We’re excited to announce an upcoming update for ITarian Platform, along with important updates to related agents! 
This release will be deployed over two days, with each rollout lasting approximately 4 hours . No downtime is expected , but please reach out if you experience any issues following the update.
Release Schedule
Platform Updates
- US Region Portals: March 25, 2026 – 03:00 AM (EST)
- EU & IN Region Portals: March 26, 2026 – 08:00 AM (GMT) / 01:30 PM (IST)
Agent Updates (All Regions)
- March 26, 2026 – 01:00 AM (EST) / 06:00 AM (GMT) / 11:30 AM (IST)
ITarian Platform and Agent March Release (March 25 & 26, 2026)
What’s in This Release
WHAT’S NEW
→ Introducing Profile Health Check — Know Your Security Posture. Fix It in One Click.
Profile Health Check is now available on all Windows profiles in Profile Management. It automatically compares every setting in your profile against recommended secure baseline — “Windows - Secure Profile v.8.1” — and surfaces every deviation as a Critical issue, with a specific recommendation telling you exactly what needs to change and why.
What you can see: The dashboard shows the health status of 11 security components — Antivirus, Firewall, HIPS, File Rating, Containment, Baselining, Miscellaneous, Script Analysis, VirusScope, Verdict Cloud, and XCS Updates — each with a clear red or green indicator. Expand any component to see exactly which settings have failed and what the issue is.
What you can do: Every failed setting has a Fix Issue button. Click it to see a confirmation screen showing the current value and the recommended value before anything is applied. Fix one setting, an entire component, or every issue across the profile in a single action. Every fix is pushed to endpoints immediately and recorded in your audit log.
Why it matters: A misconfigured profile is a silent risk. Profile Health Check finds gaps proactively — before they become incidents — and gives administrators the tools to maintain consistent security posture across every endpoint with minimal effort.
Available on all Windows profiles in Profile Management.
→Introducing Custom Reports — Build the Reports You Actually Need.
Custom Reports is now available under Reports. It gives you a flexible workspace to explore your data, build queries from scratch, and generate reports tailored to your environment.
What you can do: Create reports from available data source and save them to your personal collection for quick access later. Reuse saved queries at any time, refine them as your needs change, and keep your most important views always within reach.
Why it matters: Every environment is different. Custom Reports lets you go beyond standard views — surface the metrics that matter to your team, build queries around your specific workflows, and keep the insights you need always within reach.
Available to licensed users in Reports → Custom.
→New: One-Hour Security Delay for Newly Enrolled Devices
Starting with this release, all newly enrolled endpoints will wait one hour before any assigned procedures execute automatically. This provides a detection window for security teams to identify and respond to suspicious enrollments before any procedures run on the device.
What this means for you: When a new device is enrolled and a profile with automatic procedure execution is assigned, the device will show a status of “Enrollment Complete — Procedures Pending” for one hour. Procedures will execute after the one-hour delay has passed.
You will also notice updated text on the procedure configuration checkbox:
“Run this procedure immediately when the profile is assigned to a new device (1-hour delay applied for newly enrolled endpoints)”
A tooltip is also available on the checkbox explaining the behavior in detail.
This only affects newly enrolled devices. Devices that were already enrolled before this release are completely unaffected — procedures continue to execute immediately for those devices exactly as before.
Important behaviors to be aware of:
- If a device is unenrolled and then re-enrolled, it is treated as a new enrollment and the 1-hour delay applies again.
- If a device goes offline during the delay period and comes back online before the hour expires, the remaining delay continues from where it left off.
- If a device goes offline during the delay period and comes back online after the hour has expired, procedures execute immediately upon reconnection.
- If a profile is reassigned to a newly enrolled device during the delay window, the delay timer resets, and a new 1-hour countdown begins.
→Your protection settings are unchanged — we’ve updated our terminology.
If you notice that some labels in your platform look different after this release, here is what has changed and why.
