We are pleased to announce that Thursday, April 20 the Endpoint Detection and Response (EDR) product will be releasing new agents. The Windows agent will see an update to 22.3 SP1 (22.3.4.612). The Linux agent will see an update to 22.4 GA (22.4.2.4). The Mac Agent will see an update to 22.4 GA(22.4.2.6599) We strongly recommend upgrading these agents as soon as possible to provide the maximum level of protection available.

New and improved in Windows 22.3 SP1 (22.3.4.612)

• Improved security against known anti-EDR techniques. In this version, security measures are taken to prevent non-privileged users from deleting or quarantining arbitrary files (data deletion), potentially causing a denial of service (DOS) to applications or operating systems.
• Addressed an issue that caused the Agent to stop functioning after upgrading to Agent version 22.3 GA on Windows Server 2012 or Windows 8 only.
• General bug fixes and improvements

For the full list of Bug Fixes please see the Release Notes link below

New and improved in Mac 22.4 GA (22.4.2.6599)

• Enhanced Static AI is now GA – From this version, the Enhanced Static AI is enabled by default
• Enhanced Granular Performance Focus Exclusions – This version adds support for Granular Performance Focus Exclusion for Dynamic Engines (Behavioral AI) and Deep Visibility.
• Enhanced detection of attack frameworks.
• Detection enhancements.
• Performance Improvements – Enhanced Agent performance on macOS Ventura.
• Enhanced Agent Security
• General bug fixes and improvements

For the full list of Bug Fixes please see the Release Notes link below

New and improved in Linux 22.4 GA (22.4.2):

• New Distro Support for x86 and ARM Agents: RHEL 9.1 and 8.7, RockyLinux 8.7, and AlmaLinux 8.7
• New Distro Support for x86 Agents: OracleLinux 8.7

Detection Enhancements:

• Local Privilege Escalation: Alert when a process tries to exploit the DirtyPipe vulnerability CVE-2022-0847.
• Local Privilege Escalation: Alert on a privileged read or write action from an originally non-privileged process.
• Dynamic Linker Hijacking: Alert when a bash process changes the LD_PRELOAD environment variable in runtime.
• Improved path handling in containers, which results in improved detection of container and K8s threats and Behavioral Indicators.
• The Static AI model has enhanced detection.

New eBPF Improvements:

To improve Agent performance, we use the Extended Berkeley Packet Filter (eBPF) to collect operating system telemetry events (where the OS supports it). eBPF features are gradually added through Agent releases.

These are the eBPF features of this Agent release:

• Improved eBPF telemetry collection on Ubuntu 18.04, Oracle Linux 7 and Debian 10.

Performance enhancements in this release:

OS event optimization: The Agent does not load the chdir and fchdir hooks if all path-dependent hooks are loaded successfully with eBPFs.

Enable (default) or disable this feature with this Policy Override:

For the full list of Bug Fixes please see the Release Notes link below

For full details on all updates please check out our Release Notes: https://success.n-able.com/nc-edr-documentation/