Release Notes of Xcitium & OpenEDR & Secure Internet Gateway Platforms & Agents & Remote Control & THAT June Release (June 21-22, 2023)

Elif_Bengi · June 21, 2023, 12:21pm

Hello everyone!

We’re pleased to inform you that the latest version of Xcitium & OpenEDR & Secure Internet Gateway Platforms & Agents & Remote Control & THAT are live now!

The release schedule was implemented as follows:

US Region Portal: The release will start on 2023-06-21T05:00:00Z
EU Region Portal: The release will start on 2023-06-22T05:00:00Z
Agents & Xcitium Remote Control: The release will start on 2023-06-22T05:00:00Z

The release was implemented within 30 minutes of deployment, during release time the platform could be under maintenance mode, where you might observe minor glitches.

And if you observe any issues after release, please feel free to share them with us.

Xcitium Enterprise & Platform

IMPROVEMENTS

Added an onboarding popup window to display the current provisioning status and to guide users to further provisioning options.
Added a new Threat Hunter Assessment Tool available now from the Xcitium Platform Tools menu.
Implemented a new API to fetch all data that is presented under the Dashboard/Compliance section of the Xcitium console.
Disabled the Xcitium Message Center permanently and removed the option to open it from the UI to resolve CPU usage issues.
Added the ability to clone a role in Endpoint Manager.

BUG-FIXES

Fixed an issue specific to enabling MDR as expected when installing the Xcitium Client Communication only from the portal admin.
Fixed an issue with the “Show with the purged file(s)” filter that was not working under Endpoint Manager/Security/File Rating.
Fixed an issue resulting from not deleting log sources from the SOCaaP Interface.
Fixed an issue of custom Xcitium Client Communication (XCC) agent (the Endpoint Manager agent) rebranding not being applied properly from the correct profile.
Fixed an issue with user interface details displaying incorrectly after re-installing the Xcitium Client Security (XCS) agent.
Fixed an issue of data field alignment under the Data Loss Prevention (DLP) section of the UI.

Xcitium Client Security – Windows

IMPROVEMENTS

Implemented the ability to decline Xcitium Client Security Updates if there is a pending OS update reboot on the endpoint.
Added HIPS protection for LSASS processes.
Enhanced enumeration detection and response by implementing the ability to block applications and running processes in response to potentially dangerous or anomalous command-line operations.

BUG-FIXES

Fixed the issue with blocked USB storage devices not getting re-blocked as expected when re-enabled via the device manager.
Fixed the issue with blocked removable drives with external device control being allowed re-enablement from the device manager in the portal.
Fixed a process tree issue showing the wrong tree due to missing embedded code.
Fixed the issue of high CPU usage during a DLP scan running on Windows server 2012 R2 with Xcitium Client Security 12.10.0.8697 installed.
Fixed the issue of some processes having incorrect parent applications on the Xcitium Client Security process tree due to Windows assigning the same PID to a new process as in another previously launched, already closed process.
Fixed the issue of consecutive scans increasing the cmdagent memory usage.
Fixed a system crash issue after an Xcitium Client Security 12.14 installment.

Xcitium Client Security – macOS

NEW FEATURES

First phase of ZeroDwell Containment for macOS, as a BETA feature. With this feature:
- Applications that have invalid signatures are blocked.
- Applications that have malicious file ratings are blocked.
- All AppStore 3rd-party applications that are signed by Apple/AppStore will be run without any restriction.
- Applications that have trusted file ratings are run without any restrictions.
- Applications that have unrecognized file ratings are run virtually.

EDR

BUG-FIXES

Fixed the issue of incorrect msi name in EDR installed/uninstalled messages.
Fixed the issue with EDR not uninstalling properly and continuing to collect events following an attempt to uninstall both the Xcitium Client Security and EDR from the portal at the same time.
Fixed an issue with Lsalso.exe causing a high CPU-usage performance issue when an EDR agent is installed.
Fixed the issue with msiexec.exe heuristic command-line analysis not working as expected in Xcitium Client Security 12.14.0.9145.

Device Management

IMPROVEMENTS

Added the ability to choose a screen recording location in Remote Control.
Implemented the ability to use “Curtain”/ “Black Out” mode Remote Control for macOS.

BUG-FIXES

Fixed an issue of displaying the client access control password for the Xcitium Client Communication agent in a plain text format.
Fixed a vulnerability issue in SQLite for ITSM web services.
Fixed an issue of the offline monitor generating an online alert.

OpenEDR Platform

IMPROVEMENTS

Added an email option to the “Refer a Friend” popup for the OpenEDR Platform to provide a way to share and promote open-source EDR awareness and availability.
Added automatic redirection from Thank You page to the OpenEDR portal to decrease click counts and ease access to the portal.

BUG-FIXES

Fixed the issue with inaccessibility of the enrollment link during registration of OpenEDR when the registrant’s email contains a “+” character.
Fixed the issue where an OpenEDR registration could not be completed when the registrant’s email contained capital letters.

Secure Internet Gateway

IMPROVEMENTS

Implemented the ability to increase the maximum number of domains that can be whitelisted or blacklisted, up to 3000.

BUG-FIXES

Fixed the issue with data not displaying in the “Overview” and “Reporting” pages of the Secure Internet Gateway portal.

