4.4.5.2
Features
New kernel level access telemetry for network-based behaviors, to better identify possible client-side networking bugs, or opportunities to optimize
Outbound telemetry is now bundled and sent together, just like inbound settings
Transmitted with a 25% timing variance, so that every machine will not be sending packets simultaneously across a client network
HTTP/2 is now fully utilized end to end
Fixes
Reduced minimum threads in use in userspace
Reduced CPU usage for userspace service
Agent-Server authentication is now performed more efficiently
Replaced previous service sleep <> restart algorithm when licenses were not available.
Previous algorithm caused a "service exited unexpectedly" in event manager every 15 minutes.
Allowing the Operating System to tell the service to shut off (something abused by criminals and other security tools) would have allowed a “clean” service restart without event manager logs. Instead of creating that vulnerability, Cyber Crucible’s service restarted itself without Windows involvement, causing the event log.
MD5 Hashes
service.exe = b17a2a528a4424771fdeca8559b9f56b
CCRRSecMon.sys (Windows7) = c2b051b1001474419e7572fd23625d84
CCRRSecMon.sys (Windows8) = 335d355bbd492c390e67ac615c5252b0
CCRRSecMon.sys (Windows10) = 0d1fc32fba2cb878ce8cb0f549b8d167