Skip to main content

Huntress Agent Version Release Notes

Melissa
  • Updated

Team: Huntress EDR
Environment: Agent Updates
Summary: Huntress agent version history including operating system end of support notes. 

 

Table of Contents

Recent Version:

0.13.58

Supported Previous Versions:

0.13.52    0.13.46

Outdated Agent Versions:

0.13.40    0.13.38    0.13.36    0.13.34    0.13.32     0.13.30     0.13.24    0.13.18

0.13.16    0.13.12    0.13.10    0.13.8      0.13.4       0.12.50     0.12.48    0.12.46   

0.12.44    0.12.42    0.12.40    0.12.38    0.12.36    0.12.34    0.12.30    0.12.28    0.12.26

 

Recent Agent Version

Current Version: 0.13.58

Rollout Start Date: September 7, 2023

Features:

  • The Windows Huntress Agent now has support for end user notifications when the host is isolated. On isolation, a browser will pop up informing the user their system has been isolated due to an ongoing security investigation and to please contact the system administrator as soon as possible. This feature will be rolled out slowly in our partner base while we evaluate effectiveness and incorporate feedback received. 

Bug Fixes:

  • Un-parseable firewall rules on a host from a 3rd party firewall product no longer prevent de-isolation of hosts that were isolated.

  • The Huntress agent now attempts to fall back to a different data source when it is unable to pull back Microsoft Defender status information via normal means.

  • Rebooting a host just before approving a remediation plan where a reboot action is required will no longer result in marking a reboot as successful prior to the rest of the remediations being run.

 

____________________________________________________________________

Supported Previous Agent Versions

As Huntress Agent updates roll out over time, agent versions that are no more than 2 versions back are still considered supported and should update automatically on their own to the most recent release given the host is online and the agent is able to check in to the Huntress portal. Agent reinstall is generally not necessary in these instances. 

 

Version: 0.13.52

Rollout Start Date: June 12, 2023

Features:

  • The Windows agent now is able to report and manage additional Defender settings

Bug Fixes:

  • Resolved an issue where the Huntress agent would not always wait long enough for the Huntmon driver to stop when upgrading the EDR agent on the host

 

Version: 0.13.46

Rollout Start Date: April 6, 2023

Features:

  • The Huntress Agent can now be installed on ARM64 Windows hosts without emulation enabled
    • Standard ARM hosts will still need to use 32-bit emulation (ex: Windows 7 Embedded)

  • Improved handling of Managed Antivirus quick scans

 

___________________________________________________________________

Outdated Agent Versions

Hosts on these versions are likely not updating properly on their own. Investigate the host to confirm it is online and reaching out to the Huntress portal. Agent reinstall may be required to update the agent version. 

Hosts running legacy operating systems may not be able to update to the latest releases and these are the final updates available. If the host is able to support a newer agent version, then these versions are considered unsupported for that host.

 

Version: 0.13.40

Rollout Start Date: February 14, 2023

Features:

  • Stability and performance improvements focused around the macOS Agent and Windows remediation tasks

Bug Fixes:

  • Minor release 0.13.42 may have been installed in place of 13.40 on some hosts.

 

Version: 0.13.38

Note: this is the last supported version for macOS Catalina previously installed agents. This is a deprecated agent version for all other supported operating systems. New installs on macOS Catalina will fail and are not supported. 

Rollout Start Date: January 9, 2023

Features:

  • Updated the service recovery features in the Huntress Agent service to improve the overall resiliency of the agent
  • Implemented additional security and stability fixes to increase agent performance

  • macOS Catalina (10.15) has reached End of Life and is no longer supported for Huntress Agent updates or new agent installs. 

