IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Incident Response (Version 4.2)

From Tanium Knowledge Base
Jump to navigation Jump to search

Thank you for choosing Tanium. These notes are intended to document changes between releases of the Tanium Incident Response module.

Tanium Incident Response 4.2.1

Release Date January 30, 2018

Incident Response Official Version 4.2.1.0002

Resolved Issues

  • TaniumFileInfo now correctly hashes and respects the timeout when hashing files greater than 4GB
  • TaniumHandle includes a fix to resolve a potential high CPU utilization issue
  • 7za.exe was updated to version 18.00

New Features

  • TaniumFileInfo now supports additional fields: product_name, product_version, file_version, description and company

New Binaries

Operating System Binary Name Binary Version SHA256 Hash
Windows x86
TaniumExecWrapper.exe 3.1.100 6d0e655eb9d465425bb1a021d228c480dab6ec2bb443a106fcc89546e1fbb001
TanFileInfo.exe 3.1.100 8f17ba8b90c73e303784c534a0c5c84d11c2c2c2beedbc98d2cf11ea2637c1a4
TaniumHandle.exe 3.1.100 738eff48cc62bec4b757942dab9a05c1d7965143c4ba69ae4c825ca728f2295e
TanListModules.exe 3.1.100 91922e6946dd4fef525d92ac8c2c6b4771a8ea9438f40a49edd60ec78e215f1c
7za.exe 18.00 dfa47a164e1bd45db6d1320419badeb5d23f2a8666a6d1b30aeac2282ed322b6
Windows x64
TaniumExecWrapper.exe 3.1.100 2531442004dd22cabda2ee14eaf3fc8aa35cdb442d5e77f5881eda920562a83f
TanFileInfo.exe 3.1.100 a44ef801f7c370a2c47527d72c0ea50980a4891b4f2714d65f222783dd6bfa44
TaniumHandle.exe 3.1.100 4b33816dc04b935c4f017568ff271e5000210056bb54ecbdd663467fb93e555a
TanListModules.exe 3.1.100 d04a59c032675e3c8fd0bf5adfeea463f0dd0824f1dd7e9ad979e80a7dacfb51
7za.exe 18.00 dfa47a164e1bd45db6d1320419badeb5d23f2a8666a6d1b30aeac2282ed322b6
Mac OS
TaniumExecWrapper 3.1.100 2d07eb640ddd7e46c0b8116a90aed62a61564e6d4902097b8578509e8a5357eb
Linux x86
TaniumExecWrapper 3.1.100 6ada290bdc32465b699ba620e277bc5784f4194691fff2acb5955252c363fb14
Linux x64
TaniumExecWrapper 3.1.100 5e01476fb0301e182ff4ae0fa33ba0c3acb4240e63a8bbe768abfcd26323f9f8

Tanium Incident Response 4.2.0.0041

Release Date December 20, 2017

Incident Response Official Version 4.2.0.0041

Resolved Issues

  • Resolved a cosmetic issue where IR sensors and tools had an incorrect version number.

Tanium Incident Response 4.2

Release Date December 19, 2017

Incident Response Official Version 4.2.0.0040

Features

  • Injected Threads sensor
The Injected Threads sensor is a PowerShell-based sensor for Windows that returns information about threads executing code that was likely injected into a process.
  • TaniumHandle
TaniumHandle is a new binary for enumerating the file and mutant handles of processes, version and hash details below.
  • TanListModules
TanListModules is a new binary for enumerating the loaded modules of Windows processes, version and hash details below.

Minor Enhancements and Bug Fixes

  • Fixes an issues with the Scheduled Task sensor to properly enumerate 32-bit and 64-bit tasks.
  • Improves the performance of TanFileInfo.exe.
  • Updates the RBAC configuration to grant access to Dashboards, Categories and Saved Questions for IR User and IR Read Only User roles.
  • Improves performance and process control for the Running Processes with User sensor for Mac and Linux.
  • Updates sensors that enumerate Windows file and mutant handles to use TaniumHandle.exe.
  • Updates sensors that enumerate Windows loaded modules (dlls) to use TanListModules.exe.
  • Ensures that the TaniumExecWrapper.exe terminates subprocess trees on all Windows OS versions.

New Known Issues and Workarounds

  • The Historical RDP Sessions sensor depends on a Windows Security Event Log event ID that does not appear to be triggered on modern versions of Windows. In place of this sensor, we recommend using either the Remote Desktop Event Log Search sensor or the Logon Security Event Log Search sensor.

New Binaries

Operating System Binary Name Binary Version SHA256 Hash
Windows x86
TaniumExecWrapper.exe 3.0.468 a52ff58f8028058a26072f0e3227074df819cf4ca979c0ce70bd23b8e21b8065
TanFileInfo.exe 3.0.468 2dd42b7a96cb550a82405bea204237bfeacde537f02c32ff1eed9f8e94cf8d94
TaniumHandle.exe 3.0.468 93d070b40a9d65379996d077cdfeda533934082390d81634a1217e89473ea998
TanListModules.exe 3.0.468 c74869da93cad82d204328bccbcaa1ab0b287706712f8f0f2c8aff3ad18a8be5
Windows x64
TaniumExecWrapper.exe 3.0.468 8a9a3948993700d8011dc023bbf6ecdec85e84615c0b63d1aa18e75542edab84
TanFileInfo.exe 3.0.468 67ca830b5d2f384fe5a0d1c0cd256619c5c71fdb9823e6fb17adf7e836dc8267
TaniumHandle.exe 3.0.468 80830f8780314662fae3309105c56bd092ecd86b55ed2759adf0c9c4f36d8040
TanListModules.exe 3.0.468 a3a5c1b35d0d881a85941eecc7210bd903cdf2941aee7eb12f027f49df2d28f5
Mac OS
TaniumExecWrapper 3.0.468 2fe8b5d14958c88433b738b6851618227642a023dd6e057eeffd82065688ade5
Linux x86
TaniumExecWrapper 3.0.468 fce0dfee7b7d9ad6ae6d9a25dce47870b461a01e9442ae218d73b44c4b0cf245
Linux x64
TaniumExecWrapper 3.0.468 ea267c7647bb4eddc8945bbcab406c662352237dfe7bf6680dfafc6acb20fc8a

Deprecated Content

  • No deprecated content in this release.

Notes for future releases

  • The Historical RDP Sensor depends on an Windows Security Event Log event ID, which does not appear to be triggered on modern versions of Windows. This sensor will be deprecated in a future release.
  • Semaphore-related content will be removed in a future release.
  • Customers with workflows or saved questions that utilize the "standalone" MD5 or SHA1 hashing sensors, such as Running Processes with MD5 Hash, should replace them with the new parameterized sensors that support multiple hash types. Tanium will remove the older sensors in a future release, with advance notice to be provided in release notes for preceding releases.

Additional Information