IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Incident Response (Version 4.2)
Thank you for choosing Tanium. These notes are intended to document changes between releases of the Tanium Incident Response module.
Tanium Incident Response 4.2.1
Release Date January 30, 2018
Incident Response Official Version 4.2.1.0002
Resolved Issues
- TaniumFileInfo now correctly hashes and respects the timeout when hashing files greater than 4GB
- TaniumHandle includes a fix to resolve a potential high CPU utilization issue
- 7za.exe was updated to version 18.00
New Features
- TaniumFileInfo now supports additional fields: product_name, product_version, file_version, description and company
New Binaries
| Operating System | Binary Name | Binary Version | SHA256 Hash |
|---|---|---|---|
| Windows x86 | |||
| TaniumExecWrapper.exe | 3.1.100 | 6d0e655eb9d465425bb1a021d228c480dab6ec2bb443a106fcc89546e1fbb001 | |
| TanFileInfo.exe | 3.1.100 | 8f17ba8b90c73e303784c534a0c5c84d11c2c2c2beedbc98d2cf11ea2637c1a4 | |
| TaniumHandle.exe | 3.1.100 | 738eff48cc62bec4b757942dab9a05c1d7965143c4ba69ae4c825ca728f2295e | |
| TanListModules.exe | 3.1.100 | 91922e6946dd4fef525d92ac8c2c6b4771a8ea9438f40a49edd60ec78e215f1c | |
| 7za.exe | 18.00 | dfa47a164e1bd45db6d1320419badeb5d23f2a8666a6d1b30aeac2282ed322b6 | |
| Windows x64 | |||
| TaniumExecWrapper.exe | 3.1.100 | 2531442004dd22cabda2ee14eaf3fc8aa35cdb442d5e77f5881eda920562a83f | |
| TanFileInfo.exe | 3.1.100 | a44ef801f7c370a2c47527d72c0ea50980a4891b4f2714d65f222783dd6bfa44 | |
| TaniumHandle.exe | 3.1.100 | 4b33816dc04b935c4f017568ff271e5000210056bb54ecbdd663467fb93e555a | |
| TanListModules.exe | 3.1.100 | d04a59c032675e3c8fd0bf5adfeea463f0dd0824f1dd7e9ad979e80a7dacfb51 | |
| 7za.exe | 18.00 | dfa47a164e1bd45db6d1320419badeb5d23f2a8666a6d1b30aeac2282ed322b6 | |
| Mac OS | |||
| TaniumExecWrapper | 3.1.100 | 2d07eb640ddd7e46c0b8116a90aed62a61564e6d4902097b8578509e8a5357eb | |
| Linux x86 | |||
| TaniumExecWrapper | 3.1.100 | 6ada290bdc32465b699ba620e277bc5784f4194691fff2acb5955252c363fb14 | |
| Linux x64 | |||
| TaniumExecWrapper | 3.1.100 | 5e01476fb0301e182ff4ae0fa33ba0c3acb4240e63a8bbe768abfcd26323f9f8 |
Tanium Incident Response 4.2.0.0041
Release Date December 20, 2017
Incident Response Official Version 4.2.0.0041
Resolved Issues
- Resolved a cosmetic issue where IR sensors and tools had an incorrect version number.
Tanium Incident Response 4.2
Release Date December 19, 2017
Incident Response Official Version 4.2.0.0040
Features
- Injected Threads sensor
- The Injected Threads sensor is a PowerShell-based sensor for Windows that returns information about threads executing code that was likely injected into a process.
- TaniumHandle
- TaniumHandle is a new binary for enumerating the file and mutant handles of processes, version and hash details below.
- TanListModules
- TanListModules is a new binary for enumerating the loaded modules of Windows processes, version and hash details below.
Minor Enhancements and Bug Fixes
- Fixes an issues with the Scheduled Task sensor to properly enumerate 32-bit and 64-bit tasks.
- Improves the performance of TanFileInfo.exe.
- Updates the RBAC configuration to grant access to Dashboards, Categories and Saved Questions for IR User and IR Read Only User roles.
- Improves performance and process control for the Running Processes with User sensor for Mac and Linux.
- Updates sensors that enumerate Windows file and mutant handles to use TaniumHandle.exe.
- Updates sensors that enumerate Windows loaded modules (dlls) to use TanListModules.exe.
- Ensures that the TaniumExecWrapper.exe terminates subprocess trees on all Windows OS versions.
New Known Issues and Workarounds
- The Historical RDP Sessions sensor depends on a Windows Security Event Log event ID that does not appear to be triggered on modern versions of Windows. In place of this sensor, we recommend using either the Remote Desktop Event Log Search sensor or the Logon Security Event Log Search sensor.
New Binaries
| Operating System | Binary Name | Binary Version | SHA256 Hash |
|---|---|---|---|
| Windows x86 | |||
| TaniumExecWrapper.exe | 3.0.468 | a52ff58f8028058a26072f0e3227074df819cf4ca979c0ce70bd23b8e21b8065 | |
| TanFileInfo.exe | 3.0.468 | 2dd42b7a96cb550a82405bea204237bfeacde537f02c32ff1eed9f8e94cf8d94 | |
| TaniumHandle.exe | 3.0.468 | 93d070b40a9d65379996d077cdfeda533934082390d81634a1217e89473ea998 | |
| TanListModules.exe | 3.0.468 | c74869da93cad82d204328bccbcaa1ab0b287706712f8f0f2c8aff3ad18a8be5 | |
| Windows x64 | |||
| TaniumExecWrapper.exe | 3.0.468 | 8a9a3948993700d8011dc023bbf6ecdec85e84615c0b63d1aa18e75542edab84 | |
| TanFileInfo.exe | 3.0.468 | 67ca830b5d2f384fe5a0d1c0cd256619c5c71fdb9823e6fb17adf7e836dc8267 | |
| TaniumHandle.exe | 3.0.468 | 80830f8780314662fae3309105c56bd092ecd86b55ed2759adf0c9c4f36d8040 | |
| TanListModules.exe | 3.0.468 | a3a5c1b35d0d881a85941eecc7210bd903cdf2941aee7eb12f027f49df2d28f5 | |
| Mac OS | |||
| TaniumExecWrapper | 3.0.468 | 2fe8b5d14958c88433b738b6851618227642a023dd6e057eeffd82065688ade5 | |
| Linux x86 | |||
| TaniumExecWrapper | 3.0.468 | fce0dfee7b7d9ad6ae6d9a25dce47870b461a01e9442ae218d73b44c4b0cf245 | |
| Linux x64 | |||
| TaniumExecWrapper | 3.0.468 | ea267c7647bb4eddc8945bbcab406c662352237dfe7bf6680dfafc6acb20fc8a |
Deprecated Content
- No deprecated content in this release.
Notes for future releases
- The Historical RDP Sensor depends on an Windows Security Event Log event ID, which does not appear to be triggered on modern versions of Windows. This sensor will be deprecated in a future release.
- Semaphore-related content will be removed in a future release.
- Customers with workflows or saved questions that utilize the "standalone" MD5 or SHA1 hashing sensors, such as
Running Processes with MD5 Hash, should replace them with the new parameterized sensors that support multiple hash types. Tanium will remove the older sensors in a future release, with advance notice to be provided in release notes for preceding releases.