IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Threat Response (Version 1.3)

From Tanium Knowledge Base
Jump to navigation Jump to search

Important Note

The releases of Tanium Trace 2.9.0.0035, Threat Response 1.2.0.0037, Map 1.1.1.0006, and Integrity Monitor 1.7.0.0035 all include a significant update on how the endpoint recorder technology is distributed and managed. This update requires that if any one of the products is updated in an active environment, all of the others should be updated to at least the minimum versions specified above at the same time. Failure to do so may result in degraded functionality and potentially erroneous sensor results from those products that have not been updated. Tanium avoids the introduction of dependencies between product releases whenever possible, but it is required in this circumstance to support significant new functionality enhancements.

Threat Response 1.3.3

Release Date: 07/02/2019

Fixes

  • Fixes an issue shutting down recorder tools when deploying Threat Response on Windows
  • Fixes an issue where tools deployment can leave processes in a suspended state on Windows endpoints
  • Fixes an issue restarting the recorder on Linux endpoints

Endpoint Python Fixes

  • Prevents incorrect loading of VC++ runtime on Windows XP & Windows 2003
  • Prevents potential network calls that fetch CRL lists when TPython.exe is invoked
  • Prevents potential failures when restoring suspended threads

Endpoint Python Updates

  • Updated python interpreter to 2.7.15

Threat Response 1.3.2

Release Date: 06/18/2019

Fixes

  • Fixes an error when cancelling during creation of Live Response items
  • Fixes an error upgrading endpoint tools
  • Fixes an issue with a blank field in the Connect audit plugin for Threat Response
  • Fixed an issue when deploying tools and enabling and disabling the recorder correctly

Recorder Updates

  • Added APIs to allow defining the reason that the recorder was disabled
  • Updated Windows Recorder to 1.1.31.3703
    • Resolved an issue with the ConfirmFileWrites setting that can cause files to be locked, breaking some processes like SCCM and Dragon Dictation
    • Resolved issue with holding files open on signature verification in way that caused issues with some applications

Threat Response 1.3.1

Release Date: 06/04/2019

Fixes

  • Fixes issue where the Threat Response console was not working in Internet Explorer 11
  • Fixes issue where users with the Threat Response Administrator role did not have access to the Service settings in the Top Rail

Recorder Updates

  • Included Windows recorder 1.1.31.3648
    • Resolved issue where events were lost in the Windows Event Recorder
  • Included Mac/Linux recorder 1.0.34.13
    • Resolved an issue where disabled recorder on Mac continuously logs messages
    • Resolved an issue where disabling recorder could result in an empty auditd.conf

Security

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Threat Response 1.3.0

Release Date: 05/21/2019

The new Tanium Threat Response module combines the functionality of Tanium Detect and Tanium Trace with the content of Tanium Index and Tanium Incident Response.

Migration from existing installations of the these modules is possible in the Threat Response module.

The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.

Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.

Enhancements

  • Live Response configuration management and package creation in the Threat Response workbench
  • Improved alert suppression with global suppression rules, suppression rule management page, and the ability to retroactively apply suppression rules to existing alerts
  • Deploy Action from Alert
  • Live connection file browser
  • Threat Response audit log source available in Tanium Connect 4.10.5 and later
  • Tanium Recorder Driver content
  • Recorder update to address lost events in the Windows Event Recorder
  • Recorder engine update using Client Extensions
  • Indexing engine update
  • IR tools update

Known Issues

  • Linux Recorder may leave the auditd.conf file in a 0 byte file size when the auditd.conf.pretrace files were removed, and then disable command is called
  • Mac Recorder may have issues where launchctl will continue to try to run the Mac Recorder when the Mac Recorder is in a disabled state
  • Clicking “Generate Packages” on the Live Response management page sometimes produces packages that do not include all of the expected files (for example: some collection config JSON files may be missing). This only occurs when creating a “Threat Response - Live Response [*]” package that does not already exist. It does not occur when updating existing packages.
    • Workaround: Click the “Generate Packages” button, again, to update the existing packages. The packages will then contain all of the expected files.

Security

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Additional Information

Product Documentation and Resources