Skip to content

Taegis Endpoint Agent Changelog๐Ÿ”—

Find release notes for the Taegisโ„ข XDR Endpoint Agent for Windows, macOS, and Linux below and note the following:

Important

  • Blue badges appended to version numbers indicate which release channel the version is currently promoted to. Not every version is promoted to each channel.
  • Once a version is promoted to the Production Stable release channel, any interim pre-Production Stable release versions are moved to a collapsed section at the end of the Production Stable note. Select to expand to view those versions.
  • Production Stable and Preview agent releases occur in staged rollouts that may take up to two weeks. Release dates indicate the initiation of a staged rollout.

For more information on selecting a release channel in group policies to auto-update endpoints when agent versions are released, see Agent Group Policies.

Tip

Subscribe to the Changelog RSS Feed for notifications when there is an update to a Taegis Endpoint Agent. You'll need an RSS Reader or an RSS Extension for your browser.

Windows๐Ÿ”—

2.4.22 ๐Ÿ”—

Released: Betaโ€”12 June 2025; Previewโ€”18 June 2025; Production Stableโ€”26 June 2025

Fixes & Improvements๐Ÿ”—

  • Fixes an issue where endpoints running version 2.4.20 were unable to launch the Box Drive application
  • Fixes an issue where isolated endpoints using the Server telemetry tier lost connectivity with XDR and required uninstallation

2.4.20๐Ÿ”—

Released: Betaโ€”1 May 2025; Previewโ€”8 May 2025; Production Stableโ€”27 May 2025

Fixes & Improvements๐Ÿ”—

  • Fixes an intermittent race condition that resulted in a BSOD when werfault.exe was executed, which impacted versions 2.4.x and later only
  • Fixes a rare blue screen of death (BSoD) issue
  • Adds GOLDENIMAGE option to support golden image reboots
  • Telemetry filtering updates
  • Adds support for include_meta_headers field
  • Various fixes
Expand to view 2.4.20 interim pre-Production Stable release versions

2.4.18๐Ÿ”—

Released: Betaโ€”24 April 2025

Fixes & Improvements๐Ÿ”—

  • Fixes a rare blue screen of death (BSoD) issue

2.4.14๐Ÿ”—

Released: Betaโ€”20 March 2025; Previewโ€”27 March 2025

Fixes & Improvements๐Ÿ”—

  • Add GOLDENIMAGE option to support golden image reboots
  • Telemetry filtering updates
  • Add support for include_meta_headers field
  • Various fixes

2.2.22๐Ÿ”—

Released: Betaโ€”20 February 2025; Previewโ€”27 February 2025; Production Stableโ€”6 March 2025

Fixes & Improvements๐Ÿ”—

  • Fixes a rare blue screen of death (BSoD) issue related to telemetry filtering

2.2.18๐Ÿ”—

Released: Betaโ€”16 January 2025; Previewโ€”23 January 2025; Production Stableโ€”6 February 2025

Fixes & Improvements๐Ÿ”—

  • Fixes several rare issues related to blue screen of death (BSoD) and .Net Application crashes
Expand to view 2.2.18 interim pre-Production Stable release versions

2.2.14๐Ÿ”—

Released: Betaโ€”14 November 2024; Previewโ€”21 November 2024

Fixes & Improvements๐Ÿ”—

  • Fixes customer-reported blue screen of death (BSoD) instances in version 2.2.12

Note

The 2.2.14 release is intended to resolve BSoD instances reported by customers in the 2.2.12 release. The rollout of 2.2.12 to Production Stable has been stopped. Pending confirmation that 2.2.14 resolves the BSoD issue, rollout of 2.2.14 will proceed through the Beta, Preview, and then Production Stable release channels.

