What's new in the Aurora Protect Agent for Windows
What's new in Windows agent version 3.4.1000
|
Feature |
Description |
|---|---|
|
New product name |
CylancePROTECT Desktop is now known as the Aurora Protect Agent. |
|
Improved upgrade reliability and experience |
The Aurora Protect Agent 3.4 for Windows includes enhancements that ensure a seamless upgrade experience from supported previous versions, by improving the rollback mechanisms and other compatibility enhancements with Microsoft AM-PPL. |
|
Interoperability with the Arctic Wolf Agent |
The Aurora Protect Agent supports seamless interoperability with the Arctic Wolf Agent. |
|
Windows Security Center integration |
In the device policy, administrators can now control whether to allow Windows Defender to run as the primary antivirus while the Aurora Protect Desktop Agent is secondary. |
|
Windows OS support |
Added support for these versions of Windows:
Removed support for these versions of Windows:
For more information, see the Aurora Protect OS compatibility matrix. |
|
Agent update restrictions |
Administrators must follow the supported upgrade path to upgrade the Aurora Protect Agent to version 3.4 when using the updater in the console. Aurora Protect Agent 3.4 cannot be downgraded to an earlier version. After each installation or upgrade, reboot the device. |
What's new in Windows agent version 3.3.1001
Bug fixes only. See fixed issues.
What's new in Windows agent version 3.3.1000
|
Feature |
Description |
|---|---|
|
Updated model for local (offline) scoring |
The Aurora Protect Desktop agent now uses an updated local (offline) scoring model for improved threat detection. Local scoring is automatically used when the agent cannot connect to the Endpoint Defense Cloud services and helps ensure devices are protected even when they are offline. |
|
Script control for large scripts |
In the script control device policy settings, administrators can now separately control how the larger scripts (for example, PowerShell scripts larger than 5 MB) are reported to the Endpoint Defense console when a threat is detected. The separate setting allows administrators to focus on tuning the detection of smaller scripts, which are more likely to be malicious than IT scripts (which are typically larger in size), and enables the agent to achieve optimal blocking posture faster. |
|
Windows OS support |
Due to legacy and technical limitations, the Aurora Protect Desktop agent version 3.3 no longer supports devices running Windows 8.1. Windows 8.1 is supported by Aurora Protect Desktop version 3.2.x. |
What's new in Windows agent version 3.2.1002
Bug fixes only. See fixed issues.
What's new in Windows agent version 3.2.1001
Bug fixes only. See fixed issues.
What's new in Windows agent version 3.2.1000
|
Feature |
Description |
|---|---|
|
Software inventory |
The Aurora Protect Desktop agent now reports a list of applications that are installed on devices to the management console. This feature allows administrators to identify applications that may be a source of vulnerabilities, prioritize actions against vulnerabilities, and address them accordingly. Administrators can view all applications installed on devices that are registered with the tenant and view a list of applications that are installed on individual devices. This feature can be enabled for the agent from the device policy in the Agent Settings menu. See Agent settings. |
|
Background threat detection on-demand scan |
Administrators can now initiate a background threat detection scan on demand from the management console. The command can be sent from the Device Details screen for an individual device, or for multiple devices at once from the Devices screen. The date of the last scan for each device is logged in the management console. See Manage Aurora Protect Desktop and Aurora Focus devices. Note that if background threat detection scans are running on several VM devices that are from the same VM host at the same time, device performance will be impacted due to resource sharing. |
|
Enhanced script control using script scoring |
The Aurora Protect Desktop agent now supports enhanced script control using script scoring. Scripts that have an unsafe or abnormal threat score can be intelligently blocked from executing and alerted to the management console. Administrators can configure the script control settings in the device policy to block scripts that CylancePROTECT considers to be unsafe or abnormal. See Script control. |
|
Alert mode for PowerShell Console scripts (Script control) |
The Aurora Protect Desktop agent now supports Alert mode for PowerShell Console scripts, so that detected events are reported to the management console while still allowing them to run. Administrators can control the setting from the Script Control tab in the device policy using the PowerShell Console drop-down menu. See Script control. |
|
Windows OS support |
Due to legacy and technical limitations, the Aurora Protect Desktop agent version 3.2 does not support the following Windows OSs:
These versions of Windows are supported by Aurora Protect Desktop version 3.1.x. |
What's new in Windows agent version 3.1.1003
Bug fix only. See fixed issues.