What you used to see → What you will see now:
HIPS is now labelled EDR (Endpoint Detection and Response)
EDR is now labelled EXDR (Extended Detection and Response)
These are label changes only. Your protection settings, profile configurations, and security policies are completely unchanged. Nothing has been disabled, removed, or modified.
The new terminology better reflects what each component actually does and aligns with how the security industry uses these terms today. EDR now correctly describes endpoint-level protection, and EXDR describes the extended, cloud-based detection capabilities.
What you will also notice: A new EDR badge now appears in the Active Components column of your Device Management device list, showing the real-time EDR protection status for each device. Both EDR and EXDR badges can be active on the same device at the same time.
No action is required. All existing configurations, profiles, and devices continue to work exactly as before.
→Profile Management - Network Shares Ransomware Protection Now Enabled by Default
Our patented Network Shares Ransomware Protection is now enabled by default across all predefined profiles. This innovation is designed to eliminate ransomware infections on network shares before encryption begins — intercepting and validating file write operations to shared folders in real time, and blocking malicious activity before files can be modified or damaged, even if the device attempting the encryption does not have XCS installed. This setting can be found under Antivirus > Realtime Scan in Profile Management and requires CC 10.2+ and XCS 13.6+.
→ File Rating Now Available for macOS Endpoints.
File Rating Now Supported for macOS Endpoints in Endpoint Manager Administrators can now view and manage file ratings for macOS endpoints in Endpoint Manager — bringing macOS to full parity with Windows. The File Rating table and Containment Logs now include an OS column for easy filtering, and all key actions including Change Rating, Export, and Hide/Unhide Files are fully supported for macOS.
→File Path Exclusions for DLL Auto-block Protection
Administrators can now configure file path exclusions for the “Auto-block unknown DLL files from being loaded by processes” option under Profile Management. Exclusions can be defined by file path, folder, or file group, with support for wildcards and environment variables. Legitimate software such as installers and update tools can now be excluded from blocking without disabling the protection for everything else.
→Role-Based Billing Permissions
Billing access is now role-based and configured centrally in the platform. Administrators can now control precisely which users can view invoices, make payments, manage subscriptions, and manage payment methods. A company-level billing option allows designated users to manage billing across the entire organization.
→Shared Maintenance Windows Across RMM Profiles
Maintenance windows can now be created once and linked to multiple RMM profiles. Any change to a shared maintenance window is automatically applied to every profile using it, removing the need to configure the same schedule across profiles individually.
→Android 15 Device Management
Android 15 devices can now be enrolled and fully managed through Endpoint Manager via Knox. Android 15 is listed under supported platforms.
→Richer Device Information for Linux Endpoints
The system and hardware information available for Linux endpoints in RMM has been significantly expanded, bringing Linux device visibility much closer to the level of detail available for Windows devices.
→ Sign in to Service Deskv2 with Microsoft — Azure AD SSO Now Available for End Users
End users can now sign in to the Service Desk v2 portal using their Microsoft organizational credentials via Azure AD SSO. A Sign in with Microsoft button is now available on the Service Desk v2 login page alongside the existing email and password login — both methods remain available simultaneously.
The SSO login uses the Azure AD integration already configured at the Xcitium Platform level — no additional configuration is required in Service Desk v2. The button only appears when an active Azure AD integration exists for the tenant. End users must already have an active Service Desk v2 account with a matching email to complete SSO login.
IMPROVEMENTS
XCS Agent — Stability & Performance
→XCS Agent Now Runs Stably on Windows Server 2025
XCS 13.8 delivers full agent stability on Windows Server 2025. Endpoint protection runs reliably with no interruptions to service or security status.
→AV Definitions Update Reliably on Windows Server 2025
AV definition updates now complete successfully on Windows Server 2025 environments, including servers with multiple network adapters, ensuring endpoints stay continuously protected with the latest threat intelligence.
→XCS Agent Fully Stable on Windows Server 2022 x64
XCS delivers reliable agent performance on Windows Server 2022 Standard x64 and Hyper-V virtual machine environments, with consistent operation and no impact on system resources.