2.2.12๐Ÿ”—

Released: Betaโ€”26 September 2024; Previewโ€”10 October 2024; Production Stableโ€”24 October 2024

Features๐Ÿ”—

  • Telemetry volume reduction for registry and filemod
  • Additional tamper resistance

Fixes & Improvements๐Ÿ”—

  • Agent rolls back to prior version if upgrade fails

2.1.2๐Ÿ”—

Released: Betaโ€”30 May 2024; Previewโ€”20 June 2024; Production Stableโ€”11 July 2024

Features๐Ÿ”—

  • Tamper Protection Uninstall Resistance, now available in Group Policies
  • Telemetry Sink change; tries new FQDN and IP, will fall back to existing connection; see the version 2.0.10 note for more information

Fixes & Improvements๐Ÿ”—

  • Occasional upgrade hang

  • Compatibility:

    • Firefox 64 bit
    • FortiClient

  • Telemetry:

    • Additional RPC telemetry (requires Deep Process Inspection to be enabled)
      • RPC telemetry duplicate removal
    • Filemod not sent if cmd output was redirected
    • Sending process associated with filemod including remote drives
    • APC telemetry volume reduction

  • Proxy reconnection reliability

  • File uploads support NT path names
  • Network file copy slowdown

  • AKT-enabled fixes

    • Occasional application crashes

2.0.10๐Ÿ”—

Released: Betaโ€”23 May 2024; Previewโ€”30 May 2024; Production Stableโ€”13 June 2024

Features๐Ÿ”—

  • Update to URLs used for agent telemetry

Note

Starting with the Windows Taegis Endpoint Agent 2.0.10, the following changes were made to opportunistically try to connect to new FQDNs and IP addresses.

For versions 2.0.10 / 2.1.2 and onward, when attempting to register the destination for telemetry from the agent, this will be the order of operations:

  • The agent will first attempt to connect to: wss://telemetry.<ENV>.taegiscloud.com:443/ws

  • If thereโ€™s no response, the agent will fall back to the telemetry destination used prior to 2.0.10: wss://sink.<ENV>.taegiscloud.com:8443/ws

    Where <ENV> is only one of --> c | d | e | f

Existing network connectivity for file-receiver, reg, and drivers will remain unchanged.

This logic was implemented so that no change in networking, firewalls, or IP routing would be required by tenant admins or customer IT personnel.

Fixes & Improvements๐Ÿ”—

  • Fix for code injection failing with hook already exists error
  • Fix for missing RPC telemetry
  • Fix for applications crashing after agent installation

2.0.8๐Ÿ”—

Released: Betaโ€”15 April 2024; Previewโ€”2 May 2024; Production Stableโ€”16 May 2024

Features๐Ÿ”—

  • Remote Procedure Call telemetry

Fixes & Improvements๐Ÿ”—

  • Fix for failure of the agent to update from 2.0.0 or 2.0.4
  • Fix for RPC telemetry not reporting Mimikatz-related telemetry
  • Fix for agent causing some Microsoft Office apps to crash
  • Fix for agent causing incompatibility issues with Tableau
  • Fix for agent blocking Citrix installations
  • AMSI bug fix
  • Fix to incompatibility issue found when running Bitdefender and Taegis Endpoint Agent on same endpoint
  • Fix for slow file opening across network share
  • Japan language uninstall screen fix

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version.

Expand to view 2.0.8 interim pre-Production Stable release versions

2.0.4๐Ÿ”—

Released: Betaโ€”22 February 2024

Features๐Ÿ”—

  • Remote Procedure Call telemetry

Fixes & Improvements๐Ÿ”—

  • AMSI bug fix
  • Fix to incompatibility issue found when running Bitdefender and Taegis Endpoint Agent on same endpoint
  • Fix for slow file opening across network share
  • Japan language uninstall screen fix

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version and an overview of compatibility with other products.

1.2.84๐Ÿ”—

Released: Betaโ€”25 January 2024; Previewโ€”25 January 2024; Production Stableโ€”1 February 2024

Features๐Ÿ”—

  • Improved telemetry:
    • File upload for scanning via backend YARA rules
    • Additional telemetry types:
      • API call telemetry
      • Code injection
      • Keylogger activity detection
      • MBR and GPT modifications
  • DNS over HTTPS and multiple DNS server support; see DNS Resolution for more information
  • Files referenced with NT device paths uploaded

Fixes & Improvements๐Ÿ”—

  • Fixed an intermittent upgrade issue
  • Compatibility issue with some antivirus vendors resulted in Windows becoming unstable
  • Ensure agents are in an upgradeable state
  • File copy performance over SMB

Important

  • Customers running Siemens PLC software may experience compatibility issues with this version. See Taegis Endpoint Agent Known Issues for more information on compatibility issues.
  • Customers may also experience intermittent network connectivity issues with this version when running patches KB5035854, KB5035853, KB5035853, and KB5035845.
Expand to view 1.2.84 interim pre-Production Stable release versions

1.2.82๐Ÿ”—

Released: Betaโ€”4 January 2024; Previewโ€”11 January 2024

Fixes & Improvements๐Ÿ”—

  • Compatibility issue with some antivirus vendors resulted in Windows becoming unstable

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version.

