IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes (Version 7.2.314.2831)
Thank you for choosing Tanium. The following Release Notes document changes between releases of the Tanium Server.
The previous version can be found here: N/A
Tanium Server v7.2.314.2831
Limited Availability Release Date: December 2017
General Availability Release Date: December 2017
Major Features
- Configurable, native encryption capabilities for network communications and sensitive files on disk
- Tanium configuration command line interface (CLI)
- Tanium objects Export/ Import API
Improvements
- Database pruning of old Question, Action and Temporary Sensor data
- Tanium Client v7.2 environment variables
- Server SSL-certificate Registration
- Offer a richer environment to Sensors running internally within the Tanium Client
Bug Fixes
- Fixed a condition where the Tanium Server could crash under load.
- Added a feature to disable the concurrent execution of multiple copies of the same Plugin:
forbid_concurrent_execution=1. - Audit records are no longer created for constantly changing Global Settings like
estimated_node_count, doing so added unnecessary rows to the audit tables (global_settings_audit). - Fixed a condition where the Zone Server would not write its Info Pages to disk.
- Corrected a spurious nagging message in the Zone Server logs that would read:
assertion 'ptr != NULL' failed - Made the settings for client to client symmetric encryption to be off:
SymmetricEncryptionEnabledToServer=0,SymmetricEncryptionEnabledToPeer=0,SymmetricEncryptionMultiplexEnabled=1,RequireIncomingEncryption=0. - Added the necessary support to the Tanium Zone Server for the collection of Sensor statistics.
- Changed the Tanium Server to use its own, specific v7.2 manifest, distinct from every other version.
- Improved the efficiency and speed of Question History and Action History by filtering object-lists and not in
XMLWriter. - Fixed leaking of hash collision resolution Questions, which would cause this subsystem to stop working when
max_active_collision_questionswas reached. - Reduced the spamming of server logs with messages reading
HashCollisionResolutionwhen running withLogVerbosityLevel > 40. - Fixed an incorrect number of minutes logged at the Zone Server in the message:
Hub inactive for 0 minutes. Dropping message. - Changed the system behavior to not attempt to resolve hash collisions for counting Questions.
- Fixed a parser error where asking
Sensor not contains "foo"would drop thenotqualifier. - Fixed Action Status display (when using
require_action_approval=1)where Content Administrators could access the page but would see zeroes in the progress bars. - Fixed an inconsistency where the
ExportObjectAPI returnsVBScriptinstead of the correctPowerShell. - Changed the default value of
SOAPWorkerThreadResetInterval[REG_DWORD]to60seconds to reduce memory use on the Tanium Server under hight load. - Fixed a problem where Package Files with URLs local to the Tanium Server would show as downloaded even if they did not exist.
- Fixed an upgrade problem where stopping the Module Server would fail and hung the installer until the Module Server was killed manually.
- Added a Global Setting (
soap_enable_basic_auth=1, Server, Numeric) which can be used to disableHTTP Basic-Authenticationon the Tanium Server. - Fixed a problem where a Sensor import would fail if it referenced a Content Set that once existed and was deleted.
- Fixed a Tanium Server crash when attempting to log-in with a DOMAIN user account that once existed and has been deleted.
- Fixed a mutex-contention problem that impaired the server from handling HTTPS requests when many Saved Question requests were issued simultaneously.
- Fixed an installation problem where a silent install failed to add the
trusted-module-servers.crtfile on Windows. - Fixed problems related to air-gap installs for Package Files with local URLs on the Tanium Server.
- Fixed a database deadlock when loading Scheduled Actions for some Action Groups.
- Fixed a problem where the periodic cleanup of the
taniumdatabase would remove Temporary Sensors it should not. - The Tanium Module Server now offers the ability to write
/infopage contents to files on disk, like the Tanium Server and Zone Server. - Reduced the verbosity in logging when strings are being unloaded from memory cache.
- Fixed a problem where one-time Actions (not Saved Actions) would impede the removal of an Action Group, which was incorrect.
- Fixed a condition where re-importing some solutions would create Scheduled Actions with empty packages. This affected Tanium Patch distribution actions.
- Implemented paged-LDAP querying where supported by the LDAP server, which helps in accounts with large number of returned account and group objects.
- Fixed a problem with Sensors that were deleted and added again, which would not show in Sensor lists and create erroneous displays in the Question Bar.
