4.4.8.0

Features

  • Kernel-mode Authenticode telemetry

    • For increased speed and reliability, certificate data for process creations and incidents will be recorded by the driver alone.

    • This update does not remove dependencies on Windows cryptography libraries, but conducts cryptographic calculations in parallel. Eventually the dependency on Windows may be entirely removed.

Fixes

  • Reduced memory usage and CPU time spent on attempted event submission when offline, during which telemetry is securely stored until the machine regains connectivity to Cyber Crucible servers.

  • Some Nvidia driver installers believed they didn’t have privilege to install due to use of an internal Microsoft kernel function to attempt to access Cyber Crucible installed files.

  • Fixed incompatibility with JWE mode and DMZ mode

MD5 Hashes

service.exe = 5189fe49a1bfade50766fce2a1980eef CCRRSecMon.sys (Windows7) = 342dd1bbe5f5dfcffe7752b74b34a9e8 CCRRSecMon.sys (Windows8) = a20c9cca59be651db7ae69f9f1f64cf2 CCRRSecMon.sys (Windows10) = a3cf6860d3f059a1ab38ee7b2d82b097