1.2.64๐Ÿ”—

Released: Betaโ€”2 November 2023; Previewโ€”2 November 2023

Fixes & Improvements๐Ÿ”—

  • Ensure agents are in an upgradeable state

1.2.44๐Ÿ”—

Released: Betaโ€”5 October 2023; Previewโ€”19 October 2023

Features๐Ÿ”—

  • Improved telemetry:
    • File upload for scanning via backend YARA rules
    • Additional telemetry types:
      • API call telemetry
      • Code injection
      • Keylogger activity detection
      • MBR and GPT modifications
  • DNS over HTTPS and multiple DNS server support; see DNS Resolution for more information
  • Files referenced with NT device paths uploaded

Fixes & Improvements๐Ÿ”—

  • File copy performance over SMB

Note

See Taegis Endpoint Agent Known Issues for a known issue with this version.

1.0.50๐Ÿ”—

Released:Production Stableโ€”2 November 2023

Features๐Ÿ”—

  • Query default DNS server over HTTPS to mitigate any infrastructure restrictions and allow multiple local DNS overrides

Fixes & Improvements๐Ÿ”—

  • Ensure agents are in an upgradeable state
Expand to view 1.0.50 interim pre-Production Stable release versions

1.0.44๐Ÿ”—

Released: Betaโ€”7 June 2023

Features๐Ÿ”—

  • Query default DNS server over HTTPS to mitigate any infrastructure restrictions and allow multiple local DNS overrides

1.0.42๐Ÿ”—

Released: Betaโ€”22 May 2023; Previewโ€”22 May 2023; Production Stableโ€”13 June 2023

Fixes & Improvements๐Ÿ”—

  • Disable code injection across all policy tiers
  • Fixed race condition that could lead to failure in upgrade process
  • Corrected AMSI module installation location
  • Memory commit charge optimization in telemetry processing/serialization
  • Report endpoint agent version in telemetry
  • Provide Japanese translations for the installer UI
  • Optimized telemetry handling
  • Support Kit Improvements:
    • Add machine GUID
    • List running processes including CPU usages
  • Fetch the network gateways and add them to the allow list
Expand to view 1.0.42 interim pre-Production Stable release versions

1.0.40๐Ÿ”—

Released: Betaโ€”10 May 2023

Fixes & Improvements๐Ÿ”—

  • Fixed race condition that could lead to failure in upgrade process
  • Corrected AMSI module installation location
  • Memory commit charge optimization in telemetry processing/serialization
  • Report endpoint agent version in telemetry
  • Provide Japanese translations for the installer UI
  • Optimized telemetry handling
  • Support Kit Improvements:
    • Add machine GUID
    • List running processes including CPU usages
  • Fetch the network gateways and add them to the allow list

1.0.26๐Ÿ”—

Released:12 Dec 2022

Features๐Ÿ”—

  • Added support for Windows Server 2022

Fixes & Improvements๐Ÿ”—

  • Fixed collision with Sophos Updater which was preventing Sophos agent updates to occur
  • Improvements to File Handles to avoid interoperability problems with 3rd-party vendors
  • Process mapping for Netflows
  • Installer now accepts DNS server if proxy is provided
  • TaegisAgentSupportKit:
    • Information about AV products installed
    • Taegis Service Status
    • Taegis related logs from Windows Event Logs: Application, System

1.0.24๐Ÿ”—

Released:17 Oct 2022

Fixes & Improvements๐Ÿ”—

  • Additional stability improvements for handling of telemetry messages from driver

