Arctic Wolf Agent Release Notes

Agent Release Notes Direct link to this section

Your version of Arctic Wolf® Agent automatically updates when a new version of Agent is released. No action is required from you unless you need to update the allowlist of your Endpoint Detection and Response (EDR) solution. If you have additional questions or feedback, contact your Arctic Wolf Concierge Security® Team.

See Arctic Wolf Agent SHA-256 hash values for more information.

Version 2023-01 Direct link to this section

Release Date: March 20, 2023

Features or Enhancements Direct link to this section

• Content Delivery System (CDS)

  • Agent now has a content delivery system (CDS) that supports the downloading and installation of independent feature modules.
  • Added a new Agent uninstall executable for the CDS:
    • Directory: C:\Program Files (x86)\Arctic Wolf Networks\Agent\uninstall_modules.exe
    • File: uninstall_modules.exe

• Kernel Containment Module Support — From the Arctic Wolf® Unified Portal, you can now control how the Arctic Wolf Containment Driver is installed on endpoints. Contact your CST for self-managed deployment options.

  See Arctic Wolf Agent Host Containment and Arctic Wolf Agent Containment Driver Release Notes for more information.

• Virtual Desktop Infrastructure (VDI) Support — You can now deploy Agent on your non-persistent VDI for these solutions:

  • VMware Horizons

  • Citrix Workspaces

  • Windows Remote Desktop Services

    See Arctic Wolf Agent Installation Guide for more information.

Bug Fixes Direct link to this section

• Added missing logon session data to the audit logs.
• Improved the Agent logic to prevent it from uploading empty scan result files.
• Improved the date format of installed software rules so that dates display in a consistent format in the Managed Risk Dashboard.
• Resolved an issue in Agent that prevented some Windows hosts from generating a machine UUID during registration.
• Resolved an OS version collection issue in Agent where Windows 11 hosts reported as Windows 10.

Version 2022-03 Direct link to this section

Release Date: October 31, 2022

Features or Enhancements Direct link to this section

• Added Agent executable validation.

• Added support for Managed Risk on German language Windows Endpoints.

• Added support for the following operating systems:

  • CentOS Stream 9
  • Debian 11.2
  • Linux Mint 20.3
  • Oracle Linux Server 8.5

• Added manual startup Windows services for Agent:

  • Arctic Wolf Agent
  • Arctic Wolf Base Agent

• Updated the ossec.conf file with additional Linux data collection to:

  • Increase process list output frequency.

  • List all network connections, including listening ports.

  • List new files and their hash values.

  • Capture bash command history.

    date; echo "5"; ps axfo pid,ppid,pcpu,pmem,vsz,rss,tt,stat,lstart,time,command --sort +etimes | awk '$5 != 0'
    find <dir_path> -maxdepth 3 -mmin -1 -size -50M -type f -exec sha1sum {} +; 
    netstat -tuapn -W | column -t
    date; echo "60"; find /home/*/.bash_history -mmin -1 -exec grep -e "$pattern" {} +;

    The customer needs to update bash.rc to include timestamp information on the bash command history for more accurate alerting data with the following command:

    echo "
    if [ -z "$HISTTIMEFORMAT" ]
      then export HISTTIMEFORMAT="%F %T "
    fi

• Added additional Windows executables:

  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\base-agent.exe or C:\Program Files\Arctic Wolf Networks\Agent\base-agent.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\osquery\osquery.exe or C:\Program Files\Arctic Wolf Networks\Agent\plugins\osquery\osquery.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\osquery\osqueryi.exe or C:\Program Files\Arctic Wolf Networks\Agent\plugins\osquery\osqueryi.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\systeminfo\systeminfo.exe or C:\Program Files\Arctic Wolf Networks\Agent\plugins\systeminfo\systeminfo.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\usb\usb.exe or C:\Program Files\Arctic Wolf Networks\Agent\plugins\usb\usb.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\wlan\wlan.exe or C:\Program Files\Arctic Wolf Networks\Agent\plugins\wlan\wlan.exe

Bug Fixes Direct link to this section

• Changed the logic to use the correct sysmon version.
• Improved network connection verification to increase performance.
• Added functionality to check if an executable has a valid signature on the Windows client side to improve Agent security.
• Added all on-demand signature validation client checks to improve Agent security.
• Added scheduled executable validation checks during health checks to improve Agent security.
• Changed Linux uninstall command from yum remove to rpm --erase.
• Removed client-side vendor version calculations.
• Improved route containment to increase reliability.
• Improved Linux iptables containment initialization.
• Added retry logic to improve scan component downloads during scans.
• Removed the kardianos/service package.
• Added the OssecSvc kill process after install initialize to improve AutoUpdates process.
• Added functionality to drop Agent returned errors to improve containment processing requests.
• Updated outOfMemory check to differentiate between different heap space errors to increase performance.
• Added functionality to notify of failed Start or Stop containment for all Windows failures encountered to improve containment process.
• Added scan object debug_scan_flag to determine debug scans instead of health check response to increase performance.

Product Update July 2022 Direct link to this section

Release Date: July 13, 2022

Features or Enhancements Direct link to this section

• Agent has implemented the scan operations capabilities with Managed Risk solution. It allows you to start, rescan, and stop with Agent.

Product Update June 2022 Direct link to this section

Release Date: June 15, 2022

Features or Enhancements Direct link to this section

• Agent is supporting Windows Server 2022. It allows for the Agent to support host isolation containment, event collection, audit data collection, and vulnerability scans for Windows Server 2022.

Version 2022-01 Direct link to this section

Release Date: March 28, 2022

Features or Enhancements Direct link to this section

• Granular Timers — Increase timers for scanning controls to allow for starting and stopping of Agent scans to 1 minute granularity.
• Working Directory Change — Changed the temporary working directory for scanning to the Arctic Wolf Networks directories away from Windows temporary directory.

  Note: If you required \Windows\Temp to be in the allowlist to enable Agent to function properly, you will need to add C:\Program Files\Arctic Wolf Networks\Agent to the AllowList on your EDR or AV console before March 28, 2022. We also suggest taking \Windows\Temp out of the AllowList if it was used there.

Bug Fixes Direct link to this section

• Released a patch for Windows 10 IOT and Windows 8.1 that resolves the issue that prevented scanning from reporting back to our cloud.

Product Update January 2022 Direct link to this section

Release Date: January 12, 2022

Features or Enhancements Direct link to this section

• Arctic Wolf now offers support for Linux-based Detection and Response through Agent. Agent supports the following Linux Distributions:

  • Ubuntu — Version 16.04, 18.04, and 20.04

  • Red Hat — Version 7 or 8

  • CentOS — Version 7 or 8

    Note: Vulnerability scanning is not supported on CentOS.

  • Amazon Linux — Version 2

See also Direct link to this section

• Installing Arctic Wolf Agent
• Arctic Wolf Agent Processes
• Arctic Wolf Agent Diagnostic Vulnerability Reports
• Arctic Wolf Agent FAQ
• Arctic Wolf Unified Portal