Arctic Wolf Agent Containment Driver Release Notes

If the Arctic Wolf Agent Containment Driver was installed during early access, updates do not occur automatically. From the Arctic Wolf® Unified Portal, you can control how the Agent Containment Driver is installed on endpoints. Contact your Arctic Wolf Concierge Security® Team for self-managed deployment options, questions, or feedback.

Version 1.2.5

Release Date: March 20, 2023

Features or Enhancements

• Windows Kernel Containment Driver — Arctic Wolf can now perform host containment at the kernel level. This improves our existing host containment ability, to result in quick, reliable, host isolation. This feature includes the following changes:
  • Added a new directory for the kernel containment files:
    • Directory: C:\Program Files (x86)\Arctic Wolf Networks\Agent\modules\containment
    • Files:
      • AwnAgentService.exe
      • AwnWfpCallouts.cat
      • AwnWfpCallouts.inf
      • AwnWfpCallouts.sys
  • Added the kernel driver:
    • Service Name: AwnWfpCallouts
    • Driver path: C:\Windows\System32\drivers\AwnWfpCallouts.sys
  • Added an automatic startup service to Windows services:
    • Display name: Arctic Wolf Agent Containment
    • Service Name: AwWfpService
    • Executable Path: C:\Program Files (x86)\Arctic Wolf Networks\Agent\modules\containment\AwnAgentService.exe
  • Added support for additional 32-bit and 64-bit Windows versions:
    • Windows 10 and 11
    • Windows Server 2012 R2+ - 2022

Bug Fixes

• Fixed a driver issue that resulted in Windows Server 2012 R2 boot failures.

See also

• Arctic Wolf Agent Release Notes
• Arctic Wolf Agent Installation
• Arctic Wolf Portal
• Arctic Wolf Agent User Guide