→XCS Agent Now Supported on Windows 11 25H2
XCS runs correctly on Windows 11 25H2, with the agent starting and operating as expected.
→Improved XCS Agent Memory Efficiency
The XCS agent now operates with significantly lower memory consumption on Windows devices, ensuring endpoint protection runs efficiently without impacting device performance.
→Improved Compatibility Between XCS and EDR Components
XCS and EDR now work together seamlessly on the same device. Both components are correctly recognized and fully operational. For the best experience, we recommend keeping both XCS and EDR updated to the latest versions.
XCS Agent — Protection
→Script Analysis Now Covers Microsoft Store Python
Script Analysis now consistently monitors and contains scripts executed via Python installed from the Microsoft Store. All Python execution methods are covered.
→Autorun Detection Now Works with Environment Variable Paths
Autorun entries that use Windows environment variables in their file path are now correctly detected and acted upon, ensuring no autorun entry goes unmonitored regardless of how its path is defined.
→Autoruns Monitor Now Acts Only on Present Files
The Autoruns Monitor now correctly evaluates whether a scheduled task’s target file is present on the device before taking action, ensuring accurate detection and eliminating unnecessary alert volume.
→SMB Network Share Applications Now Launch Without Interruption
Applications launched from SMB network shared drives now open and run as expected on Windows 10 and Windows 11 with HIPS protection enabled.
→EDR Deploys Successfully Regardless of DLL Protection Setting
EDR agent installation now completes successfully on devices where the “Auto-block unknown DLL files from being loaded by processes” setting is enabled in the security profile.
XCS Agent — Removal & Uninstallation
→XCS Removal Tool Completes Cleanly
The XCS Removal Tool now completes uninstallation cleanly with a maximum of two reboots on Windows 10 and Windows 11.
→Removal Password Now Applied Correctly with Self-Protection Enabled
The removal password configured in the portal profile is now correctly applied to endpoints even when XCS Self-Protection is active.
Platform — Profile Management
→Automatic Platform Lock for XCS 13.8 and Above
When XCS 13.8 or higher is selected during package creation or device enrollment, the platform is automatically set to Windows x64 and cannot be changed manually. This ensures only compatible installation packages are generated. The interface explains the restriction directly.
RMM
→Communication Agent Runs Correctly on Windows Server Core
The communication agent now runs correctly on Windows Server 2025 Standard Core environments. The agent automatically detects the Server Core environment and operates without errors.
BUG FIXES
→Containment Logs — Hide Action Now Works Correctly
Administrators can now successfully hide events in Containment Logs. The hide action completes as expected across both EU and US instances.
→Device Status Remains Accurate After Owner Reassignment
Device status in Endpoint Manager now remains accurate when a device owner is changed. Security service activation correctly reflects the intended device state.
→Windows Antivirus Report Generates Successfully
The Windows Antivirus Report now generates and downloads within the expected timeframe. Reports complete reliably without getting stuck.
→ServiceDesk V2 Template Page Loads Correctly
The ServiceDesk V2 template page is now accessible and loads correctly for all staff.
→File Rating and Detected Scripts Pages Now Loading Correctly.
An issue affecting certain accounts where the File Rating and Detected Scripts pages returned errors or empty results has been resolved. Both pages now load correctly.
→ XCS Windows Agent — Microsoft Office Compatibility
Fixed an issue where opening Excel or Word files triggered an edrpm64.dll error on Windows. The error no longer appears when opening Microsoft Office files.
APPENDIX
NEW PORTAL VERSIONS
- ITarian Platform: 10.4
NEW AGENT VERSIONS
- Client Security (XCS Windows: 13.8.0
- Communication Client for Windows (CC Windows): 11.0
- Communication Client for Linux (CC Linux)- 11.0
- Remote Control for Windows - 11.0
- EDR-Windows:2.12.1
If you have any questions or feedback, don’t hesitate to reach out. We appreciate your continued support and look forward to delivering more improvements!
Best regards,
ITarian Product Management Team