Features

• Executable metadata such as product version, company name, etc. for in-memory processes are reported by the driver via kernel visibility. Normal functionality is to use user-space Windows API calls. This move to parsing in the kernel removing the (observed) opportunity for attackers to tamper with the process information.

• Agent authentication information is replicated elsewhere in the system to restore in the event the registry is corrupted by a malicious driver.

Enhancements

• Server connection errors are minimally logged by the agent, reducing log size on disk.

Fixes

• N/A

MD5 Hashes