Snare Windows Agent v5.8.1 was released on xx June 2024
Since v5.8.0, upgrading Snare Agent from versions earlier than 5.4.0 for Agents that had password enabled is not supported.
Customers who need to upgrade the Agent from pre-5.4.0 version, are advised to perform a two-step upgrade:
- Step 1 - Upgrade from pre-5.4.0 version to v5.7.0 or 5.7.1
- Step 2 - Upgrade from v5.7.* to the latest version
Security Updates
- 3rd party libraries upgraded:
- OpenSSL upgraded to version 3.1.5 SA-4329
New Features and Enhancements
- Allow Agent service to start up and display Web UI with the relevant error message when the Agent is running with permissions insufficient for audit logs collection SA-4228, SA-4229
- Removed registry values that are no longer in use from the 'Remote' registry key. SA-4326
- Preventative code maintenance SA-3564
Bug Fixes
- Fixed handling of remotely-configured SNARE V2 and JSON formats. These formats are now properly applied to outgoing events after configuration update is obtained from SAM. SA-4334 Related to Support Case SSUP-1007 / SSD-1718
- Fixed scenario where log audit, FIM and RIM policies could not be completely removed via remote configuration managed by SAM. SA-4339 Related to Support Case SSUP-1018 / SSD-1773
- Fix for issue where invalid event data could result in Agent being stuck attempting to process such event. SA-4087.
- Improved validation of 'Event ID Match' input in Audit Policy. SA-4214 Related to Support Case SSUP-885 / SSD-1281
- Removed misleading erroneous Error logged after reading last Advanced Audit policy SA-4279 Related to Support Case SSUP-951 / SSD-1449
- Fixed license file names listed on the 'Select a License' page of the installer. If the file name contained parentheses, only the text in parentheses was displayed. SA-4283
- Fixed spelling mistakes in labels on the Advanced Audit and FAM policy configuration pages. SA-4244, SA-4298
User Guide
The following is an offline version of the User Guide related to this release.
For an up-to-date version refer to the online version here.