1.0.22๐Ÿ”—

Released:13 Oct 2022

Fixes & Improvements๐Ÿ”—

  • Fixed performance issues on endpoints with high netflow traffic:
    • Optimized netflow capture
    • Performance improvements in driver lookup of process details
    • Substantially improved handling of telemetry messages from driver
  • Improved handling of large file transfer over the network
  • Installer to validate user input fields
  • Improved quality of injected thread telemetry
  • Improved information provided by TaegisAgentSupportKit.x64.exe tool
  • Detect pre-existing processes upon service start
  • Allow protected process to access network during isolation
  • Improved handling of isolation status
  • Security improvements:
    • Do NOT use Microsoft DNS Cache for the Taegis Agent; prevents DoS, etc. via etc/hosts manipulation
    • Added quote paths to system service with spaces

1.0.16๐Ÿ”—

Released:2 Aug 2022

Features๐Ÿ”—

  • Added TaegisAgentSupportKit.x64.exe tool to make agent information available for support
  • Added Windows DNS response as telemetry

Fixes & Improvements๐Ÿ”—

  • Host Isolation improvements: terminate existing connections from non-SCWX signed processes, terminate RDP, and allow DHCP when isolated
  • Taegis Service Shutdown
  • Disabled signature check on MSI for upgrades

macOS๐Ÿ”—

2.0.17 ๐Ÿ”—

Released: Betaโ€”23 January 2025; Previewโ€”30 January 2025; Production Stableโ€”6 February 2025

Fixes & Improvements๐Ÿ”—

  • Fixes taegisctl Netfilter Enabled check issue in Sequoia
  • Fixes network interfaces reporting issue

2.0.16๐Ÿ”—

Released: Betaโ€”12 December 2024; Previewโ€”17 December 2024; Production Stableโ€”16 January 2025

Fixes & Improvements๐Ÿ”—

  • Fixes a minor issue with the new macOS version Sequoia
  • Fixes a minor issue with Diagnostics
Expand to view 2.0.16 interim pre-Production Stable release versions

2.0.15๐Ÿ”—

Released: Betaโ€”5 December 2024; Previewโ€”10 December 2024

Fixes & Improvements๐Ÿ”—

  • Fixes a minor issue with the new macOS version Sequoia

2.0.13๐Ÿ”—

Released: Betaโ€”3 October 2024; Previewโ€”3 October 2024; Production Stableโ€”10 October 2024

Fixes & Improvements๐Ÿ”—

  • Fixes a minor issue with the new macOS version Sequoia

2.0.9๐Ÿ”—

Released: Betaโ€”11 July 2024; Previewโ€”25 July 2024; Production Stableโ€”14 August 2024

Features๐Ÿ”—

  • Tamper Protection Uninstall Blocking, now available in Group Policies
  • Unattended uninstall via XDR is now possible for correctly configured macOS Managed endpoints; see Uninstall Taegis Agents

Fixes & Improvements๐Ÿ”—

  • Telemetry improvements relating to thread injection, packet capture, time-stomping, and script interpreter processes
  • Diagnostics reliability improvements

1.5.15๐Ÿ”—

Released: Betaโ€”27 June 2024; Previewโ€”9 July 2024; Production Stableโ€”11 July 2024

Fixes & Improvements๐Ÿ”—

  • Fix for intermittent connectivity failure

1.5.14๐Ÿ”—

Released: Betaโ€”2 May 2024; Previewโ€”9 May 2024; Production Stableโ€”23 May 2024

Features๐Ÿ”—

  • Packed executable detection
  • Isolated endpoints have different icon in macOS menu bar
  • Registration using new key and/or server will happen without waiting up to five minutes
  • App shows MDM Managed text in status view on managed endpoints

Fixes & Improvements๐Ÿ”—

  • FileMod events have process_image_path
  • Miscellaneous fixes
Expand to view 1.5.14 interim pre-Production Stable release versions

1.5.11๐Ÿ”—

Released: Betaโ€”28 March 2024

Features๐Ÿ”—

  • Packed executable detection
  • Isolated endpoints have different icon in macOS menu bar
  • Registration using new key and/or server will happen without waiting up to five minutes
  • App shows MDM Managed text in status view on managed endpoints

Fixes & Improvements๐Ÿ”—

  • FileMod events have process_image_path

1.4.9๐Ÿ”—

Released: Betaโ€”9 January 2024; Previewโ€”18 January 2024; Production Stableโ€”1 February 2024

Features๐Ÿ”—

  • SecureworksTaegis.app new Diagnostics view and taegisctl command-line tool for Diagnostics. For more information, see macOS Agent Troubleshooting
  • Restrict access to /Library/Application Support/secureworks and /Library/Logs/Secureworks folders

Fixes & Improvements๐Ÿ”—

  • Network extension logging false message of exiting host isolation after registrations
  • Fix reporting of AWS instance ID
  • Logging improvements

Note

See Taegis Endpoint Agent Known Issues for known issues with this version.

