Fix Cross sign certificate for Windows agent drivers
Updates from the 2.8.4.0 agent included in this release:
Fix for Inspector scan results that were expiring prematurely, thus creating a blind spot for certain rule results
Renewed signing certificate
Ability to upgrade Red Cloak™ Endpoint Agent if Taegis NGAV Agent is already installed
2.8.3.0
24 Mar 2021
Fix for digital signature errors when upgrading the Red Cloak Agent on older Windows Operating Systems
Updates from the 2.8.2.0 agent included in this release:
Ability to exclude files and folders from being scanned by the Procwall module, with configuration assistance from Secureworks
Performance and storage improvements by purging duplicate events
Better detection for PID Spoofing
Stability and security improvements from upgraded toolset
NOTE: After Red Cloak upgrade/installation, endpoints may not reboot even if there were reboots pending.
2.8.1.0
18 Sept 2020
Ignition module is now removed during a remote uninstall of the agent:
All relevant registry entries and files are now removed during an uninstall of the agent
The ’rcnotify’ process is now stopped and removed during an uninstall of the agent
2.8.0.0
16 Sept 2020
NOTE: We are making changes to improve our version control, and are therefore labeling our latest Windows Red Cloak Endpoint Agent as version 2.8.x.x.
Stability of the Procwall and Cyclorama modules improved
Stability and resilience of the Ignition module while performing agent updates improved in cases when another msiexec process is running
Ignition module will now perform a CRL (Certificate Revocation Lists) cache refresh if it encounters an expired certificate during the agent update process
Mukluk module’s ability to delete host files is now restricted to just Secureworks® Taegis™ XDR files
2.1.5.0
28 Jan 2020
Stability/Performance improvements to Inspector, Lacuna, and Groundling modules
Improvements to Ignition
Compatibility with SHA2 signed MSIEXEC.exe
2.1.4.0
05 Dec 2019
Red Cloak Endpoint Agent now supports upgrading agents on Windows endpoints from within the Red Cloak Endpoint Agent system
MITRE Eval fix from 2.0.7.10 release
Release now signed by SHA256 certificate only
2.0.7.10
03 Dec 2019
Fixes for Procwall
2.0.7.9
27 Oct 2019
Performance improvement and able to gather more telemetry from Entwine without dropping predicates
2.0.7.8
14 Oct 2019
Logging level service improvement
Add IP address safelisting capability for Hostel
Detect parent create time for a process correctly during scan
2.0.7.7
13 Aug 2019
Inspector changes for IR/TTH engagements
Bug fixes
2.0.7.6
19 Jul 2019
Support for Windows Server 2019
TLS 1.2 Upgrade
Critical bug fixes/improvements
2.0.7.5
11 Jun 2019
RCE-414: Mukluk should consider page file bytes during calculation of memory utilization by modules
2.0.7.4
24 Apr 2019
Self-recovery mechanism in case of deadlocks in agent 2.0 modules
Bug fixes
Red Cloak Endpoint Agent for Linux
Version
Date
Change
1.2.15.0
22 Feb 2021
RHEL/CentOS 7.9 and 8.3 now supported
Upon upgrade, Red Cloak Linux Agent service no longer re-enables if the service was disabled prior to upgrade
A bug where after the service redcloak stop command is run, it doesn't return to the command prompt fixed
A bug where the Procwall module does not operate correctly if auditd is restarted fixed
1.2.13.0
29 Sept 2020
Ubuntu 16.04, 18.04, and 20.04 now supported
.DEB agent package now included for version 1.2.13.0 and later to install on supported Ubuntu devices
Oracle Linux 6.4 to 6.10, 7.0 to 7.8, and 8.0 to 8.2 now supported
1.2.12.0
16 Sept 2020
Dependency issue reported in the recently pulled 1.2.10.0 release fixed
Agent now installed under /opt instead of /var and can also be relocated to your desired path
Lacuna module now captures traffic only on physical interfaces
32-bit packages installed by the 1.2.10.0 agent can be removed by running the 'rc_clean_32bitpkgs.run' script, included along with instructions in this .zip file
A bug where Linux port 22 local_port netflows were not being seen by the agent fixed
A bug where source and destination ports and IPs were being swapped fixed
RHEL/CentOS 8.0 and 8.1 are now supported
RedHat Certified Partner from RHEL 8.0 onwards. View details on this accomplishment in the Red Hat Ecosystem Catalog
1.2.9.0
24 Mar 2020
The following changes have been made to the Lacuna module resulting in significant performance improvements:
Avoid capturing duplicate NetFlows sourcing from containers (e.g. Docker)
Improved the indexing of NetFlows, allowing better tracking and capturing
Created an alternate method to lookup, and associate, process IDs (PID lookup) with netflow telemetry
1.2.8.0
25 Oct 2019
Performance improvements to both Lacuna and Procwall
1.2.7.0
11 Oct 2019
Improvement in Lacuna performance by altering PID Lookup algorithm and DNS Query
Support DNS type TXT records.
Detect parent create time for a process correctly during scan
Red Cloak Endpoint Agent will communicate via TLS v1.2+.