Build notes: ZeroLock® Endpoint Agent 2.x

Build notes describe the changes that are included in each build that is created for Vali Cyber’s ZeroLock Agents.

Before you install one of these builds, familiarize yourself with the new features, resolved issues, and other changes.


Summary of Changes 

The changes that are included in the ZeroLock Endpoint Agent builds are listed below: 

 

  Build 2.2.3 – February 03, 2024
Item Number Description

LIBI-29 

Enhanced the ZeroLock Agent monitoring process to ignore when a recursive child process “active” check is being executed. 

PM-165 

Resolved a Baldur crash due to applications race condition.

  Build 2.2.2 – February 01, 2024
Item Number Description

PM-146 

Added support for ESXi Hypervisor OS 6.7, 7.x, and 8.x. 

TYR-55   

 Resolved instance when installing ZeroLock on ESXi 7.0 host a Tyr zombie process was created. 

PTRACE-32 

Addressed customer issue where a program was crashing due to overlapping memory with injected code. 

 

PM-160 

Resolved issue of a file tampering alert not being generated on ESXi 6.7.  There were no similar issues with ESXi 7.x.  

  Build 2.2.1 – January 31, 2024
Item Number Description

AGENT-289 

Developed and incorporated ESXi specific Network Access Rules. 

TYR-54 

Secure boot support added for ESXi. 

AGENT-288 

SSH-MFA enable for ESXi agent. 

AGENT-290 

Added an ESXi specific Program Filter. If checked, the agent will scan the filesystem and only allow the executables that were present on the system during the scan to run. Any new programs added to the system will be blocked automatically 

AGENT-297 

Add new config option for ESXi command scan regex. 

 

AGENT-299 

Baldur enhanced to automatically exit if Tyr dies. 

AGENT-304 

Resolved issue of the terminal window session hanging after a tampering alert on an ESXi host is released. 

 

AGENT-308 

Addressed issue in which selecting Remediate was not restoring all the files on an ESXi environment. 

 

AGENT-315 

Resolved instance of an ESXi endpoint after de-activating/activating protection, tampering alerts (process kill/file creation/modification) were not getting generated from the currently opened ssh sessions. 

  Build 2.1.10 – November 28, 2023
Item Number Description
PM-158

Resolved Baldur crash condition where ZeroLock Agent v2.1.9 was not allowing SSH session when installed on Manjiro. 


  Build 2.1.9 – November 28, 2023
Item Number Description
PM-156

In response to customer issue, reduced Agent CPU utilization resulting from ps commands.

PM-157

Improved the memory utilization of the ZeroLock Agent by cleaning up the exited processes after 15 minutes.  Exited processes are processes that the Zerolock agent was injected into and monitoring but are no longer running.


  Build 2.1.8 – November 28, 2023
Item Number Description
Zero-1301

Resolved issues relating to ZeroLock Agent installation on SuSE v15.5. 

PM-153

Resolved Baldur logging errors on Centos 7.9 and RHEL 7.9. 


  Build 2.1.7 – November 28, 2023
Item Number Description
PM-149

Resolved issue with Atop command line tool causing high CPU utilization in Baldur. Resolution enables reduction of CPU utilization to 3% or less. 

NAT-25

Added custom Go compiler to both the cpp-build and jenkins-agent containers to enable ESXi functionality.

PM-150

Baldur logs were edited for cleaner and clearer results. 

PM-151

Enhanced Precision ‘slim’ mode with additional options so operation is finer grained. 


  Build 2.1.6 – November 27, 2023
Item Number Description
Zero-1300

This change adds the ability to install ZeroLock agent without dependencies when SELinux is disabled on the system. 

The new option works with the Download installers: Self-Extracting and TAR.   

::: Vali Cyber ZeroLock Endpoint Software Installer (2.1.6) ::: 

    Usage: ./installer [-h] [-n] [-v] [-x] [-p] [-a] 

Options: 

-h  Print this help message and exit. 

-n  Perform a dry run, where no installation or changes are made. Useful for testing and debugging.

-v
 Output more information during installation. Useful for debugging and troubleshooting. 

-x  Perform troubleshooting steps for diagnosing problems. 

-p  Update the apparmor or selinux security profile or policy if additional permissions are required. 

-a  Perform airgapped installation. 

-d  Perform default package installation. Requires SELinux to be disabled. 

 


 

Build 2.1.5 – November 22, 2023

Item Number 

Description  

PM-148 

Agent Slim Mode - This change introduces a new feature called “Slim Mode” which is enabled on the default Configuration Profile.   

If slim mode is enabled, then the agent only monitors SSH processes and their children. If slim mode is disabled, the agent begins monitoring all networked processes, systemd, cron, and containerd within 120 seconds (about 2 minutes).   

A settings section for enabling or disabling slim mode has been added to Configuration Profile homepage. 

This new feature is only available for Zerolock Agent 2.1.5 or greater. 

 


For more information, see the Vali Cyber Support Page