Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Reports for incidents and telemetry are stored and protected on disk for offline scenarios.

    • Due to tampering attempts observed against multiple EDR/XDR logging stores, Cyber Crucible enabled kernel-level protection against the disk-stored data before deploying this capability.

  • Increased protection of the service process used for backend communication and updates, as part of look-ahead zero-trust hardening.

    • This was not in response to an existing threat, but proactive for one the Team sees upcoming.

Fixes

  • Fixed processes that load at boot not being available in the dashboard under process creations.

  • Prevented two installers from running at the same time, which if time quick enough would use register the same machine twice.

MD5 Hashes

Code Block
Not yet available.service.exe                      = 116dab615aab07d804667b13ecfe821a
CCRRSecMon.sys (Windows7)        = db358b3d6e784d11827ff899722e3070
CCRRSecMon.sys (Windows8)        = a95dd87d2ea9944e8643de787f11d71c
CCRRSecMon.sys (Windows10)       = 6eb017a5cb3a9dd45bc065b466fb4789