What's new in Windows agent version 3.1.1001
|
Feature |
Description |
|---|---|
|
Script control improvements |
The Aurora Protect Desktop agent now reports parent and interpreter processes to the Cylance console when a potentially malicious script is executed. Administrators can add exclusions for either a parent process or interpreter process of a script to allow the script to run on a device. |
|
DLL exclusions for memory protection |
The Aurora Protect Desktop agent for Windows now supports the ability to add exclusions for third-party application DLLs. For example, if you are running third-party security products in addition to Aurora Protect, you can add an exclusion for the appropriate .dll files so that Aurora Protect ignores specific violations for those products. This feature supports the Malicious Payload and System DLL Overwrite violation types only.
The following rules apply when you specify a DLL exclusion:
|
|
Improvements to memory protection sensor for malicious payloads |
The memory protection sensor for the malicious payload violation type has been improved to help improve accuracy of violation reporting and reduce unnecessary alerts. |
What's new in Windows agent version 3.1.1000
|
Feature |
Description |
|---|---|
|
Execution protection for XLM/XL4 Excel Macros (Preview) |
The Aurora Protect Desktop agent now works with Microsoft's anti-malware scan interface (AMSI) so that when a potentially dangerous XLM macro is executed, threat information is reported to the management console, and the agent responds to the interface according to the device policy rules for script control events. For example, the agent responds whether to allow the macro to run or block it from running. This feature is enabled from the Script Control > XLM Macros settings in the device policy.
This feature requires the following:
Note: This feature is currently available in Preview mode where it might behave unexpectedly.
|
|
Support for Antimalware Protected Process Light (AM-PPL) |
The Aurora Protect Desktop agent now runs as a trusted service using Antimalware Protected Process Light (AM-PPL) technology from Microsoft, which protects the agent's security processes from malicious actions. For example, it helps protect the agent from being terminated. This feature requires the endpoint to be running Windows 10 1709 or later or Windows Server 2019 or later. |
|
Custom interval for background threat detection scanning |
Administrators can now set a custom interval to run background threat detection scanning from the device policy. The scan interval can be set between 1 and 90 days. The default scan interval is 10 days. Note that increasing the frequency of the scans might impact the device performance. The scan may also be manually started from the command line. |
|
Manually start background threat detection scanning |
On Windows devices, you can now manually start background threat detection scanning from the command line using the backgroundscan command option. For example, you can run the following command:
CODE
|
|
Windows OS support |
|
What's new in Windows agent version 3.0.1005
|
Feature |
Description |
|---|---|
|
LSASS Read violations reporting |
LSASS Read violations that are blocked are now reported to the management console. |
What's new in Windows agent version 3.0.1000
|
Feature |
Description |
|---|---|
|
Support for Windows 11 |
The Aurora Protect Desktop agent for Windows now supports Windows 11 devices. |
|
LSASS Read violations detection |
Detection of LSASS Read violations has been improved in the Windows agent 3.0.1000. |
|
Exclusions for macro files |
For Windows devices running agent 3.0.1000, administrators can now add exclusions in the Memory Protection device policy for macro files that cause Script Control events. |
|
Read-only access to USB devices |
For Windows devices running agent 3.0.1000, administrators can now allow read-only access to external USB devices on Windows devices. |
|
Detection disabled for embedded VBScripts |
Detection of embedded VBScript script control violations is disabled in Windows agent 3.0.1000. |
What's new in Windows agent version 2.1.1568
Bug fixes only