- Fixed an interaction with Microsoft SQL where Tanium would fail to LDAP-synchronize thousands of users.
- Fixed a problem where the Global Setting
console_headerTextwould not display correctly in the console. - Fixed a bug that impacted Tanium Comply where the modification time for Packages was not being updated after a change.
- Fixed an RBAC problem where users would retain an Administrator role from a User Group even after the group was deleted.
- Changed a SOAP Request handler so it will not log LDAP user passwords.
- Removed the execution of the
taniumdatabase cleanup during the upgrade process. - Added an option to select the display name user for users synchronized from LDAP.
- Fixed a problem where failing a PostgreSQL transaction would leave a database connection in a bad state.
- Improved the performance of SOAP snapchots where cache contention was producing significant slowdowns under load.
- Changed
TDownloaderto setTrustedCertPathon the Module Server. - Fixed UTF-8 management of Organizational Unit (
ou) names in LDAP, which failed to save when they contained Japanese characters. - Removed a problematic character limit on the filter that can be used when configuring LDAP-synchronization.
- The Action Approver view of an Action no longer displays a preview of endpoints, because the targets allowed for the Action author and approver may be completely different.
- Fixed the filtering over the User Name column in the Question History view.
- Fixed an error reading
400 Bad Request - Sensor not foundin the Filter Builder for Computer Groups. - Fixed a problem that would not allow the deletion of Scheduled Actions associated with deleted users.
- Fixed a problem where the
containsandends withoptions would disappear from Question Builder when filtering a Sensor result. - Fixed the fact that the
?maxAge=modifier would disappear from the Question Bar when a question was run through the English parser. - Fixed the behavior of the
ExportObjectAPI to handle case-insensitive matching of Sensor names. - Changes to the LDAP-synchronization settings are now require re-authentication upon saving.
- Changed a behavior where, if the
Versionconfiguration was missing fromTaniumClient.inior Registry, the Client logged errors reading:Sending is Blocked. - Improved the restart times for the Tanium Client service.
- Removed an unecessary dependency on
remote-fs.targetin the Tanium Linux Client'ssystemdunit file. - Changed the Tanium Client v7.2 to honor
SIGCHILDand improved a condition where the process could consume as much as10% CPUon the RedHat Linux. - Changed the Tanium Client v7.2 to honor
SIGCHILD. - Added VBScript, PowerShell and Python support to un-quarantine Sensors through the Client API.
- The Tanium Client will no longer attempt to use internal PowerShell repreatedly if it fails once.
- Changed the behavior of the internal Python interpreter so it no longer takes over the
SIGINTsignal handler. - The Tanium Client notes the Windows console and output Code Pages (
GetConsoleCPandGetConsoleOutputCP) before executing a Sensor and restores them after it completes. - Packages are offered a 30 second period to finish running before a Tanium Client stop or reset. The
ChildProcessExitTimeoutSecondsclient setting (not Global Setting) controls this timeout. - Changed the logging of individual Sensor hash messages to
LogVerbosityLevel=95, reducing log sizes and clutter. - The Tanium Client notes its current working directory (
cwd) before executing a Sensor and restores it after the Sesnor completes. - The Tanium Client will now reset if it detects a clock skew of more than
5 minutesagainst the Tanium Server during registration. This value used to be15 minutes. - Removed the
TimerResolutionsetting from client, which has caused timing problems in the past. - Removed unique paths ('e.g.'
TempUnix_123_456) reported on Sensor failures with a fixed string:[filepath]. - Added the Action ID to
RunActionlogging in the client. - Added a
$Tanium.Versionto the Sensor object for use with internal PowerShell. - Made the new
get_sensor_historyproperty in Python consistent with VBScript and PowerShell. - The internal execution of scripts now preserves the settings of environment variables after executing a Sensor.
- Normalized the naming and management of UNIX Client log files which was
log_N.txtin older versions andlogN.txtin newer versions, causing some of them to not be deleted.
Known Issues and Workarounds
- The installer creates an invalid
trusted-module-servers.crtfile, which produce SSL errors:SSLReadWriteError,SSLHandshakeFailed.
Workaround: Always choose the installer's Module Server registration option during the upgrade. - Setting
DisableClientLogging=1will cause the Tanium client to stop answering questions.
Workaround: Do not use this setting. - Computer Group filtering in the Interact Question Builder does not work
Workaround: N/A