Build notes: ZeroLock® Endpoint Agent 2.x

Build notes describe the changes that are included in each build that is created for Vali Cyber’s ZeroLock Agents.

Before you install one of these builds, familiarize yourself with the new features, resolved issues, and other changes.

Summary of Changes 

The changes that are included in the ZeroLock Endpoint Agent builds are listed below: 


  Build 2.2.3 – February 03, 2024
Item Number Description


Enhanced the ZeroLock Agent monitoring process to ignore when a recursive child process “active” check is being executed. 


Resolved a Baldur crash due to applications race condition.

  Build 2.2.2 – February 01, 2024
Item Number Description


Added support for ESXi Hypervisor OS 6.7, 7.x, and 8.x. 


 Resolved instance when installing ZeroLock on ESXi 7.0 host a Tyr zombie process was created. 


Addressed customer issue where a program was crashing due to overlapping memory with injected code. 



Resolved issue of a file tampering alert not being generated on ESXi 6.7.  There were no similar issues with ESXi 7.x.  

  Build 2.2.1 – January 31, 2024
Item Number Description


Developed and incorporated ESXi specific Network Access Rules. 


Secure boot support added for ESXi. 


SSH-MFA enable for ESXi agent. 


Added an ESXi specific Program Filter. If checked, the agent will scan the filesystem and only allow the executables that were present on the system during the scan to run. Any new programs added to the system will be blocked automatically 


Add new config option for ESXi command scan regex. 



Baldur enhanced to automatically exit if Tyr dies. 


Resolved issue of the terminal window session hanging after a tampering alert on an ESXi host is released. 



Addressed issue in which selecting Remediate was not restoring all the files on an ESXi environment. 



Resolved instance of an ESXi endpoint after de-activating/activating protection, tampering alerts (process kill/file creation/modification) were not getting generated from the currently opened ssh sessions. 

  Build 2.1.10 – November 28, 2023
Item Number Description

Resolved Baldur crash condition where ZeroLock Agent v2.1.9 was not allowing SSH session when installed on Manjiro. 

  Build 2.1.9 – November 28, 2023
Item Number Description

In response to customer issue, reduced Agent CPU utilization resulting from ps commands.


Improved the memory utilization of the ZeroLock Agent by cleaning up the exited processes after 15 minutes.  Exited processes are processes that the Zerolock agent was injected into and monitoring but are no longer running.

  Build 2.1.8 – November 28, 2023
Item Number Description

Resolved issues relating to ZeroLock Agent installation on SuSE v15.5. 


Resolved Baldur logging errors on Centos 7.9 and RHEL 7.9. 

  Build 2.1.7 – November 28, 2023
Item Number Description

Resolved issue with Atop command line tool causing high CPU utilization in Baldur. Resolution enables reduction of CPU utilization to 3% or less. 


Added custom Go compiler to both the cpp-build and jenkins-agent containers to enable ESXi functionality.


Baldur logs were edited for cleaner and clearer results. 


Enhanced Precision ‘slim’ mode with additional options so operation is finer grained. 

  Build 2.1.6 – November 27, 2023
Item Number Description

This change adds the ability to install ZeroLock agent without dependencies when SELinux is disabled on the system. 

The new option works with the Download installers: Self-Extracting and TAR.   

::: Vali Cyber ZeroLock Endpoint Software Installer (2.1.6) ::: 

    Usage: ./installer [-h] [-n] [-v] [-x] [-p] [-a] 


-h  Print this help message and exit. 

-n  Perform a dry run, where no installation or changes are made. Useful for testing and debugging.

 Output more information during installation. Useful for debugging and troubleshooting. 

-x  Perform troubleshooting steps for diagnosing problems. 

-p  Update the apparmor or selinux security profile or policy if additional permissions are required. 

-a  Perform airgapped installation. 

-d  Perform default package installation. Requires SELinux to be disabled. 



Build 2.1.5 – November 22, 2023

Item Number 



Agent Slim Mode - This change introduces a new feature called “Slim Mode” which is enabled on the default Configuration Profile.   

If slim mode is enabled, then the agent only monitors SSH processes and their children. If slim mode is disabled, the agent begins monitoring all networked processes, systemd, cron, and containerd within 120 seconds (about 2 minutes).   

A settings section for enabling or disabling slim mode has been added to Configuration Profile homepage. 

This new feature is only available for Zerolock Agent 2.1.5 or greater. 


For more information, see the Vali Cyber Support Page