Released on : 18 February 2020
Applies to Version : 9.2 Build 12
Download
Summary
EDR enhancement in monitoring suspicious processes.
Enhancements
- Added the reason field to Event description for events 3524 and 3519.
- Generate event when hash is auto approved.
- Based on the configuration, send/forward the safe and unsafe list to sensors.
- Based on the configuration, move the Pending Analyst Review data to research process.
- Generate unique event 3524 per new process observed at sensor level.
- EventTracker EDR PowerShell script changes with respect to reason field extractions/observation.
- Changes in Configuration synchronization from Manager to Agent is based on registry key.
- Updated the EDR knowledge pack such as Alerts, Reports, Knowledge Object and Dashlets.
Bug fix
- Event computer detail is missing for dormant generated events 2074, 2075 and 2076.
Who should read this document
Customers who use 9.2 Build 12
Severity
Medium
Affected software
EventTracker Agent,EventTracker Alerter
Non-affected software
EventTracker Web,EventTracker Reports,Event Correlator,EventTracker Daemon,EventTracker Elasticsearch Indexer,EnterpriseActivity,EventTracker EventVault,EventTracker Receiver,EventTracker Remote Installer,EventTracker Scheduler.
Process to apply Update
Pre-Condition: Please apply all previously released updates before applying the below update.
- Download Update
- Place the Update ET92U20-012.exe in the destination computer.
- Execute the exe.