Build notes describe the changes that are included in each build that is created for Vali Cyber’s ZeroLock Agents.
Before you install one of these builds, familiarize yourself with the new features, resolved issues, and other changes.
Summary of Changes
The changes that are included in the ZeroLock Endpoint Agent builds are listed below:
Build 2.2.4 – February 03, 2024 | |
Item Number | Description |
PM-166 |
Resolved agent deadlock during shutdown |
Build 2.2.3 – February 03, 2024 | |
Item Number | Description |
LIBI-29 |
Enhanced the ZeroLock Agent monitoring process to ignore when a recursive child process “active” check is being executed. |
PM-165 |
Resolved a Baldur crash due to applications race condition. |
Build 2.2.2 – February 01, 2024 | |
Item Number | Description |
PM-146 |
Added support for ESXi Hypervisor OS 6.7, 7.x, and 8.x. |
TYR-55 |
Resolved instance when installing ZeroLock on ESXi 7.0 host a Tyr zombie process was created. |
PTRACE-32 |
Addressed customer issue where a program was crashing due to overlapping memory with injected code.
|
PM-160 |
Resolved issue of a file tampering alert not being generated on ESXi 6.7. There were no similar issues with ESXi 7.x. |
Build 2.2.1 – January 31, 2024 | |
Item Number | Description |
AGENT-289 |
Developed and incorporated ESXi specific Network Access Rules. |
TYR-54 |
Secure boot support added for ESXi. |
AGENT-288 |
SSH-MFA enable for ESXi agent. |
AGENT-290 |
Added an ESXi specific Program Filter. If checked, the agent will scan the filesystem and only allow the executables that were present on the system during the scan to run. Any new programs added to the system will be blocked automatically |
AGENT-297 |
Add new config option for ESXi command scan regex.
|
AGENT-299 |
Baldur enhanced to automatically exit if Tyr dies. |
AGENT-304 |
Resolved issue of the terminal window session hanging after a tampering alert on an ESXi host is released.
|
AGENT-308 |
Addressed issue in which selecting Remediate was not restoring all the files on an ESXi environment.
|
AGENT-315 |
Resolved instance of an ESXi endpoint after de-activating/activating protection, tampering alerts (process kill/file creation/modification) were not getting generated from the currently opened ssh sessions. |
Build 2.1.10 – November 28, 2023 | |
Item Number | Description |
PM-158 |
Resolved Baldur crash condition where ZeroLock Agent v2.1.9 was not allowing SSH session when installed on Manjiro. |
Build 2.1.9 – November 28, 2023 | |
Item Number | Description |
PM-156 |
In response to customer issue, reduced Agent CPU utilization resulting from ps commands. |
PM-157 |
Improved the memory utilization of the ZeroLock Agent by cleaning up the exited processes after 15 minutes. Exited processes are processes that the Zerolock agent was injected into and monitoring but are no longer running. |
Build 2.1.8 – November 28, 2023 | |
Item Number | Description |
Zero-1301 |
Resolved issues relating to ZeroLock Agent installation on SuSE v15.5. |
PM-153 |
Resolved Baldur logging errors on Centos 7.9 and RHEL 7.9. |
Build 2.1.7 – November 28, 2023 | |
Item Number | Description |
PM-149 |
Resolved issue with Atop command line tool causing high CPU utilization in Baldur. Resolution enables reduction of CPU utilization to 3% or less. |
NAT-25 |
Added custom Go compiler to both the cpp-build and jenkins-agent containers to enable ESXi functionality. |
PM-150 |
Baldur logs were edited for cleaner and clearer results. |
PM-151 |
Enhanced Precision ‘slim’ mode with additional options so operation is finer grained. |
Build 2.1.6 – November 27, 2023 | |
Item Number | Description |
Zero-1300 |
This change adds the ability to install ZeroLock agent without dependencies when SELinux is disabled on the system. The new option works with the Download installers: Self-Extracting and TAR. ::: Vali Cyber ZeroLock Endpoint Software Installer (2.1.6) :::
|
|
Build 2.1.5 – November 22, 2023 |
Item Number |
Description |
PM-148 |
Agent Slim Mode - This change introduces a new feature called “Slim Mode” which is enabled on the default Configuration Profile. If slim mode is enabled, then the agent only monitors SSH processes and their children. If slim mode is disabled, the agent begins monitoring all networked processes, systemd, cron, and containerd within 120 seconds (about 2 minutes). A settings section for enabling or disabling slim mode has been added to Configuration Profile homepage. This new feature is only available for Zerolock Agent 2.1.5 or greater.
|
For more information, see the Vali Cyber Support Page.