 

Version: 0.13.36

Rollout Start Date: January 3, 2023

Features:

  • Improved overall error handling for the agent and made it easier for Huntress to identify agents that are operating outside expected parameters

 

Version: 0.13.34

Rollout Start Date: December 7, 2022

Features:

  • Improved overall error handling for the agent and made it easier for Huntress to identify agents that are operating outside expected parameters

 

Version: 0.13.32

Rollout Start Date: November 22, 2022

Features:

  • Improved overall error handling for the agent and made it easier for Huntress to identify agents that are operating outside expected parameters

 

Version: 0.13.30

Rollout Start Date: October 26, 2022

Features:

  • Implemented overall agent optimizations to improve performance and correct minor issues

 

Version: 0.13.24

Rollout Start Date: October 5, 2022

Features:

  • Created a GUI experience for the manual macOS agent installation flow

  • Updated the Windows agent and updater to utilize service recovery options to further reduce the risk an agent could get stuck in an unresponsive state

 

Version: 0.13.18

Rollout Start Date: July 28, 2022

Bug Fixes:

  • The Huntress Agent now correctly reports the status of the Windows Defender Network File Scanning policy

    • The value is now retrieved directly from the Windows Registry as the underlying WMI call that was previously used no longer reports the correct value

 

Version: 0.13.16

Rollout Start Date: July 11, 2022

Features:

  • Incident Reports now support Assisted Remediations for malicious Launch Items on hosts running the macOS Beta agent

Bug Fixes:

  • The Huntress Agent and Huntress Updater services are now Autostart (delayed) to allow all core host services to run before attempting to start, helping to avoid Huntress service timeout

    • Background: Huntress identified systems, primarily Windows Server 2012 R2, that can take longer to start core system services on startup. Since the Huntress Agent and Updater depend on core system services, this could cause Huntress services to fail to start on certain systems after a reboot

 

Version: 0.13.12

Rollout Start Date: June 3, 2022

Features:

  • The Huntress agent can now isolate DNS servers without causing other hosts in the network to lose connectivity

  • The macOS agent can now be used to remediate files or directories on a host.

 

Version: 0.13.10

Rollout Start Date: April 28, 2022

Note: If you are actively blocking domains at the egress firewall, please ensure you have the appropriate domains allow listed to allow the Huntress Agent and related services to communicate. 

Features:

  • The Huntress agent now supports Virtual Desktop Infrastructure (VDIs) so that duplicate host entries will not be created for each new VDI instance

    • When the Huntress agent is installed on a base VDI image, provided only one instance is running at a time of the VDI, it should maintain the same agent ID for each instance spun up off the base image.

    • For accounts using VDI where there are multiple agent entries for the same hostname, the duplicate entries will still need to be manually removed, but future duplicate entries should not be created provided the Huntress agent installed on the VDI base is 0.13.10+.

    • Please see our detailed support document for more information if you are using VDIs, DeepFreeze, or UWF in your environment.

  • The Huntress agent can now support Kill Process actions

    • This allows Huntress ThreatOps analysts to manually create tasks on the agent that can kill running malicious processes.

    • In the future, this capability will be available as an Assisted Remediation as part of incident reports that include malicious processes.

 

Version: 0.13.8

Rollout Start Date: March 31, 2022

Note: this version includes a new signing certificate as the old one expired. All agents are fully signed, but antivirus products may incorrectly quarantine our new agent. Ensure all allow lists for third party security software are in place 

Features:

  • Optimized the upload of information from the agent to our Huntress Portal so that we can scale to support more customers

  • Improved the agent upgrade process to increase overall reliability of the upgrade

 

Version: 0.13.4

Rollout Start Date: February 23, 2022

Features:

  • The agent now falls back to a different form of Host Isolation (using Windows Filtering Platform APIs) if the initial GPO isolation attempt fails

    • Previously, if a domain-joined host could not communicate with the domain controller, it could result in Host Isolation task failures. Now, if isolation fails, an alternative method of Host Isolation will be used

 

Version: 0.12.50

Rollout Start Date: February 11, 2022

Note: This is the last supported version for Windows Vista and older and Windows Server 2008 and older. Newer versions will only support Windows 7 and newer and Windows Server 2008 R2 and newer. 

Features:

  • Increased overall stability of the agent in cases where the agent service is running for long periods of time without host reboot

Bug Fixes:

  • Fixed a problem where hosts with Defender version 4.18.2201+ could not enforce Managed Antivirus policies

 

Version: 0.12.48

Rollout Start Date: January 21, 2022

Bug Fixes:

  • Fixed an issue where a network communication error with eetee.huntress.io could sometimes cause the agent service to terminate unexpectedly

 

Version: 0.12.46

Rollout Start Date: January 19, 2022

Features:

  • The Huntress Agent can now more quickly respond to Host Isolation and other tasks sent via the Portal

    • The average response time for Host Isolation has improved.

