All Collections
Release Notes
Agent Release Notes
Agent Release Notes

Release notes for the Monarx Agent

Will avatar
Written by Will
Updated yesterday

Agent 4.1.383

Changes

  • Bugs cleaned up from previously implemented mechanism to speed up time to remediation


Agent 4.1.380

Changes

  • Initial release of new mechanism improve time to remediation for malicious process'


Agent 4.1.378

Changes

  • Optimizations to our quarantine directory cleanup process, when configured

  • Further tuning of the mechanism to increase time to remediation speed

  • Reduction of file cache impact in our higher volume scan paths


Agent 4.1.372

Changes

  • Initial release of new mechanism to improve time to remediation speed
    โ€‹


Agent 4.1.370

Changes

  • Optimization of our global quarantine directory cleanup, when defined

  • Introduction of more accurate method of maintaining the count of users scanned


Agent 4.1.360

Changes

  • First pass of Ubuntu 23 Support (Lunar Lobster)

  • Various bug fixes involving agent configuration

  • Package maintenance / updates


Agent 4.1.346

Changes

  • Updates to our site cleanup tooling


Agent 4.1.345

Changes

  • Changes to our logging mechanism to reduce verbosity where it isn't needed (monarx-agent.log was running away in some instances)

  • Reduced traffic between monarx-agent and our zend/php extension


Agent 4.1.339

Changes

  • Removing prior changes to our global exclusions


Agent 4.1.338

Changes

  • Debian 12 / Bookworm support

  • Bug fix causing a race condition in our global exclusions

  • Bug fix closing an open file handle on a rotated log file


Agent 4.1.328

Changes

  • Reduction in redundant reporting of malicious process activity


Agent 4.1.327

Changes

  • Improvements to our error handling and reporting


Agent 4.1.326

Changes

  • Refining our user count collection for billing metrics


Agent 4.1.318

Changes

  • Optimization around agent / cloud communication


Agent 4.1.317

Changes

  • Bug fix in out configuration parsing logic to better handle empty keys

  • Further refinement of local agent filtering logic


Agent 4.1.314

Changes

  • Started signing our RPM packages with GPG keys (it's about time)

  • Bug fix causing partial file uploads following a file deposited via php engine


Agent 4.1.306

Changes

  • Introducing support for Debian 11 (install details here)

  • Bug fix in adaptive throttling logic in heavily resource constrained environments

  • General maintenance (i.e. dependency / package update)


Agent 4.1.302

Changes

  • Bug fix in adaptive throttling improvements introduced in 4.1.301


Agent 4.1.301

Changes

  • Improved handling of persistent malware

  • Adaptive throttling improvements (faster reaction to system load)


Agent 4.1.294

Changes

  • Optimizations in agent scan to reduce CPU pressure


Agent 4.1.277

Changes

  • Introduces adaptive scan throttling based on system load

  • Minor optimization reducing bytes read during delta scans

  • Pruning of unneeded health check listeners (fewer useless CPU cycles)


Agent 4.1.266

Changes

  • Improvements on handling unexpected moanrx-agent process killing more gracefully

  • Updated handling of local agent settings

  • Better handled edge cases in file cleaning workkflows / file replacement


Agent 4.1.261

Changes

  • Optimized filtering functionality introduced in the prior build for more granular control.


Agent 4.1.260

Changes

  • Further enhancement to our process monitoring features introduced in the prior release (beginning to sound like a broken record)

  • Introducing additional filtering for to reduce noise / faster remediation turnaround.


Agent 4.1.245

Changes

  • Further enhancement to our process monitoring features introduced in the prior release.

  • Initial support for Debian 10 (Buster)


Agent 4.1.241

Changes

  • Improved process profiling enabling future performance enhancement

  • Reduced overhead of our debug info reporting (i.e. not pulling up unnecessary junk)

  • Enhancements to our process monitoring functionality for in-memory malware

  • Initial support for AlmaLinux 9 / Rocky Linux 9


Agent 4.1.231

Changes

  • Improved handling of error conditions encountered when authenticating with our cloud services

  • Improved handling of unexpected scan base / user base configuration

  • Reduction in unnecessarily noisy scan status updates being reported (less work for the agent and our cloud ๐ŸŽ‰)


Agent 4.1.228

Changes

  • More graceful flushing of buffers during agent shutdown / restart

  • Expanded visibility into malicious process monitoring functions, shipping additional telemetry to our cloud for analysis


Agent 4.1.226

Changes

  • RPM install changes to install scripts enabling monarx-agent to survive server reboot

