IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Core Content (Version 1.6)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. This article documents changes between releases of Core Content.

Core Content replaces the deprecated Initial Content Tanium Solutions.

Important

Any Scheduled Actions associated with these packages will need to have targeting updated after each update to the Core Content package. The default action group targeting will change to No Computers. A new Antivirus content set has been introduced for sensors and packages that are related to antivirus technologies including Sophos and McAfee.
A new Microsoft Defender content set has been introduced for sensors and packages that are related to Microsoft’s endpoint protection. The older Core Content - Forefront solution is now deprecated.

Core Content 1.6.39

Release Date: October 11, 2022

Improvements

  • Improved documentation for all Microsoft Defender sensors
  • Rounded date inputs for Microsoft Defender sensors
  • Visibility for Microsoft ATP / Defender status. Added Sensors: Microsoft Defender AntiMalware Details, Microsoft Defender AntiSpyware Details, Microsoft Defender AntiVirus Details, Microsoft Defender Attack Surface Reduction Rule ID Status, Microsoft Defender Computer ID, Microsoft Defender Extension Exclusions, Microsoft Defender FullScan Details, Microsoft Defender Health Details, Microsoft Defender Installed, Microsoft Defender IP Address Exclusions, Microsoft Defender Network Inspection Service Details, Microsoft Defender On Access Protection Status, Microsoft Defender Org ID, Microsoft Defender Path Exclusions, Microsoft Defender Process Exclusions, Microsoft Defender QuickScan Details, Microsoft Defender Real-Time Protection Status, Microsoft Defender Tamper Protection Status, Microsoft Defender Threat Details, and Microsoft Defender UI Lockdown Status
  • Control for Microsoft Defender state. Packages: Microsoft Defender - Add Attack Surface Reduction Rule, Microsoft Defender - Add Exclusion [Windows], Microsoft Defender - Add Exclusion [Linux], Microsoft Defender - Add Exclusion [Mac], Microsoft Defender - Remove Extension Exclusion [Windows], Microsoft Defender - Remove Extension Exclusion [Linux], Microsoft Defender - Remove Extension Exclusion [Mac], Microsoft Defender - Remove IP Address Exclusion [Windows], Microsoft Defender - Remove IP Address Exclusion [Linux], Microsoft Defender - Remove IP Address Exclusion [Mac], Microsoft Defender - Remove Path Exclusion [Windows], Microsoft Defender - Remove Path Exclusion [Linux], Microsoft Defender - Remove Path Exclusion [Mac], Microsoft Defender - Remove Process Exclusion [Windows], Microsoft Defender - Remove Process Exclusion [Linux], Microsoft Defender - Remove Process Exclusion [Mac]
  • Visibility for McAfee EPP status. Sensors: McAfee Agent Health, McAfee Agent Last ASC Days, McAfee Agent Last Policy Update Days, McAfee Agent Version, McAfee Status, McAfee Status Details, McAfee VSE DAT Version
  • Visibility for Sophos EPP status. Sensors: Sophos Client Health, Sophos Client Version, Sophos Engine Version, Sophos Last Scan Time, Sophos Last Update Time
  • Linux, Solaris, and AIX support added to File Creation Date sensor
  • Service Details [Non-Windows] sensor now supports AIX and Solaris

Fixes

  • Corrected output for case with no exclusions Affected sensors: Microsoft Defender Extension Exclusions, Microsoft Defender IP Address Exclusions, Microsoft Defender Path Exclusions, Microsoft Defender Process Exclusions
  • Corrected variable typing for REG_MULTI_SZ value reporting, so that multiple binary result values will return on a single line. Affected sensors: Registry Value Data and Registry Key Value Names with Data
  • Registry Value Data and Registry Key Value Names with Data now return data accurately when encountering a null value
  • Registry Key Value Names with Data sensor will now return the names of empty values as well as populated values.
  • Browser Extension sensors now work on Tanium Client 7.2. Affected sensors: Chrome Extensions, Chrome Extensions Summary, Edge Extensions, Edge Extensions Summary, Firefox Extensions, Firefox Extensions Summary
  • The Network Adapter Details sensor now includes PCI slot-numbered, firmware-numbered, and SolarFlare interface identifiers on Linux endpoints
  • Corrected white space handling in Hosts File Entries sensors.
  • Corrected username and home folder expansion issues in the Mac code for the Folder Contents sensor.

Installation Notes:

Customers who use Tanium Core Platform 7.4 should ensure that the Tanium Console is at least version 1.4.2.0038 before importing Core Content. Importing Core Content on a Tanium Console version that is earlier than 1.4.2.0038 may result in the content set assigned to each sensor being overwritten on import, regardless of your preference at import time.

Installing Core Content updates all sensors, packages, saved questions, scheduled actions, and potentially dashboards that were previously included in the deprecated Initial Content Tanium Solutions. If you install Core Content when one or more of the deprecated IC solutions are installed, consider leaving the "Include Content Set Overwrite" checkbox on the import screen unchecked to preserve RBAC content set and role associations. Checking the box creates a new content set named Core Content for all items in the solution, and all of the items in the Core Content solution will be assigned to the Core Content content set.

If you install Core Content on a server without any of the deprecated Initial Content Tanium Solutions, the installation creates a Core Content content set, and all items in the Core Content solution are assigned to the Core Content content set by default.

Supported Tanium Platforms

Tanium Core Platform 7.3 or later

Product Documentation and Resources