Skip to main content
Red Canary help

Release v.1.1.2

  • Updated .

Released: 2020-12-28

 

Notes:

  • This release includes substantial fixes and additional features. Please upgrade soon!
  • These release notes cover all improvements and fixes since version 0.4.29.

Added

  • Added sentry.io error and performance reporting for all customers, better enabling Red Canary to quickly identify sensor performance regressions, errors or otherwise
  • Added support for memory limits that will automatically put the CWP sensor in safe mode when exceeded
  • Sensors can now be put in safe mode manually via command line by running /opt/redcanary/cfctl safe --enable
  • Added container attributes to process execution telemetry, including cgroups and container IDs

Removed

  • Removed unnecessary stdout println statement caused by a process exiting before sensor processing, leading to excessive errors
  • Removed OS compatibility check to better support containers using supported Linux distributions


Changed

  • Updated behavioral rootkit detection to use a proprietary, userland technique, avoiding the need for a kernel module
  • Improved CWP Enterprise detection capabilities
  • Increased the network offload timeout to 30 seconds to prevent timeouts when offloading telemetry
  • Changed cfdetect to use a unix domain socket to prevent clashing with port 22000, which may be used by other services running on the endpoint
  • Unique netconns are now only reported every 30 seconds instead of at each individual connection. This introduces significant performance improvements (33% less memory, 50% less CPU).


Fixed

  • Fixed an issue where AWS metadata fetching might return incorrect data for fields
  • Fixed an issue where the endpoint detection engine was attempting to offload a temporary file that was not ready, producing an alert
  • cfsvcd no longer attempts to set file permissions when launched in a container
  • Fixed an issue where cfsvcd would not restart after an upgrade
  • Payloads for Enterprise customers secondary offload are no longer flattened
  • Addressed an issue where the Process Memory Integrity plugin forced remote process pages to become resident, provoking the OOM killer
  • Fixed an issue where the audit-socket wasn't handling EINTR during interrupt processing, which can lead to excessive memory usage

Comments

0 comments

Please sign in to leave a comment.