IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.

Release Notes Threat Response (Version 2.3)

From Tanium Knowledge Base
Jump to navigation Jump to search

Important Notes

The releases of Tanium Threat Response 2.0, Integrity Monitor 2.0, and Map 2.0 all include a significant update to the Client Recorder Extension. This upgrade does not require that all three products be updated at the same time, but when more than one impacted product is deployed to an endpoint, conditional logic is applied to determine whether to upgrade the recorder component from 1.x to 2.0 versions. Please consult your Technical Account Manager to better understand how to best plan for your deployments if you have more than one impacted product installed.

The Threat Response module combines the functionality of the Detect and Trace modules and the Index and Incident Response content.

Migration from existing installations of the aforementioned modules is possible in the Threat Response module.

The migration process includes significant changes to the content and distribution of tools and configurations that are sent to connected endpoints.

Tanium strongly recommends contacting your Technical Account Manager prior to performing the migration.

7.4 clients are not supported on versions of Threat Response versions earlier than 2.1.0.

Threat Response 2.3.1.0005

Release Date: 2020-04-14

Enhancements

  • Fixes an issue where some endpoints respond to a Quick Scan with an error that reports that the scan did not complete before the last shutdown.
  • Fixes an issue where the Trace Executed Process Trees sensor was not working correctly on Windows endpoints.
  • Fixes an issue where the Tanium Driver does not uninstall correctly.
  • Fixes an issue in the Recorder Client Extension where SELinux is in enforcing mode, but TaniumAuditPipe does not have the Recorder SELinux policy applied.
  • Adds a command in the Recorder Client Extension to reset the database in the event that it becomes corrupted, and enables the deletion of the database and restarts the recorder.

Threat Response 2.3.0.0077

Release Date: 2020-03-31

Enhancements

  • Tanium Threat Response now integrates with Tanium Trends to show Threat Response charts through the Trends initial gallery (Requires Tanium Trends 2.4 or later).
  • Provides the ability to create suppression rules for parent path, ancestry command line, and ancestry path.
  • Provides new permissions to the Threat Response Service Account user role to interact with Tanium Connect, Tanium Reputation, and Tanium Trends.
  • Update Tanium Client extension to 2.2.0.1114
    • Adds a separate process for client extensions (TaniumCX or TaniumCX.exe), running under the client.
      • This will require new anti-virus exclusions. Work with your TAM to ensure these are set up properly.
      • These changes were made to make the client extensions more robust, supportable, and allow more functionality than previously possible.
      • Note: Installing this version of Tanium Client Extensions on an endpoint running Threat Response 2.2 or lower may cause issues with process exclusions. Please work with your TAM if you think this may impact you.
  • Fixes an issue where Quick Scan did not correctly process event grouping.
  • Fixes an issue where Download File actions, when initiated as a Response Action from an Alert, re-issued the "Trace - Start Session*" actions every six minutes when the endpoint is not available.
  • The Tanium Signals feed will be dividing up intel logic into more simplified signals going forward to allow for easier alert aggregation and more specific tuning via suppressions. This will apply to all signals in the feed going forwards as of this 3/31/2020 release.
  • This release upgrades to Tanium Python version 1.3.0.44 with installer version 1.3.2
  • Tanium Recorder 2.1.0.1696 included.
  • Tanium Incident Response 5.5.0.0031 included.
  • Tanium Index Index 2.5.4.1 included.

Upgrade Notes

  • Threat Response 2.3.0 will not support Windows 2008 R2 (bare). You must have at least installed Service Pack 1 (circa 2011) for Threat Response's python sensors to execute on a Win2008R2 endpoint.

Security

  • This release includes security updates. Details of the issue, including affected versions, and mitigation information, can be obtained within Tanium's Support Portal, or by contacting your TAM.

Additional Information

Product Documentation and Resources