We are pleased to announce that Monday, July 10, the Endpoint Detection and Response (EDR) product will be releasing a new agent for Windows. The Windows agent will see an update to 22.3 SP2 (220.127.116.117). We strongly recommend upgrading these agents as soon as possible to provide the maximum level of protection available.
New and improved in Windows 22.3 SP2 (18.104.22.1687):
Windows Agent 22.3 SP2 resolves an issue related to the MS Windows Security Updates for April, which might impact Windows 10 and Windows 11 devices running SentinelOne. The Microsoft Windows April Security Update introduced additional information to the Feature Flag functionality which impacted the ability of the SentinelOne Agent to detect audit policy changes.
After applying one of the MS Windows security patches (KB5025221, KB5025239, KB5025224), the Agent was unable to detect changes to the audit policy if the default audit policy was changed. This caused the Agent to not be able to make the necessary corrections to re-enable audit policies required for the Agent to fully function.
- Added New Behavioral Indicators for MITRE: T1562.001 These Behavioral Indicators are enabled by default.
- FsctlSdGlobalChange (Verdict: MITIGATE)
- FsctlSdGlobalChangeSentinelSid (Verdict: MITIGATE)
- Bug Fixes
For the full list of Bug Fixes please see the Release Notes link below
For full details on all updates please check out our Release Notes: https://success.n-able.com/nc-edr-documentation/