All Collections
Release Notes
Agent Release Notes
Agent Release Notes

Release notes for the Monarx Agent

Will avatar
Written by Will
Updated over a week ago

Agent 4.1.458


  • New method of communication between the agent and protect (zend / php extension)

  • Reduction of unnecessary communication with our cloud endpoints

  • New pattern for managing WAF rules

Agent 4.1.449


  • Changes to how we update locally stored filters to allow for faster time-to-remediation

  • First pass of Ubuntu 24 support (Noble Numbat)

Agent 4.1.446


  • Updating a few references to our backend API's (boring maintenance work, really)

Agent 4.1.445


  • Ability to selectively enable / disable out use of file attributes

Agent 4.1.443


  • Resolved a bug in communication between the agent and zend extension

  • Implemented a lightweight reconciliation mechanism to enable faster detection of deleted files

Agent 4.1.437


  • Resolved a number or routines that could potentially block

Agent 4.1.433


  • Fixed a bug where local filters were slow to update and general performance improvement

  • Reduced cycling of agent registration events when critical configuration updates were encountered

Agent 4.1.427


  • Removed unnecessary reads for file metadata slightly reducing IO pressure

Agent 4.1.426


  • Fixed an issue when processing regex where it includes path separator characters

Agent 4.1.425


  • Hardening in the agent when initial authentication errors occur (I.E. make the failure more clear)

  • More telemetry capturing from the zend extension for tracking malicious activity

  • Improvements to reduce remediation blindspots

Agent 4.1.420


  • Additional telemetry for tracking unlinked files / php processes via the monarx-protect zend extension

Agent 4.1.419


  • Improved handling of inbound traffic from the monarx-protect zend extension to maintain lower CPU utilization

Agent 4.1.417


  • Further tuning of malicious cron entry remediation

  • Moving more persistent files out of /var/cache/ (reducing re-registrations of agents)

  • Improved error visibility when an agent fails to register (i.e. invalid monarx-agent.conf entries)

  • Further tuning of agent support for coming zend extension release with additional attack vector telemetry and remediation capability

Agent 4.1.410


  • Initial implementation of malicious cron entry remediation

  • Further tuning in the new time-to-remediation mechanism introduced in 4.1.372

  • Agent support for coming zend extension release with additional attack vector telemetry and remediation capability

Agent 4.1.402


  • Tuning to our AuditD event ingest to improve performance and reduce our time-to-detection.

Agent 4.1.401


  • Further improvements to memory usage

  • General maintenance and dependency updates

  • Hardening around failed (or extremely long running) system calls in problematic environments

Agent 4.1.387


  • Bug fix causing memory to grow - we'll now flush things more aggressively (introduced in 4.1.380 with the malicious process termination changes)

Agent 4.1.383


  • Bugs cleaned up from previously implemented mechanism to speed up time to remediation

Agent 4.1.380


  • Initial release of new mechanism improve time to remediation for malicious process'

Agent 4.1.378


  • Optimizations to our quarantine directory cleanup process, when configured

  • Further tuning of the mechanism to increase time to remediation speed

  • Reduction of file cache impact in our higher volume scan paths

Agent 4.1.372


  • Initial release of new mechanism to improve time to remediation speed

Agent 4.1.370


  • Optimization of our global quarantine directory cleanup, when defined

  • Introduction of more accurate method of maintaining the count of users scanned

Agent 4.1.360


  • First pass of Ubuntu 23 Support (Lunar Lobster)

  • Various bug fixes involving agent configuration

  • Package maintenance / updates

Agent 4.1.346


  • Updates to our site cleanup tooling

Agent 4.1.345


  • Changes to our logging mechanism to reduce verbosity where it isn't needed (monarx-agent.log was running away in some instances)

  • Reduced traffic between monarx-agent and our zend/php extension

Agent 4.1.339


  • Removing prior changes to our global exclusions

Agent 4.1.338


  • Debian 12 / Bookworm support

  • Bug fix causing a race condition in our global exclusions

  • Bug fix closing an open file handle on a rotated log file

Agent 4.1.328


  • Reduction in redundant reporting of malicious process activity

Agent 4.1.327


  • Improvements to our error handling and reporting

Agent 4.1.326


  • Refining our user count collection for billing metrics

Agent 4.1.318


  • Optimization around agent / cloud communication

Agent 4.1.317


  • Bug fix in out configuration parsing logic to better handle empty keys

  • Further refinement of local agent filtering logic

Agent 4.1.314


  • Started signing our RPM packages with GPG keys (it's about time)

  • Bug fix causing partial file uploads following a file deposited via php engine

Agent 4.1.306


  • Introducing support for Debian 11 (install details here)

  • Bug fix in adaptive throttling logic in heavily resource constrained environments

  • General maintenance (i.e. dependency / package update)

Agent 4.1.302


  • Bug fix in adaptive throttling improvements introduced in 4.1.301

Agent 4.1.301


  • Improved handling of persistent malware

  • Adaptive throttling improvements (faster reaction to system load)

Agent 4.1.294


  • Optimizations in agent scan to reduce CPU pressure

Agent 4.1.277


  • Introduces adaptive scan throttling based on system load

  • Minor optimization reducing bytes read during delta scans

  • Pruning of unneeded health check listeners (fewer useless CPU cycles)

Agent 4.1.266


  • Improvements on handling unexpected moanrx-agent process killing more gracefully

  • Updated handling of local agent settings

  • Better handled edge cases in file cleaning workkflows / file replacement

Agent 4.1.261


  • Optimized filtering functionality introduced in the prior build for more granular control.