  • Improvements in handling horizontally scaled containerized environments

  • Optimizations for auditd environments, reducing redundant reporting to our agent

  • Performance improvements to our file collator mechanism

  • General housekeeping / dependency updates


Agent 4.1.206

Changes

  • Initial implementation of iptables support

  • Enhanced integrity checks reducing the amount un unnecessary sha256 calculations


Agent 4.1.202

Changes

  • Agent scan optimization for environments supporting extended attributes, reducing unnecessary trips to disk

  • Auditd file discovery events to include backtrace info when available from the monarx-protect extension

  • Reducing unnecessarily verbose backtrace messages to 1st, 2nd, last items only

  • Fixed a bug where processing file state would trigger and unhandled error

  • Fixed a bug causing the agent to exit without grace following a service stop request

  • Fixed a bug causing the agent to respond with success:false when everything worked just fine.


Agent 4.1.179

Changes

  • Agent support for improved php process monitoring (collecting data from our protect extension to help inform remediation)

  • General maintenance of our cloud <> agent authentication


Agent 4.1.175

Changes

  • Resolved a bug causing files to remain "Active" in our UI, despite no longer being on disk.

  • Improved handling of cross-volume file operations

  • Additional scan throttling control for environments with limited disk IO and a variety of tuning to reduce disk pressure

  • Various bug fixes for environments supporting extended attributes


Agent 4.1.152

Changes

  • Remediation capability for short lived / frequently regenerating files

  • File cleaning optimization - resolved an edge case causing repeat clean requests being sent to our agent


Agent 4.1.149

Changes

  • Bug fix for scanning in environments without extended attribute support (better error handling, really)


Agent 4.1.146

Changes

  • Scan improvements to better handle agent restarts

  • Improved visibility into long running php process'


Agent 4.1.134

Changes

  • Resolved a bug causing failed heartbeat messages (causing agents to report as offline)

  • Delta scan optimizations when evaluating if a file has changed since we last saw it


Agent 4.1.131

Changes

  • Reduce open file handles during debug message creation

  • Closed a number of blindspots in scans when running in lesser-resourced env's


Agent 4.1.110

Changes

  • Only save quarantined files locally when a quarantine.global or quarantine.user value is set in configuration

  • Run systemd daemon reload on deb package installation

  • Performance improvements in environments running auditd

  • Improved error handling when unable to communicate with the protect module


Agent 4.1.40

Changes

  • Optimized agent message batching (less latency on our cloud understanding things)

  • Bug fix effecting WHM and Cpanel plugin authentication

  • Optimized file read / write for environments supporting extended attributes


Agent 4.1.25

Changes

  • Initial implementation of auditd event consumption, reducing the frequency of delta scans where configured.


Agent 4.0.431

Changes

  • Optimizations in the cloud command consumption, increasing remediation speed.

  • Reduced impact on disk utilization with further tuning of fadvise use.
    โ€‹


Agent 4.0.383

Changes

  • Revised error handling / log message copy when encountering failed agent authorization

  • Resolved agent panic due to global maps


Agent 4.0.373

Changes

  • Optimized the use of regex scan bases in quarantine mode

  • Improved error handling in a number of edge cases resulting in agent restarts


Agent 4.0.366

Changes

  • Optimized activation count efficiency

  • Scan optimizations including:

    • Tracking last scan end time across service restart to reduce unneeded delta scans

    • Removal of SHA256 calculation on unmodified files already hashed


Agent 4.0.364

Changes

  • Optimized fast moving cache file scanning processes

  • Closed gaps with unhandled error cases in the communication with our protect php extension


Agent 4.0.289

Changes

  • Handling scanning of problematic binary files with magic byte mismatch

  • Prevent scheduled scans from interfering with already running cloud initiated scans


Agent 4.0.286

Changes

  • Introduced additional safeguards preventing a manually initiated scan from interfering with a running delta scan.


Agent 4.0.283

Changes

  • Streamlined resource handling along all 3 axis: ram, disk and the network.