    • This will also improve response time for scans sent via Managed Antivirus, speed the deployment of Ransomware Canaries, and help the Huntress ThreatOps team investigate potential threats faster.

 

Version: 0.12.44

Rollout Start Date: January 6, 2022

Features:

  • Made enhancements to agent’s ability to determine the status of Host Isolation

Bug Fixes:

  • Implemented a fix to ensure that if the agent encounters errors when retrieving firewall information from the host, it does not hang in “Pending Isolation” status

 

Version: 0.12.42

Rollout Start Date: December 8, 2021

Features:

  • Various internal optimizations to the agent to pave the way for future new services

 

Version: 0.12.40

Rollout Start Date: November 17, 2021

Bug Fixes:

  • Fixed an issue where some Windows 8.1 Pro hosts could not enforce Managed Antivirus policies

 

Version: 0.12.38

Rollout Start Date: November 8, 2021

Features:

  • Made some enhancements to agent reporting to pave the way for future new features.

 

Version: 0.12.36

Rollout Start Date: October 18, 2021

Features:

  • An antivirus service tracking and status reporting capability has been added to the Huntress Agent

    • This feature gives Partners and ThreatOps analyst context into installed Antivirus products on the host. This data can be viewed in the host's antivirus tab and can be used to identify potential conflicts between Windows Defender and other 3rd party Antivirus solutions

 

Version: 0.12.34

Rollout Start Date: October 1, 2021

Features:

  • When Canaries are tripped, the Agent now returns more information about the state of the Canary directory to help ThreatOps analysts respond more quickly to ransomware events

Bug Fixes:

  • Increased the timeout when waiting for execution of some Agent commands to 10 seconds to reduce timeouts on slower systems

  • Updated the hashing implementation used by the agent so that hashes would be more consistent across all hardware types

 

Version: 0.12.30

Rollout Start Date: September 14, 2021

Features:

  • Reduced the number of firewall rules collected in the agent survey

    • In 0.12.26, the agent began retrieving all firewall rules on hosts. This has been limited to just the Group Policy rules needed for Host Isolation

Bug Fixes:

  • Fixed the agent memory leak around handling firewall rules

    • After the deploy of 0.12.26, some servers with over 10,000 firewall rules began to see high memory usage from the Huntress Agent due to a memory leak. We temporarily fixed this in 0.12.28. This is the complete fix that allows the agent to retrieve firewall rules

 

Version: 0.12.28

Rollout Start Date: September 3, 2021

Features:

  • The agent can now mark files for deletion after reboot if deletion fails due to an open file handle

    • This will help ensure file remediation succeeds in cases where a malware process is still running and preventing removal of the file. This will be paired in the future with host reboot Assisted Remediation tasks for Managed Antivirus incidents to ensure malware has been cleaned as recommended by Windows Defender

Bug Fixes:

  • Temporarily stopped sending back information on local firewall rules to prevent excessive host memory usage

    • After the deploy of 0.12.26, some servers with over 10,000 firewall rules began to see high memory usage from the Huntress Agent due to a memory leak. A more permanent fix will be included in the next agent release
  • Scheduled task remediations now succeed if the scheduled task was already deleted
    • If the scheduled task is not present for a given remediation then the attempt to remediate is now reported as success. This prevents the associated Assisted Remediation tasks from hanging indefinitely

 

Version: 0.12.26

Rollout Start Date: August 26, 2021

Features:

  • The agent can now can now be instructed to reboot the host it is deployed on

    • This feature will be used in the future to support a new Assisted Remediation task for Managed Antivirus where partners will have the option to approve host reboots recommended by Windows Defender as a part of infection remediation

  • The agent can now be instructed to isolate hosts from their network
    • The manual and automated host isolation features are being tested internally by Huntress; these new product features are scheduled for released later this year

Comments

0 comments

Article is closed for comments.

Related articles