Threat Hunter Assessment Tool (THAT)

NEW FEATURES

Rebranded the “Unknown File Hunter Tool” to Threat Hunter Assessment Tool (THAT)” with the Xcitium interface.

IMPROVEMENTS

Added informative explanations and improved the product interface design for each process step, and for all scan results, to provide user-friendly usage and readability enhancements.
Improved steps for logging into the application and for continuing as a guest user.
Converted the tool to be a plug-and-play application.

BUG-FIXES

Fixed an issue of showing unnecessary error messages specific to ongoing operations.
Fixed an issue with excessive duration when processing an application-closing command.

Appendix

NEW PORTAL VERSIONS

Xcitium Enterprise: 4.14.0
Xcitium Platform: 3.65.0
Endpoint Manager: 8.2
OpenEDR Platform: 1.7.0
Secure Internet Gateway: 2.14.19

NEW AGENT VERSIONS

Xcitium Client Security – Windows: 12.15
Xcitium Client Security – MacOS: 2.4.4.974
Xcitium Client Communication – Windows: 8.2
Xcitium Client Communication – MacOS: 8.2
Xcitium Remote Control – Windows: 8.2
Xcitium Remote Control – MacOS: 8.2
EDR: 2.7

NEW TOOL VERSIONS

THAT: 6.0.0

QuickSilverST · June 21, 2023, 12:41pm

Nice this is a big update. One I’m excited about is the new THAT tool. I always wonder when it will be rebranding and improved so thats really cool. Use this tool to upload malware to Valkyrie. Also, really nice to see beta containment for MacOS. This will make xcitium for sure the best security for all platforms, now we just need this for linux if possible. Great jobs guys!

kwallity · June 21, 2023, 3:44pm

This is exciting news! It’s trivial in comparison, but something I noticed right away on the THAT tool: “Malicious” is spelled incorrectly. Figured it was worth reporting:

myr · June 22, 2023, 11:00am

How can I access the new API REST endpoint? I don’t see it here
https://api-gw.cmdm.comodo.com/api/v2/itsm/spec/swagger.public.yml

ilgaz · June 22, 2023, 12:49pm

hi @myr , you can see the details of the API under Statistics section.

QuickSilverST · June 22, 2023, 12:51pm

I can not find the containment section for MacOS. Is the containment happening automatically or sis a section we need to add in the profile section? I can’t see it in the profile section.

ilgaz · June 22, 2023, 1:07pm

hi @QuickSilverST , this is currently only available on new MacOS agent locally, as Beta. We aim to deliver full version (central rule management via profiles, showing containment logs in platform etc.) by end of Q3.

myr · June 22, 2023, 1:15pm

I think its not updated , I only see this and this does not give any information other than the total no of devices

QuickSilverST · June 22, 2023, 1:48pm

Silly question but it’s only configurable on the endpoint itself and not through the profiles? So we have to connect to the endpoint and configure it on the endpoint av? O also i can not find the HIPS LSASS protection.

mphillips · June 22, 2023, 2:06pm

Just a heads up. Installed the new AV client on a bunch of test users to get off 12.14 and all the problems. All the test users now have 12.15.0.9257. It is still using 1.5GB of memory and to top it off the tray icon no longer shows up. I have a ticket in about that, but have now noticed the resource usage is going up again. Maybe everyone should hold off, seems like this version isn’t ready.

QuickSilverST · June 22, 2023, 2:22pm

I will monitor as well, installed on a couple of my private laptops and server. The tray icon and widgets not showing i have had this issue for a while. Random number of restarts then it shows then does when restarted again. I have also noticed some branding issues showing the old Comodo logo:

Nik · June 22, 2023, 2:40pm

@ilgaz change it to Xcitium Client Security like in 12.14 and older

QuickSilverST · June 23, 2023, 8:07am

@ilgaz Can i maybe ask you pass this message on, it would be nice to get a widget for the EDR version as well, we have for all the other things which helps alot. The widget will help to see which version is installed and the endpoint amount, the widget can be added here:

Umut · June 23, 2023, 11:24am

Hi @myr,

Please check again, it has been deployed again:

Regards,

Umut · June 23, 2023, 11:30am

Hi @QuickSilverST Roughly yes correct. Some adjustments can be changed on directly the agent.
You can check the details on the help guide: Xcitium Enterprise | Comodo Client Security - Start CCS | Client Security for Windows | Comodo

In addition, HIPS LSASS protection has no other UI section, it can be activated directly under HIPS.

Regards,

Umut · June 23, 2023, 11:36am

Hi @mphillips,

The new version has been tested for a while, in case of having any missed detail, please add the details into your ticket.

Regards.

Umut · June 23, 2023, 11:46am

Hi @QuickSilverST,

The branding issue under programs is a known issue, it also will be updated in the future releases. Thank you for raising it.

The restarting is expected behavior after installation for applying the new configuration to the endpoint.

Regards.

Umut · June 23, 2023, 11:49am

Hi again @QuickSilverST thank you for your suggestion! We will definitely consider!

Regards.

Nik · June 23, 2023, 12:02pm

@Umut so Comodo CCS 12.15 will be rebranded soon to XCS 12.15 and icon change too like in 12.14

ilgaz · June 23, 2023, 12:06pm

hi @kwallity , this is fixed now.