1.3.9๐Ÿ”—

Released: Betaโ€”5 October 2023; Previewโ€”19 October 2023; Production Stableโ€”26 October 2023

Features๐Ÿ”—

  • Telemetry enhancements:
    • Filemod telemetry for read-only open events
    • Additional auth events
  • Applescript detection events
  • Ventura relevant installation UI examples added

Fixes & Improvements๐Ÿ”—

  • Add support for AWS IMDSv2 metadata
  • About dialog box now appears in front of other windows
  • Main app now shows Connected state accurately
  • Improve clarity of host isolation log messages
  • Agent now allows MDM to change registration information

1.2.12๐Ÿ”—

Released: Betaโ€”5 July 2023; Previewโ€”5 July 2023; Production Stableโ€”13 July 2023

Features๐Ÿ”—

  • Agent dialog changes to yellow when in registering state

Fixes & Improvements๐Ÿ”—

  • File upload:
    • Add additional fidelity to file upload logs
    • Improve upload retry resilience
  • Apple Endpoint Security API Telemetry:
    • Capture authentication events for Ventura and later releases
    • Event timestamp reflects creation time
  • Backend update
Expand to view 1.2.12 interim pre-Production Stable release versions

1.2.11๐Ÿ”—

Released: Betaโ€”12 June 2023

Features๐Ÿ”—

  • Agent dialog changes to yellow when in registering state

Fixes & Improvements๐Ÿ”—

  • File upload:
    • Add additional fidelity to file upload logs
    • Improve upload retry resilience
  • Apple Endpoint Security API Telemetry:
    • Capture authentication events for Ventura and later releases
    • Event timestamp reflects creation time

1.0.55๐Ÿ”—

Released: Betaโ€”2 Mar 2023; Previewโ€”29 Mar 2023; Production Stableโ€”29 Mar 2023

Fixes & Improvements๐Ÿ”—

  • Resolved issues with agent upgrade and uninstall:
    • Two agent icons appearing in menu bar after upgrade
    • Uninstaller doesnโ€™t unload tray app

1.0.49๐Ÿ”—

Released:5 Jan 2023

Features๐Ÿ”—

  • Added support for macOS Ventura
  • Localized support for Japanese and Spanish: when system language is set to Japanese or Spanish, main and tray user-facing strings are shown in that language
  • Error and warning logging added under /Library/Logs/Secureworks/ directory in addition to the unified logger

Fixes & Improvements๐Ÿ”—

  • Compatibility with Microsoft Intune, by removing a version string incompatibility
  • When registering, the registration button appears inconsistently when incorrect registration information is entered or the agent cannot connect
  • Daemon doesn't restart when a package install is done manually
  • Host isolation CIDR range only works with a subnet of 128, and now works with 32, 64 & 96

1.0.43๐Ÿ”—

Released:18 Oct 2022

Features๐Ÿ”—

  • Host isolation:
    • IPV6 support
    • Customer-configured CIDR

Fixes & Improvements๐Ÿ”—

  • Major or minor macOS upgrades cause the appearance of abandoned agents in XDR
  • Agent reports Taegis agent version
  • Known issues:
    • If running agent 1.0.37 or before and deploying via MDM:
      • Deploying Taegis agent won't restart daemon
      • After updating to new version of OS or agent, duplicate entries may temporarily appear in XDR endpoints list and will be resolved via server-side batch processing
    • If running agent 1.0.37 or before and agent auto-upgrades (non-MDM), after updating to the new version, agents may temporarily have trouble registering, which will be resolved via server-side batch processing
    • IPV6 isolation limitations: exclusions for IPV6 do not work when a mask is present

