IMPORTANT: This site is planned to be decommissioned in 2026. Visit the Tanium Resource Center for all Tanium release notes, user guides, and support information. To view release notes in the Resource Center, see Tanium Release Notes.
IMPORTANT: If you are using semi-annual releases for on premises, see the Release notes for 2024H1 semiannual release, Release notes for 2024H2 semiannual release, or Release notes for 2025H1 semiannual release on the Tanium Resource Center.
Effective October 15, 2024: On prem release notes on the Tanium Knowledge Base are frozen. For release notes related to 7.4 or 7.5 Server and Solutions, see the Monthly updates for Tanium Version 7.4 and 7.5 Server and Solutions on the Tanium Resource Center.
Release Notes Trace (Version 2.0.8)
Thank you for choosing Tanium. This document is intended to document changes between releases of Tanium Trace.
Tanium Trace 2.0.8.43
Release Date: August 15, 2017
Enhancements
- Adds directory creation events (as CreateNewFile) to Linux event recorder
- Moves the service configuration / files to a separate directory to decrease upgrade times and reduce chances of upgrade time out failures in future releases
- Adds a default filter for the LanguageList registry value to the event filters for new installations
- Adds a check for free disk space on the endpoint before performing snapshots
- Adds meta-data about the timestamp format to the Linux event databases to be consistent with Windows databases
- Adds the new upgrade logs to the Trace must-gather package
- Improves the Live connections view to order the most recently active connections to the top
- Improves the Endpoint Certificate help text to describe the required format
Resolved Issues
- Fixes the Distribute Tanium Trace Tools package to enforce the configured Sysmon version
- Fixes an issue in the Windows event recorder, where DeletePath events were recorded on some newer Windows operating systems when they were configured to be filtered
- Fixes an issue in the Windows event recorder, where it would crash under some circumstances
- Fixes an issue in the Windows event recorder, where incorrect processes were assigned to events
- Fixes an issue in the Linux event recorder where Network event filters were not being applied
- Fixes an issue in the Linux event recorder where duplicate process events were recorded in rare circumstances
- Fixes an issue in the Linux event recorder where events from Tanium processes were being recorded even when they were configured to be ignored
- Fixes an issue on Linux endpoints where the default audit queue depth was not being increased as expected
- Fixes an issue where database maximum sizes for custom configuration groups where not being applied to Linux endpoints
- Fixes an issue where some audit rules on Linux endpoints were left behind when Trace was uninstalled
- Fixes an issue where the uploaded Sysmon.zip was reset when reinstalling the same Trace version
- Fixes an issue in the Trace Registry sensor, where it returned no results when the endpoint was using the old timestamp format
- Fixes an issue in the Trace process event history where it was not showing an EndProcess event
- Fixes an issue in the Trace workbench where the Time range selection for the search did not display correctly on Firefox
- Fixes an issue where a certificate error was erroneously reported on Snapshot uploads
- Fixes an issue where an "Undefined" string was displayed in an error message when installing a new endpoint certificate
- Fixes an issue where Exports could not be viewed by non-Administrator users
- Fixes an issue in the Windows Audit Policy Sensor where it did not report all results
- Fixes an issue where the Enterprise Hunting workbench was displayed on Tanium Server 6.5 installations, even though it is not supported on that server version
- Fixes an issue where the API documentation was not displaying correctly
Additional Information
Now that the Sysmon version is being tracked by the Tanium Trace Status Sensor, the Sysmon version will be enforced on all Trace endpoints automatically by a Scheduled Action. On initial upgrade, there may be some endpoints in the Trace configuration that do not have the configured version of Sysmon. The Trace scheduled actions will start automatically upgrading these endpoints to the correct version of Sysmon at the time that this version of Trace is installed.
Tanium Trace 2.0.8.45
Release Date: September 12, 2017
Enhancements
- Adds support for Sysmon 6.10