Xcitium Client Security Release Update 04/07/2023
ITarian is please to announce the release of Xcitium’s new security applications which are available via the ITarian portal from inside Endpoint Manager.
Below is complete list of version numbers and changes that these releases will bring.
Xcitium Client Security – Windows
v12.15
IMPROVEMENTS
- Implemented the ability to decline Xcitium Client Security Updates if there is a pending OS update reboot on the endpoint.
- Added HIPS protection for LSASS processes.
- Enhanced enumeration detection and response by implementing the ability to block applications and running processes in response to potentially dangerous or anomalous command-line operations.
BUG-FIXES
- Fixed the issue with blocked USB storage devices not getting re-blocked as expected when re-enabled via the device manager.
- Fixed the issue with blocked removable drives with external device control being allowed re-enablement from the device manager in the portal.
- Fixed a process tree issue showing the wrong tree due to missing embedded code.
- Fixed the issue of high CPU usage during a DLP scan running on Windows server 2012 R2 with Xcitium Client Security 12.10.0.8697 installed.
- Fixed the issue of some processes having incorrect parent applications on the Xcitium Client Security process tree due to Windows assigning the same PID to a new process as in another previously launched, already closed process.
- Fixed the issue of consecutive scans increasing the cmdagent memory usage.
- Fixed a system crash issue after an Xcitium Client Security 12.14 installment.
Xcitium Client Security – macOS
v2.4.4.974
NEW FEATURES
- First phase of ZeroDwell Containment for macOS, as a BETA feature. With this feature:
- Applications that have invalid signatures are blocked.
- Applications that have malicious file ratings are blocked.
- All AppStore 3rd-party applications that are signed by Apple/AppStore will be run without any restriction.
- Applications that have trusted file ratings are run without any restrictions.
- Applications that have unrecognized file ratings are run virtually.
EDR
v2.7
BUG-FIXES
- Fixed the issue of incorrect msi name in EDR installed/uninstalled messages.
- Fixed the issue with EDR not uninstalling properly and continuing to collect events following an attempt to uninstall both the Xcitium Client Security and EDR from the portal at the same time.
- Fixed an issue with Lsalso.exe causing a high CPU-usage performance issue when an EDR agent is installed.
- Fixed the issue with msiexec.exe heuristic command-line analysis not working as expected in Xcitium Client Security 12.14.0.9145.
Threat Hunter Assessment Tool (THAT)
v6.0.0.0
NEW FEATURES
- Rebranded the “Unknown File Hunter Tool” to Threat Hunter Assessment Tool (THAT)” with the Xcitium interface.
IMPROVEMENTS
- Added informative explanations and improved the product interface design for each process step, and for all scan results, to provide user-friendly usage and readability enhancements.
- Improved steps for logging into the application and for continuing as a guest user.
- Converted the tool to be a plug-and-play application.
BUG-FIXES
- Fixed an issue of showing unnecessary error messages specific to ongoing operations.
- Fixed an issue with excessive duration when processing an application-closing command.