1.0.37๐Ÿ”—

Released:2 Aug 2022

Features๐Ÿ”—

  • Improvements to Registration pane in SecureworksTaegis.app to fix user entry errors during initial registration
  • Allow CMD+V to paste Registration details during initial install
  • Terminate all existing connections upon isolation
  • Telemetry enrichment for better correlation

Fixes & Improvements๐Ÿ”—

  • Fixes to potential Memory Leak within Taegis daemon
  • Stability improvements to daemon

Linux๐Ÿ”—

2.1.4 ๐Ÿ”—

Released: Betaโ€”27 March 2025; Previewโ€”3 April 2025; Production Stableโ€”17 April 2025

Features๐Ÿ”—

  • Update to URLs used for agent telemetry

Note

Starting with the Linux Taegis Endpoint Agent 2.1.4, the following changes were made to opportunistically try to connect to new FQDNs and IP addresses.

For versions 2.1.4 and onward, when attempting to register the destination for telemetry from the agent, this will be the order of operations:

  • The agent will first attempt to connect to: wss://telemetry.<ENV>.taegiscloud.com:443/ws

  • If thereโ€™s no response, the agent will fall back to the telemetry destination used prior to 2.1.4: wss://sink.<ENV>.taegiscloud.com:8443/ws

    Where <ENV> is only one of --> c | d | e | f

Existing network connectivity for file-receiver, reg, and drivers will remain unchanged.

This logic was implemented so that no change in networking, firewalls, or IP routing would be required by tenant admins or customer IT personnel.

  • Falco library update to version 0.40.0
  • Show "Deep Packet Inspector (DPI)" running status in taegisctl status output
  • Cleaner and more concise error reporting in various taegisctl output
  • Additional monitoring path to catch Malware such as SEDEXP
  • Improved checks for using eBPF probe along with a new troubleshooting flag to force kernel driver
  • Ability to collect per thread CPU information in the performance collection script
  • Major revamp of driver loading code to prevent possible race conditions
  • New taegisctl command to temporarily set custom logging levels
  • New taegisctl diagnostic option to capture a coredump of the running agent
  • Enable sending container start events by default
  • Other customer bug fixes

2.0.6๐Ÿ”—

Released: Betaโ€”13 February 2025; Previewโ€”20 February 2025; Production Stableโ€”27 February 2025

Fixes & Improvements๐Ÿ”—

  • Fix for eBPF probe load failure on specific kernel versions causing performance issues on the host

Supported Distro Update๐Ÿ”—

  • Effective January 2025, Secureworks is no longer building new drivers for CentOS 8-stream, which is no longer being built and has moved to Maintenance Support per the following CentOS Blog post.
  • Secureworks will no longer build missing drivers, as the repo Secureworks used to create drivers is archived and is no longer being maintained.
  • The Linux agent will continue to function on 8-stream but Secureworks will discontinue building new drivers.

2.0.5๐Ÿ”—

Released: Betaโ€”21 November 2024; Previewโ€”5 December 2024; Production Stableโ€”12 December 2024

Features๐Ÿ”—

  • Added telemetry and basic detections for containers. This setting defaults to OFF and must be manually enabled per the following note

Fixes & Improvements๐Ÿ”—

  • Cloud Provider and Cloud Instance ID fields not shown in XDR
  • Updater not respecting custom install location

Note

To enable container telemetry and detections, add the following lines to the /etc/scwx_agent.json file and then restart the Taegis Endpoint Agent to have these changes take effect:

{
"observers.container.enabled": true,
"rule_engine.enabled": true
}

1.4.12๐Ÿ”—

Released: Betaโ€”10 October 2024; Previewโ€”17 October 2024; Production Stableโ€”24 October 2024

Features๐Ÿ”—

  • Added support for Rocky 9 and Alma 9 distros that support eBPF to 1.4.12 and newer agents

Fixes & Improvements๐Ÿ”—

  • Fixes high CPU utilization observed on some endpoints

1.4.11๐Ÿ”—

Released: Betaโ€”5 September 2024; Previewโ€”5 September 2024; Production Stableโ€”12 September 2024