Agent 4.1.260


  • Further enhancement to our process monitoring features introduced in the prior release (beginning to sound like a broken record)

  • Introducing additional filtering for to reduce noise / faster remediation turnaround.

Agent 4.1.245


  • Further enhancement to our process monitoring features introduced in the prior release.

  • Initial support for Debian 10 (Buster)

Agent 4.1.241


  • Improved process profiling enabling future performance enhancement

  • Reduced overhead of our debug info reporting (i.e. not pulling up unnecessary junk)

  • Enhancements to our process monitoring functionality for in-memory malware

  • Initial support for AlmaLinux 9 / Rocky Linux 9

Agent 4.1.231


  • Improved handling of error conditions encountered when authenticating with our cloud services

  • Improved handling of unexpected scan base / user base configuration

  • Reduction in unnecessarily noisy scan status updates being reported (less work for the agent and our cloud πŸŽ‰)

Agent 4.1.228


  • More graceful flushing of buffers during agent shutdown / restart

  • Expanded visibility into malicious process monitoring functions, shipping additional telemetry to our cloud for analysis

Agent 4.1.226


  • RPM install changes to install scripts enabling monarx-agent to survive server reboot

  • Improvements in handling horizontally scaled containerized environments

  • Optimizations for auditd environments, reducing redundant reporting to our agent

  • Performance improvements to our file collator mechanism

  • General housekeeping / dependency updates

Agent 4.1.206


  • Initial implementation of iptables support

  • Enhanced integrity checks reducing the amount un unnecessary sha256 calculations

Agent 4.1.202


  • Agent scan optimization for environments supporting extended attributes, reducing unnecessary trips to disk

  • Auditd file discovery events to include backtrace info when available from the monarx-protect extension

  • Reducing unnecessarily verbose backtrace messages to 1st, 2nd, last items only

  • Fixed a bug where processing file state would trigger and unhandled error

  • Fixed a bug causing the agent to exit without grace following a service stop request

  • Fixed a bug causing the agent to respond with success:false when everything worked just fine.

Agent 4.1.179


  • Agent support for improved php process monitoring (collecting data from our protect extension to help inform remediation)

  • General maintenance of our cloud <> agent authentication

Agent 4.1.175


  • Resolved a bug causing files to remain "Active" in our UI, despite no longer being on disk.

  • Improved handling of cross-volume file operations

  • Additional scan throttling control for environments with limited disk IO and a variety of tuning to reduce disk pressure

  • Various bug fixes for environments supporting extended attributes

Agent 4.1.152


  • Remediation capability for short lived / frequently regenerating files

  • File cleaning optimization - resolved an edge case causing repeat clean requests being sent to our agent

Agent 4.1.149


  • Bug fix for scanning in environments without extended attribute support (better error handling, really)

Agent 4.1.146


  • Scan improvements to better handle agent restarts

  • Improved visibility into long running php process'

Agent 4.1.134


  • Resolved a bug causing failed heartbeat messages (causing agents to report as offline)

  • Delta scan optimizations when evaluating if a file has changed since we last saw it

Agent 4.1.131


  • Reduce open file handles during debug message creation

  • Closed a number of blindspots in scans when running in lesser-resourced env's

Agent 4.1.110


  • Only save quarantined files locally when a or quarantine.user value is set in configuration

  • Run systemd daemon reload on deb package installation

  • Performance improvements in environments running auditd

  • Improved error handling when unable to communicate with the protect module

Agent 4.1.40


  • Optimized agent message batching (less latency on our cloud understanding things)

  • Bug fix effecting WHM and Cpanel plugin authentication

  • Optimized file read / write for environments supporting extended attributes

Agent 4.1.25


  • Initial implementation of auditd event consumption, reducing the frequency of delta scans where configured.

Agent 4.0.431


  • Optimizations in the cloud command consumption, increasing remediation speed.

  • Reduced impact on disk utilization with further tuning of fadvise use.

Agent 4.0.383


  • Revised error handling / log message copy when encountering failed agent authorization

  • Resolved agent panic due to global maps

Agent 4.0.373


  • Optimized the use of regex scan bases in quarantine mode

  • Improved error handling in a number of edge cases resulting in agent restarts

Agent 4.0.366


  • Optimized activation count efficiency

  • Scan optimizations including:

    • Tracking last scan end time across service restart to reduce unneeded delta scans

    • Removal of SHA256 calculation on unmodified files already hashed

Agent 4.0.364


  • Optimized fast moving cache file scanning processes

  • Closed gaps with unhandled error cases in the communication with our protect php extension

Agent 4.0.289


  • Handling scanning of problematic binary files with magic byte mismatch

  • Prevent scheduled scans from interfering with already running cloud initiated scans

Agent 4.0.286


  • Introduced additional safeguards preventing a manually initiated scan from interfering with a running delta scan.

