Windows Agent Release Changelog

Release Announcement

v2.3.1w

Release date 04/07/2022

AIP enhanced the following feature in the 2.3.1w Agent release:

  • The Windows Agent now supports installation in the following languages:
    • German
    • Japanese
    • Mandarin
    • Polish
    • Russian
    • Spanish

Additionally, this release includes assorted minor bug fixes.

v2.3.0w

Release date 01/24/2022

AIP enhanced the following feature in the 2.3.0w Agent release:

  • The Windows Agent now supports monitoring Windows containers in Kubernetes

Additionally, this release includes assorted minor bug fixes.

v2.2.3w

Release date 09/13/2021

AIP enhanced the following feature in the 2.2.3w Agent release:

  • The Windows Agent now supports Windows Server 2022.

Additionally, this release includes assorted minor bug fixes.

2021 Releases

v2.2.2w

Release date 08/02/2021

AIP enhanced the following feature in the 2.2.2w Agent release:

  • The Agent now fully supports Windows Server 2012.

v2.2.1w

Release date 07/20/2021

AIP enhanced the following features in the 2.2.1w Agent release:

  • Least-privileged mode
    • The AIP Windows Agent can now be configured to run under a non-administrator user account. This account only uses the privileges and permissions required by the Agent to run in your environment. The non-administrator user account can be installed by either the installation wizard or through the Command Line.
  • System Monitor (Sysmon)
    • Support the following new security event ID: 13.10 – FileDeleteDetected
    • Improved installer messaging for Sysmon configuration
  • File Integrity Monitoring (FIM)
    • Improved FIM event exclusion handling

Additionally, this release includes assorted minor bug fixes.

v2.2.0w

Release date 04/26/2021

AIP enhanced the following features in the 2.2.0w Agent release:

  • Forward Proxy support:
    • The AIP Windows Agent can now forward TCP/IP connections through a forward proxy. You configure the forward proxy through the Windows Agent Installer command line using the following parameter:
      TSPROXY=[insert proxy URL:PORT here]

      Example:
      To configure the Agent to use the proxy at http://10.11.12.13 listening on port 4567:

      TSPROXY=http://10.11.12.13:4567
  • System Monitor (Sysmon)
    • Support the following new process IDs
      • 23
      • 24
      • 25
    • Support the following new security event ID: 1102
    • Improved installer messaging for Sysmon configuration
  • EC2 Context Enrichment
    • The Agent now collects AWS metadata at the host level and enriches events with this data. This feature is enabled by default, but can be disabled through a configuration flag
  • Rules
    • FIM path exclusions no longer exclude ignore-glob patterns
  • Cloud Provider display
    • The Agent now collects the instance ID and the image ID for Azure Cloud workloads. The AIP Cloud Security PlatformⓇ (CSP) displays this information in the “Cloud Provider” column on the Severs page
    • The Agent collects and ingests the Google Cloud Platform (GCP) image ID. The AIP CSP displays this information in the “Cloud Provider” column on the Servers page
  • Revocation of Windows Agents is no longer available in the AIP CSP

Additionally, this release includes assorted minor bug fixes.

2020 Releases

v2.1.0w

Release date 03/24/2020

AIP enhanced the following features in the 2.1.0w Agent release:

  • Operating System (OS) Support:
    • Added support for Windows Server 2012.
  • File Integrity Monitoring (FIM) file path pattern matching: Wildcards can be used to exclude monitoring of filenames in directory paths.
    • For example, if a FIM rule is monitoring "C:\Users\Administrator\Documents", you can specify "*.txt" to exclude text files in that directory.
  • Simplified configuration experience.
    • Consolidation of configuration files for an improved deployment process.

Additionally, this release includes assorted minor bug fixes.

2019 Releases

v2.0.0w

Release date 7/10/2019

AIP introduced Agent support for Windows Server environments. The following features are in this release:

  • Operating System (OS) Support:
    • The following Windows Server OS versions are supported:
      • Windows Server 2012 R2
      • Windows Server 2016
      • Windows Server 2019
  • Installation:
    • Command Prompt support
    • Windows installer
  • Functionality:
    • Windows Event log parsing for security related events
    • Data collection for security relevant System Monitoring (Sysmon) events
    • Minidriver for File Integrity Monitoring (FIM) event gathering
    • New Windows rule set
  • Command Prompt:
    • After installing the Agent, you can run a series of commands for informational and troubleshooting purposes
Was this article helpful?
0 out of 0 found this helpful