4.4.7.1
Features
More telemetry for process creations and incidents
User SID
User down-level logon name
Whether or not the process is elevated (Run As Administrator)
Incidents now report where iterative data access occurred
Fixes
Reduced memory usage during periods of server connectivity issues and heavy telemetry occurring at once
Reduced memory usage during incident reporting
MD5 Hashes
service.exe = 0df0b7d76abd0978734ac961cd4cddaf
CCRRSecMon.sys (Windows7) = dced5933e7b3e720a72160eb32cd83cb
CCRRSecMon.sys (Windows8) = e14aa1324a9a42958cd955b9fffd4f79
CCRRSecMon.sys (Windows10) = 9d2edcf2288e7563892dac6300517102