Aurora Focus fixed issues
Fixed issues in Aurora Focus 3.4
|
If an upgrade for the Aurora Focus Agent for Windows was interrupted or the extractor process is killed, subsequent attempts to upgrade the agent was not successful because the cypkg_temp folder was already created, and the installer could not complete the extraction operation. (EDR-21244) |
|
On devices running Windows 11 22H2 or later, when you tried to uninstall the Aurora Focus Agent, it prompted the user for an uninstallation password even though one isn't required. (EDR-19804) |
|
On devices running Windows 11 22H2 and Intel TDT was enabled, a bug check error occurred during the upgrade. (EDR-21136) |
Fixed issues in Aurora Focus 3.3
|
If you configured Aurora Focus for Windows to use a proxy server, after restarting an Aurora Focus device, the agent could not connect to Endpoint Defense cloud services as expected. As a result, certain features (including detections and Instaquery) could not obtain data for the device. (EDR-21101) This issue is resolved in agent version 3.3.3120 and later. |
|
On Windows 10 and Windows 2019 devices, the process handle count for the Aurora Focus agent version 3.3.x was sometimes higher than expected. (EDR-21073) This issue is resolved in agent version 3.3.3120 and later. |
|
The Aurora Focus agent for Windows version 3.3.x could sometimes use more system memory than expected. (EDR-20928) This issue is resolved in agent version 3.3.3120 and later. |
|
If the Aurora Focus agent for Windows was used on a domain controller device with a very high number of user accounts, the agent used more memory than expected. (EDR-20813) This issue is resolved in agent version 3.3.3120 and later. |
|
Errors could occur when the Aurora Focus agent for macOS communicated with the Aurora Protect Desktop Desktop agent on the XPC channel. This issue could occur on macOS 12 (Monterey) and later. (EDR-20258) |
|
If the API Sensor was enabled in the device policy that was assigned to Aurora Focus 3.2.x devices with Windows Server 2016 and Aurora Protect Desktop agent 3.0.1003 or later, some applications such as Chrome and PowerShell might have stopped working. (EDR-10871) |
|
If you ran an advanced query and tried to generate focus data from the results, the focus description that was used to generate the data did not include the correct artifact information. (EDR-9414) |
|
If a remote session was active when the Aurora Focus agent was installed on a macOS Big Sur (11.x) device, the session disconnected when the installation was complete. (EDR-7180) |
|
When you viewed the results of an InstaQuery, the count for devices queried and devices responded might not have been accurate. This issue occurred intermittently. (EDR-6523) |
Fixed issues in Aurora Focus 3.2
|
If you requested and viewed focus data from the device details page (Assets > Devices) before the event data was loaded to the management console, the resulting focus data did not include any results. (EDRRQ-240) |
|
On Windows 7 devices, if you upgraded to Aurora Focus agent 3.1 or later, after you restarted the device the agent did not start as expected. If the user right-clicked the Aurora Protect icon and clicked System Check, the status of the CyOptics driver was "Not Found". (EDR-14132) |
|
If you created a custom partial lockdown configuration that contained an allowed port value and you assigned it to an Aurora Focus device, the allowed port for partial lockdown was not removed when you assigned a different custom configuration. As a result, any ports that you allowed with any partial lockdown configuration remained allowed on the device, regardless of the new configurations that you assigned. (EDR-13243) |
|
In the management console, if you retry a focus data request, the timestamp information is missing. (EDR-10987) |
|
When you scoped an advanced query to specific devices (Search devices > By Device), the Device drop-down listed a maximum of 200 devices. (EDR-10446) |
|
If you deployed a package to Aurora Focus devices, when you highlighted a device in the device selection list, you could not see the icon that indicated that the device was online. The color of the icon matched the color of the highlight. (EDR-10224) |
|
When you deployed a package to Aurora Focus devices, the status column might have indicated that the job was completed even though the progress bar was not yet full. (EDR-8754) |
|
If you uninstalled the Aurora Focus agent using an MDM profile, the network filter CyOpticsESFLoader remained in the system networking on the device. (EDR-7656) |
|
When you viewed focus data and you clicked the path for a file event to create a pivot query, the Search Term field was not pre-populated. (EDR-6785) |
|
On macOS devices, when Aurora Focus performed an action on an empty file (for example, a 0 KB .prn file), the event was not included in the datagram file. This is fixed for macOS devices with Big Sur (11.x) or later. (EDR-5545) |
Fixed issues in Aurora Focus 3.1
|
If you checked the device details in Optics > Devices after you partially locked or remotely unlocked a device, the device status may not have updated as expected. (EDR-9646) |
|
In some advanced query results, the option to globally quarantine a file was not available. (EDR-9534) |
|
If you cloned an existing package deployment job with a status of created, expired, in progress, or stopped, the device information was not prepopulated in the new package deploy. (EDR-7927) |
|
When you created a package deploy, if you added a device to the request then removed it and tried to add it again, the device did not display on the available devices list. (EDR-7847) |
|
Locking down a macOS device did not close the VNC client on that device. (EDR-6971) |
|
If you ran an InstaQuery for a PowerShellTrace artifact and a Payload or Script Blocked Text facet, the search term was case-sensitive. (EDR-6868) |
|
When you created a pivot query from the focus data timeline view, if the artifact was registry key, the artifact and facet fields were not pre-populated. (EDR-6856) |
|
When you viewed focus data in the table view for a registry key artifact, the name and path were not correct. If you created a pivot query, you did not get any results. (EDR-6855) |
|
In a focus view, the link to clone a pivot query did not work. (EDR-6786) |
|
On macOS Mojave and Catalina, downgrading the Aurora Focus agent might have resulted in the lockdown feature not working as expected. (EDR-5735) |