Release Notes: Agents Hotfix Update - June 11, 2026

Announcing an upcoming agent-related hotfix update.

This release will be deployed over 4 hours. No downtime is expected , but please reach out if you experience any issues following the update.

Release Schedule

Agent Updates (US & EU Regions)

  • June 11, 2026 – 03:00 AM EST / 07:00 AM GMT / 12:30 PM IST

XCS Agent

What’s in This Release

Microsoft Office and other trusted applications no longer blocked by EDR

What you can see: EDR block events for trusted installers such as
Microsoft Office Click-to-Run (OfficeC2RClient.exe) and Microsoft Edge
Updater are resolved in XCSW 13.8.2
What you can do: Remove any manual EDR or EDR exclusions added as a workaround for Office Click-to-Run or SharePoint Client. Office installations, updates, and repairs should now be completed normally.
Why it matters: EDR was incorrectly blocking trusted installer processes, causing Office applications to launch in Safe Mode, updates to fail, and Excel/Word functionality to degrade affected endpoints.

Microsoft Office applications no longer crash due to Shellcode Injection detection

What you can see: Excel, Word, and other Office 365 applications that were crashing or becoming unstable on endpoints running XCSW
13.8.1 will now run normally after updating to XCSW 13.8.2.
What you can do: Remove any “Detect Shellcode Injections” exclusions (e.g., “All Applications”) added as a workaround to stabilize Office applications.
Why it matters: A bug in XCS caused legitimate Office processes to be incorrectly flagged as shellcode injection attempts, resulting in
application crashes. This is now resolved.

Security fix: CVE-2026-49494 (XCS firewall driver vulnerability) resolved

What you can see: XCSW 13.8.2 includes a security fix for a vulnerability in the XCS firewall driver.
What you can do: Update all endpoints to XCSW 13.8.2 to ensure this fix is applied.
Why it matters: A vulnerability in the firewall driver related to network packet header processing has been identified and fully remediated in this release.

APPENDIX

NEW AGENT VERSIONS

  • Client Security (XCS Windows): 13.8.2

If you have any questions or feedback, don’t hesitate to reach out. We appreciate your continued support and look forward to delivering more improvements!

Best regards,
ITarian Product Management Team

Hi,
after the latest updates, the Android Itarian MCR app no longer shows any endpoints.
Also, the new “Endpoint Intelligence” menu item in the console leads to a 404 page. What is its purpose?

ps: why don’t you reactivate the Feedback button to allow to leave again our requests/suggestions?

The endpoint intelligence will enable users to query and monitor your endpoints in real time.
What the platform has : A new Endpoint Intelligence section in Endpoint Manager with four tabs — Dashboard, Device Queries, Query Library, and Monitors — available for Windows, macOS, and Linux endpoints.

Are both your issue resolved?

XCS 13.8.2 has been restored to the portal and is now accessible.
The version number remains 13.8.2.10019 because the underlying build itself was not changed

Known Issue Resolved: Windows Defender False Positive with XCS 13.8.2

Issue: XCS 13.8.2.10019 was temporarily removed from the portal after some customers reported issues with this version, including endpoints losing network connection upon installation.

Root Cause: This was a Microsoft Defender false positive, not a build defect. Defender flagged our signed cmdagent.exe as HackTool:Win64/Mimikatz.A (Threat ID 2147723337, Concrete, Quarantine) on Security Intelligence version 1.453.286.0. The binary was validly signed via the Microsoft ID Verified Code Signing chain and showed as clean on VirusTotal.

The issue was install-time only: it occurred when XCS was installed on a machine where Defender was still running the old definition — Defender quarantined cmdagent.exe before self-protection activated, breaking COM registration (0x80040154) and the service. Already-installed, running systems were not affected, as self-protection was active and antivirus operated normally on them.

Resolution: A false positive submission was filed with Microsoft (Submission ID: aed0bc3a-e9ac-4876-8453-8ab62525d1cc). The detection was resolved on newer Defender definitions (Security Intelligence 1.453.354.0 and later), and the submission showed “No malware detected” on both Cloud and Client (1.453.356.0).