Reports for incidents and telemetry are stored on disk for offline scenarios.
Due to tampering attempts observed against multiple EDR/XDR logging stores, Cyber Crucible enabled kernel-level protection against the disk-stored data before deploying this capability.
Increased protection of the service process used for backend communication and updates, as part of look-ahead zero-trust hardening.
This was not in response to an existing threat, but proactive for one the Team sees upcoming.
Fixed processes that load at boot not being available in the dashboard under process creations.
Prevented two installers from running at the same time, which would use register the same machine twice.
service.exe = 116dab615aab07d804667b13ecfe821a
CCRRSecMon.sys (Windows7) = db358b3d6e784d11827ff899722e3070
CCRRSecMon.sys (Windows8) = a95dd87d2ea9944e8643de787f11d71c
CCRRSecMon.sys (Windows10) = 6eb017a5cb3a9dd45bc065b466fb4789