Features๐Ÿ”—

  • ARM support for currently supported distros
  • Added additional diagnostics: Taegisctl diagnostics โ€“detail
  • Support for SUSE/SLES Linux distros in LTS with kernels older than 5.8
    • Specifically SLES 12 SP 4 and 5; SLES 15 SP 3, 4, and 5
    • Kernels 5.8 or newer will be supported via eBPF, enabled by default with agent version 1.3.x
  • Support for newer distros, including Ubuntu 24.04
  • Detect cloud providers by always reading IMDS
  • Add extra cloud identifiers to registration request

Fixes & Improvements๐Ÿ”—

  • Agent now follows the Staged Rollout model
  • Added additional host identifiers for driver lookups
  • Reduce default log file verbosity
  • Preserve proxy settings on upgrade
  • Miscellaneous fixes
  • Improved reliability when IMDS service is completely disabled on AWS
Expand to view 1.4.11 interim pre-Production Stable release versions

1.4.10๐Ÿ”—

Released: Betaโ€”22 August 2024; Previewโ€”29 August 2024

Features๐Ÿ”—

  • Detect cloud providers by always reading IMDS
  • Add extra cloud identifiers to registration request

Fixes & Improvements๐Ÿ”—

  • Miscellaneous fixes

1.4.8๐Ÿ”—

Released: Betaโ€”8 August 2024

Fixes & Improvements๐Ÿ”—

  • Miscellaneous fixes

1.4.2๐Ÿ”—

Released: Betaโ€”27 June 2024

Features๐Ÿ”—

  • ARM support for currently supported distros
  • Added additional diagnostics: Taegisctl diagnostics โ€“detail
  • Support for SUSE/SLES Linux Distros in LTS with kernels older than 5.8
    • Specifically SLES 12 SP 4 and 5; SLES 15 SP 3, 4, and 5
    • Kernels 5.8 or newer will be supported via eBPF, enabled by default with agent version 1.3.x
  • Support for newer distros, including Ubuntu 24.04

Fixes & Improvements๐Ÿ”—

  • Agent now follows the Staged Rollout model
  • Added additional host identifiers for driver lookups
  • Reduce default log file verbosity
  • Preserve proxy settings on upgrade

1.3.10๐Ÿ”—

Released:Previewโ€”26 June 2024; Production Stableโ€”26 June 2024

Fixes & Improvements๐Ÿ”—

  • Resolved excessive permissions granted to files staged in package manager cache directories

Note

Changes for 1.3.10 were made solely to the .deb package. The agent binary and .yum packages remain unchanged from 1.3.9.

1.3.9๐Ÿ”—

Released: Betaโ€”2 May 2024; Previewโ€”16 May 2024; Production Stableโ€”6 June 2024

Features๐Ÿ”—

  • Added tenant ID for driver lookups
  • Defaults to trying eBPF for kernels 5.8 or newer
  • Updated taegisctl from a .sh to a functionally equivalent static binary

Fixes & Improvements๐Ÿ”—

  • Fix to Websocket issue that could result in loss of telemetry
  • Agent occasionally hangs during shutdown
  • Save agent proxy settings when upgrading
  • Rare agent crash when network is unreliable
  • Taegisctl proxy settings donโ€™t operate as documented
  • Host isolation for SUSE 15
  • Updater not starting if drivers were unable to load
  • Volume activity telemetry not sent on unmount
  • An incorrect command line registration would invalidate the previous functioning one
  • Remove symlinks on uninstall

Note

See Taegis Endpoint Agent Known Issues for known compatibility issues with this version.

Expand to view 1.3.9 interim pre-Production Stable release versions

1.3.7๐Ÿ”—

Released: Betaโ€”11 April 2024

Features๐Ÿ”—

  • Added tenant ID for driver lookups

Fixes & Improvements๐Ÿ”—

  • Agent occasionally hangs during shutdown
  • Save agent proxy settings when upgrading
  • Rare agent crash when network is unreliable
  • Taegisctl proxy settings donโ€™t operate as documented
  • Host isolation for SUSE 15

Important

Known Issue: Agent may end up consuming all File Descriptors associated with the process when run over time. This will result in the agent silently stopping sending telemetry while still showing as connected.