Agent 4.0.283


  • Streamlined resource handling along all 3 axis: ram, disk and the network.

  • Removed an instance of unnecessary heap utilization which was causing garbage collection to kick off more than it should

  • Improved support for the cpanel plugin integration

  • Optimization for environments with mixed extended attribute support

  • Removed edge case allowing for duplicate concurrent scans causing disk IO pressure

Agent 4.0.274


  • systemd launch agent as a nice'd process

  • Detect and flush memory/resources of completed tasks

  • Improved statistic visibility in agent heartbeats

Agent 4.0.266


  • Updates to rpm / deb install scripts to remove unused OOM policies and PID files

  • Altered deposit upload workflow to reduce traffic leaving the agent

  • Additional visibility into scan start and end

  • Prevent ability to run multiple agent processes on a single instance, causing high load

Agent 4.0.249


  • Resolved bug causing causing the agent to cycle during high deposit or activation activity

  • Additional safeguards to file replace workflow

Agent 4.0.242


  • Resolved bug causing intermittent failure to report malicious file activations

  • Resolved bug causing debug reports to fail

Agent 4.0.239


  • Resolved bug causing intermittent failure to report malicious file activations

  • Resolved but causing debug reports to fail

Agent 4.0.238


  • Additional handling of potential panics and more verbose logging visibility

Agent 4.0.235


  • Tuning of our ingest filter for magic byte / file type mis-match

  • Resolved intermittent issue with sparse data being returned from the monarx-protect php module

Agent 4.0.231


  • Handle file paths with non-utf8 characters

  • Additional visibility into signals sent to the agent

  • Revisions to Cent + Cloudlinux RPM install scripts

Agent 4.0.226


  • Updated our ingest filter for .jpg / .jpeg file extensions with non-matching content.

Agent 4.0.225


  • Include monarx-sample-upload script in the monarx-agent package, written to /usr/bin. Usage here.

Agent 4.0.224


  • Tightened our file deposit filter to exclude events that were in no way deposits

  • Better handling of non-utf8 characters found in paths and file names

Agent 4.0.221 (limited release)


  • Resolved udp connection health check failure causing agents to shut down when they shouldn't

  • Resolved issue resulting in sparse file attributes being written on deposits

Agent 4.0.218 (limited release)


  • Removing oom configuration from Centos 6 variants... for good this time

  • Increased visibility into quarantine error cases

  • Resolved edge case resulting in no file owners being reported

  • Excluded deposits that weren't actually deposits, causing useless load / noise

Agent 4.0.206 (limited release)


  • Removing oom configuration from Centos 6 variants... for good this time

Agent 4.0.204 (limited release)


  • Initial agent support for per user remediation

  • Removal of "watchist" for maintaining local file state

  • Multiple bug fixes / streamlining (really, deleted a bunch of code)

Agent 3.5.90


  • Removing oom configuration from Centos 6 install scripts

Agent 3.5.89


  • Additional visibility into edge case quarantine error failures.

Agent 3.5.86


  • Removing any remaining possibility of enabling experimental mail function tracking.

Agent 3.5.85


  • Stricter enforcement of sha validation during quarantine restore

Agent 3.5.84


  • Resolved bug with file and directory permissions in per-user quarantine directory configurations

Agent 3.5.72


  • Resolved intermittent connection bug on CentOS6 and Cloudlinux 6

Agent 3.5.71


  • Protocol update in preparation for watchlist depreciation

Agent 3.5.66


  • Resolved bug causing too many open file handles with "suspicious" files

Agent 3.5.64


  • Resolved bug causing the agent to get stuck on certain files during a scan

Agent 3.5.36


  • Agent changes in support of protect version 4.2.56

Agent 3.5.34


  • Bug fix for intermittent cloud/agent communication errors on ubuntu variants

Agent 3.5.33


  • Agent support for spam filtering enablement

  • Including file owner context (currently missing in some cases)

  • Increased agent logging statements for local state synchronization

Agent 3.5.28


  • Resolved leaking file handle on file downloads

  • Revised our interaction with curl (surfaced form increased visibility with last build)

  • Increased error context on http errors forwarded to our cloud

Agent 3.5.27


  • Implemented a mechanism to flush agent queue directories at agent startup

  • Hardening to out agent communication protocol, resolving intermittent reconnection issues

  • Hardening out interactions with curl and increasing error visibility

Agent 3.5.25


  • Resolved bug causing deposits to be intermittently dropped due to a data integrity issue

  • Resolved bug causing file uploads to fail intermittently due to too many file handles open

Agent 3.5.23


  • File remediation hardening - capturing additional additional context in error cases so we can resolve accordingly

  • Improved identification and handling of frequently mutating files

  • Fixed a bug causing "unique" agent fingerprints to be... not unique

  • Agent support to manage additional function tracking coming from the protect module, including metrics around php mailer.

Did this answer your question?