• New kernel level access telemetry for network-based behaviors, to better identify possible client-side networking bugs, or opportunities to optimize

  • Outbound telemetry is now bundled and sent together, just like inbound settings

    • Transmitted with a 25% timing variance, so that every machine will not be sending packets simultaneously across a client network

  • HTTP/2 is now fully utilized end to end


  • Reduced minimum threads in use in userspace

  • Reduced CPU usage for userspace service

  • Agent-Server authentication is now performed more efficiently

  • Replaced previous service sleep <> restart algorithm when licenses were not available.

    • Previous algorithm caused a "service exited unexpectedly" in event manager every 15 minutes.

    • Allowing the Operating System to tell the service to shut off (something abused by criminals and other security tools) would have allowed a “clean” service restart without event manager logs. Instead of creating that vulnerability, Cyber Crucible’s service restarted itself without Windows involvement, causing the event log.

MD5 Hashes

service.exe = b17a2a528a4424771fdeca8559b9f56b CCRRSecMon.sys (Windows7) = c2b051b1001474419e7572fd23625d84 CCRRSecMon.sys (Windows8) = 335d355bbd492c390e67ac615c5252b0 CCRRSecMon.sys (Windows10) = 0d1fc32fba2cb878ce8cb0f549b8d167