4.4.7.1

Features

  • More telemetry for process creations and incidents

    • User SID

    • User down-level logon name

    • Whether or not the process is elevated (Run As Administrator)

  • Incidents now report where iterative data access occurred

Fixes

  • Reduced memory usage during periods of server connectivity issues and heavy telemetry occurring at once

  • Reduced memory usage during incident reporting

MD5 Hashes

service.exe = 0df0b7d76abd0978734ac961cd4cddaf CCRRSecMon.sys (Windows7) = dced5933e7b3e720a72160eb32cd83cb CCRRSecMon.sys (Windows8) = e14aa1324a9a42958cd955b9fffd4f79 CCRRSecMon.sys (Windows10) = 9d2edcf2288e7563892dac6300517102