  • Removed an instance of unnecessary heap utilization which was causing garbage collection to kick off more than it should

  • Improved support for the cpanel plugin integration

  • Optimization for environments with mixed extended attribute support

  • Removed edge case allowing for duplicate concurrent scans causing disk IO pressure


Agent 4.0.274

Changes

  • systemd launch agent as a nice'd process

  • Detect and flush memory/resources of completed tasks

  • Improved statistic visibility in agent heartbeats


Agent 4.0.266

Changes

  • Updates to rpm / deb install scripts to remove unused OOM policies and PID files

  • Altered deposit upload workflow to reduce traffic leaving the agent

  • Additional visibility into scan start and end

  • Prevent ability to run multiple agent processes on a single instance, causing high load


Agent 4.0.249

Changes

  • Resolved bug causing causing the agent to cycle during high deposit or activation activity

  • Additional safeguards to file replace workflow


Agent 4.0.242

Changes

  • Resolved bug causing intermittent failure to report malicious file activations

  • Resolved bug causing debug reports to fail


Agent 4.0.239

Changes

  • Resolved bug causing intermittent failure to report malicious file activations

  • Resolved but causing debug reports to fail


Agent 4.0.238

Changes

  • Additional handling of potential panics and more verbose logging visibility


Agent 4.0.235

Changes

  • Tuning of our ingest filter for magic byte / file type mis-match

  • Resolved intermittent issue with sparse data being returned from the monarx-protect php module


Agent 4.0.231

Changes

  • Handle file paths with non-utf8 characters

  • Additional visibility into signals sent to the agent

  • Revisions to Cent + Cloudlinux RPM install scripts


Agent 4.0.226

Changes

  • Updated our ingest filter for .jpg / .jpeg file extensions with non-matching content.


Agent 4.0.225

Changes

  • Include monarx-sample-upload script in the monarx-agent package, written to /usr/bin. Usage here.


Agent 4.0.224

Changes

  • Tightened our file deposit filter to exclude events that were in no way deposits

  • Better handling of non-utf8 characters found in paths and file names


Agent 4.0.221 (limited release)

Changes

  • Resolved udp connection health check failure causing agents to shut down when they shouldn't

  • Resolved issue resulting in sparse file attributes being written on deposits


Agent 4.0.218 (limited release)

Changes

  • Removing oom configuration from Centos 6 variants... for good this time

  • Increased visibility into quarantine error cases

  • Resolved edge case resulting in no file owners being reported

  • Excluded deposits that weren't actually deposits, causing useless load / noise


Agent 4.0.206 (limited release)

Changes

  • Removing oom configuration from Centos 6 variants... for good this time


Agent 4.0.204 (limited release)

Changes

  • Initial agent support for per user remediation

  • Removal of "watchist" for maintaining local file state

  • Multiple bug fixes / streamlining (really, deleted a bunch of code)


Agent 3.5.90

Changes

  • Removing oom configuration from Centos 6 install scripts


Agent 3.5.89

Changes

  • Additional visibility into edge case quarantine error failures.


Agent 3.5.86

Changes

  • Removing any remaining possibility of enabling experimental mail function tracking.


Agent 3.5.85

Changes

  • Stricter enforcement of sha validation during quarantine restore


Agent 3.5.84

Changes

  • Resolved bug with file and directory permissions in per-user quarantine directory configurations


Agent 3.5.72

Changes

  • Resolved intermittent connection bug on CentOS6 and Cloudlinux 6


Agent 3.5.71

Changes

  • Protocol update in preparation for watchlist depreciation


Agent 3.5.66

Changes

  • Resolved bug causing too many open file handles with "suspicious" files


Agent 3.5.64

Changes

  • Resolved bug causing the agent to get stuck on certain files during a scan


Agent 3.5.36

Changes

  • Agent changes in support of protect version 4.2.56


Agent 3.5.34

Changes

  • Bug fix for intermittent cloud/agent communication errors on ubuntu variants


Agent 3.5.33

Changes

  • Agent support for spam filtering enablement

  • Including file owner context (currently missing in some cases)

  • Increased agent logging statements for local state synchronization


Agent 3.5.28

Changes

  • Resolved leaking file handle on file downloads

  • Revised our interaction with curl (surfaced form increased visibility with last build)

  • Increased error context on http errors forwarded to our cloud


Agent 3.5.27

Changes

  • Implemented a mechanism to flush agent queue directories at agent startup

  • Hardening to out agent communication protocol, resolving intermittent reconnection issues

  • Hardening out interactions with curl and increasing error visibility


Agent 3.5.25

Changes

  • Resolved bug causing deposits to be intermittently dropped due to a data integrity issue

  • Resolved bug causing file uploads to fail intermittently due to too many file handles open


Agent 3.5.23

Changes

  • File remediation hardening - capturing additional additional context in error cases so we can resolve accordingly

  • Improved identification and handling of frequently mutating files

  • Fixed a bug causing "unique" agent fingerprints to be... not unique

  • Agent support to manage additional function tracking coming from the protect module, including metrics around php mailer.

Did this answer your question?