5 Jan 2023

Features ⫘

Added support for macOS Ventura
Localized support for Japanese and Spanish: when system language is set to Japanese or Spanish, main and tray user-facing strings are shown in that language
Error and warning logging added under /Library/Logs/Secureworks/ directory in addition to the unified logger

Fixes & Improvements ⫘

Compatibility with Microsoft Intune, by removing a version string incompatibility
When registering, the registration button appears inconsistently when incorrect registration information is entered or the agent cannot connect
Daemon doesn't restart when a package install is done manually
Host isolation CIDR range only works with a subnet of 128, and now works with 32, 64 & 96

1.0.43 ⫘

Released: 18 Oct 2022

Features ⫘

Host isolation:
- IPV6 support
- Customer-configured CIDR

Fixes & Improvements ⫘

Major or minor macOS upgrades cause the appearance of abandoned agents in XDR
Agent reports Taegis agent version
Known issues:
- If running agent 1.0.37 or before and deploying via MDM:
  - Deploying Taegis agent won't restart daemon
  - After updating to new version of OS or agent, duplicate entries may temporarily appear in XDR endpoints list and will be resolved via server-side batch processing
- If running agent 1.0.37 or before and agent auto-upgrades (non-MDM), after updating to the new version, agents may temporarily have trouble registering, which will be resolved via server-side batch processing
- IPV6 isolation limitations: exclusions for IPV6 do not work when a mask is present

1.0.37 ⫘

Released: 2 Aug 2022

Features ⫘

Improvements to Registration pane in SecureworksTaegis.app to fix user entry errors during initial registration
Allow CMD+V to paste Registration details during initial install
Terminate all existing connections upon isolation
Telemetry enrichment for better correlation

Fixes & Improvements ⫘

Fixes to potential Memory Leak within Taegis daemon
Stability improvements to daemon

Linux ⫘

1.3.7 ⫘

Released: Beta—11 April 2023

Features ⫘

Added tenant ID for driver lookups

Fixes & Improvements ⫘

Agent occasionally hangs during shutdown
Save agent proxy settings when upgrading
Rare agent crash when network is unreliable
Taegisctl proxy settings don’t operate as documented
Host isolation for SUSE 15

Important

Known Issue: Agent may end up consuming all File Descriptors associated with the process when run over time. This will result in the agent silently stopping sending telemetry while still showing as connected.

1.3.3 ⫘

Released: Beta—4 December 2023; Preview—11 January 2024

Features ⫘

Defaults to trying eBPF for kernels 5.8 or newer
Updated taegisctl from a .sh to a functionally equivalent static binary

Fixes & Improvements ⫘

Updater not starting if drivers were unable to load
Volume activity telemetry not sent on unmount
An incorrect command line registration would invalidate the previous functioning one
Remove symlinks on uninstall

1.2.27 ⫘

Released: Beta—22 September 2023; Preview—5 October 2023; Production Stable—19 October 2023

Features ⫘

Added support for the following additional distros via drivers (kernel modules):
- CentOS 8 and 9
- Oracle Linux Enterprise 8 and 9
- Ubuntu 22.04
- Debian 11 and 12
- Amazon Linux 2023

Fixes & Improvements ⫘

Improved netflow telemetry aggregation
Improved logging along with taegisctl output in the driver-not-found case
Upgrade to use Falco Libraries 5.0.1
After reconnecting to network, throttle bandwidth used to send cached telemetry
Volume Mount telemetry indicative of container escapes labeled with a MITRE tag
Increase allowable size of update packages
Username, terminal, and program fields missing in Auth sudo events for RHEL 9
Allow --enforce_selinux on Oracle
Driver remains loaded after uninstall on Ubuntu 18 fixed
Improved Auth event telemetry for sudo operations

1.1.32 ⫘

Released: Beta—30 August 2023; Preview—30 August 2023; Production Stable—30 August 2023

Fixes & Improvements ⫘

Fixed rare issue of healthy agents unable to update

1.1.30 ⫘

Released: Beta—10 August 2023; Preview—10 August 2023; Production Stable—17 August 2023

Fixes & Improvements ⫘

Package improvement

1.1.29 ⫘

Released: Beta—19 June 2023; Preview—19 June 2023; Production Stable—29 June 2023

Fixes & Improvements ⫘

Improvements to reduce telemetry volume from customer tenants
--enforce-selinux now works as intended for Amazon Linux

1.1.28 ⫘

Released: Beta—17 Apr 2023; Preview—23 May 2023; Production Stable—23 May 2023

Features ⫘

Support for Host Isolation Exception CIDR rules. See Host Isolation Exceptions for more information
Agent looks for http_proxy and https_proxy environment variables to identify and use a proxy to communicate with the Taegis backend. Credentials are obfuscated in the agent.log file

Fixes & Improvements ⫘

Removed x86 packages labeled as ARM from download
Agent fails to start on AmazonLinux2 with --enforce_selinux
Improved reliability of the agent to reconnect to the Taegis backend services
UnixTimestampNsec original data is zero when telemetry originates from the kernel; this telemetry isn't available normalized
Taegisctl symlink removed after upgrade
Host isolation doesn't restore iptables to prior state

1.0.54 ⫘

Released: 15 Dec 2022

Fixes & Improvements ⫘

Fixed a bug that could cause a crash of agent on some kernels

1.0.53 ⫘

Released: 17 Nov 2022

Features ⫘

We now support RHEL 7, 8, and 9

Fixes & Improvements ⫘

Fixed bug related to Taegis agent updater

1.0.51 ⫘

Released: 2 Aug 2022

Features ⫘

We now support all the latest available kernels for Centos7, Ubuntu 18.04, 20.04, and Amazon Linux2
Added support diagnostic tool to make system information available for support; available on Linux Troubleshooting for download
Use cached DNS when isolated
Telemetry enrichment for better correlation

Fixes & Improvements ⫘

Fixed the naming convention used for downloading Falco kernel drivers, particularly with Ubuntu
Improved stability for Agent and Updater services