Build Notes: ZeroLock® Endpoint Agent 3.x

Addressed the issue of Agent failing to get activated from the ZMC after exhausting restart attempts.

Alert Mode Only

Intercept tkill and tgkill syscalls

Simplified code to pass tkill/tgkill to process_monitor as kill.

Alert Mode Only

On the ACTIONS dropdown for the endpoints page, the options for ENABLE ALERT ONLY mode and DISABLE ALERT ONLY  mode are now available. These buttons only work with Agent version 3.5.10 and newer.

When activating Alert Only mode, the user must select a timeout. The default is 24 hours from the current time. Upon reaching the timeout, the agent will automatically revert to its normal mode of operation.

Reduced memory usage for constrained environments.

Local MFA

An agent can now perform MFA authentication without requiring the ZMC. The agent no longer needs to be connected to the ZMC when the user sets up MFA because the ZMC will send the user’s username and MFA secret to the agent.

Additionally, the agent will only ask for the username and token once. If either is incorrect, there is a five-second pause and the session is terminated.

Increased efficiency of Program Filter by configuring scans to run only when required by specific events such as on start up after initial install. 

Added robustness to Tyr to prevent multiple concurrent Tyr/Baldur processes. i

Addressed the issue of SSH connection failures on ESXi 6.7 and 7.

Addressed the issue of Endpoint SHELL from ZMC not working with ESXi Endpoints.

Addressed the issue of periodic timeout failures when running Ansible. 

Agent logging efficiency improved as it will not log whenever it injects into a process but will log the name of that process. 

Monitoring of SLPD (Service Level Protocol Daemon) added to prevent exploitation of service vulnerabilities. 

Enable Fully Automated Installation with Lifecycle Manager.

Automatically Update the Program Filter if ESXi version is updated.

LIBI-33

Incremented version of Libinject to resolve coredumps being generated by SSH timeouts.

BALD-69

Reduced time for monitoring new local ESXi shell sessions. 

TYR-77

Enhanced DNS resolution capabilities. 

TYR-64

The tyr.log file now logs the agent package version to aid in troubleshooting.

PTRACE-40

A diagnostic enhancement to log additional register information.

 LOG-20 

Logs enhanced to check log levels sooner to avoid levels getting too high.

Also, month/day was added to log statements. 

PTRACE-39

This change fixes an issue causing coredumps on systems with old kernels and high CPU utilization. 

AGENT-384

Addressed issue of installing agent not honoring ‘ESXi default’ configuration setting.

PM-155

Improved performance of Filesystem under intensive workloads.

TYR-63

When log is set to debug or trace the log messages are no longer trimmed.

TYR-56

Tyr rewritten using C++.

BALD-59

Enhanced AES-256 encryption for Baldur executables.

PM-178

Logging enhanced to provide information on dependency exceptions.

ENC-19

New methods were added for file encryption and decryption using AES-256.

TYR-58

Addressed transitive 3rd party dependencies.