1.3.3๐Ÿ”—

Released: Betaโ€”4 December 2023; Previewโ€”11 January 2024

Features๐Ÿ”—

  • Defaults to trying eBPF for kernels 5.8 or newer
  • Updated taegisctl from a .sh to a functionally equivalent static binary

Fixes & Improvements๐Ÿ”—

  • Updater not starting if drivers were unable to load
  • Volume activity telemetry not sent on unmount
  • An incorrect command line registration would invalidate the previous functioning one
  • Remove symlinks on uninstall

1.2.27๐Ÿ”—

Released: Betaโ€”22 September 2023; Previewโ€”5 October 2023; Production Stableโ€”19 October 2023

Features๐Ÿ”—

  • Added support for the following additional distros via drivers (kernel modules):
    • CentOS 8 and 9
    • Oracle Linux Enterprise 8 and 9
    • Ubuntu 22.04
    • Debian 11 and 12
    • Amazon Linux 2023

Fixes & Improvements๐Ÿ”—

  • Improved netflow telemetry aggregation
  • Improved logging along with taegisctl output in the driver-not-found case
  • Upgrade to use Falco Libraries 5.0.1
  • After reconnecting to network, throttle bandwidth used to send cached telemetry
  • Volume Mount telemetry indicative of container escapes labeled with a MITRE tag
  • Increase allowable size of update packages
  • Username, terminal, and program fields missing in Auth sudo events for RHEL 9
  • Allow --enforce_selinux on Oracle
  • Driver remains loaded after uninstall on Ubuntu 18 fixed
  • Improved Auth event telemetry for sudo operations

1.1.32๐Ÿ”—

Released: Betaโ€”30 August 2023; Previewโ€”30 August 2023; Production Stableโ€”30 August 2023

Fixes & Improvements๐Ÿ”—

  • Fixed rare issue of healthy agents unable to update

1.1.30๐Ÿ”—

Released: Betaโ€”10 August 2023; Previewโ€”10 August 2023; Production Stableโ€”17 August 2023

Fixes & Improvements๐Ÿ”—

  • Package improvement

1.1.29๐Ÿ”—

Released: Betaโ€”19 June 2023; Previewโ€”19 June 2023; Production Stableโ€”29 June 2023

Fixes & Improvements๐Ÿ”—

  • Improvements to reduce telemetry volume from customer tenants
  • --enforce-selinux now works as intended for Amazon Linux

1.1.28๐Ÿ”—

Released: Betaโ€”17 Apr 2023; Previewโ€”23 May 2023; Production Stableโ€”23 May 2023

Features๐Ÿ”—

  • Support for Host Isolation Exception CIDR rules. See Host Isolation Exceptions for more information
  • Agent looks for http_proxy and https_proxy environment variables to identify and use a proxy to communicate with the Taegis backend. Credentials are obfuscated in the agent.log file

Fixes & Improvements๐Ÿ”—

  • Removed x86 packages labeled as ARM from download
  • Agent fails to start on AmazonLinux2 with --enforce_selinux
  • Improved reliability of the agent to reconnect to the Taegis backend services
  • UnixTimestampNsec original data is zero when telemetry originates from the kernel; this telemetry isn't available normalized
  • Taegisctl symlink removed after upgrade
  • Host isolation doesn't restore iptables to prior state

1.0.54๐Ÿ”—

Released:15 Dec 2022

Fixes & Improvements๐Ÿ”—

  • Fixed a bug that could cause a crash of agent on some kernels

1.0.53๐Ÿ”—

Released:17 Nov 2022

Features๐Ÿ”—

  • We now support RHEL 7, 8, and 9

Fixes & Improvements๐Ÿ”—

  • Fixed bug related to Taegis agent updater

1.0.51๐Ÿ”—

Released:2 Aug 2022

Features๐Ÿ”—

  • We now support all the latest available kernels for Centos7, Ubuntu 18.04, 20.04, and Amazon Linux2
  • Added support diagnostic tool to make system information available for support; available on Linux Troubleshooting for download
  • Use cached DNS when isolated
  • Telemetry enrichment for better correlation

Fixes & Improvements๐Ÿ”—

  • Fixed the naming convention used for downloading Falco kernel drivers, particularly with Ubuntu
  • Improved stability for Agent and Updater services