Released on : 18 February 2020
Applies to Version : 9.2 Build 12

EDR enhancement in monitoring suspicious processes.


  • Added the reason field to Event description for events 3524 and 3519.
  • Generate event when hash is auto approved.
  • Based on the configuration, send/forward the safe and unsafe list to sensors.
  • Based on the configuration, move the Pending Analyst Review data to research process.
  • Generate unique event 3524 per new process observed at sensor level.
  • EventTracker EDR PowerShell script changes with respect to reason field extractions/observation.
  • Changes in Configuration synchronization from Manager to Agent is based on registry key.
  • Updated the EDR knowledge pack such as Alerts, Reports, Knowledge Object and Dashlets.

Bug fix

  • Event computer detail is missing for dormant generated events 2074, 2075 and 2076.

Who should read this document
Customers who use 9.2 Build 12


Affected software
EventTracker Agent,EventTracker Alerter

Non-affected software
EventTracker Web,EventTracker Reports,Event Correlator,EventTracker Daemon,EventTracker Elasticsearch Indexer,EnterpriseActivity,EventTracker EventVault,EventTracker Receiver,EventTracker Remote Installer,EventTracker Scheduler.

Process to apply Update
Pre-Condition: Please apply all previously released updates before applying the below update.

  1. Download Update
  2. Place the Update ET92U20-012.exe in the destination computer.
  3. Execute the exe.