Release Notes: Xcitium Enterprise & Platform Minor Update - May 15, 2025

Hello Xcitium Community,

We’re rolling out a new update to Xcitium Enterprise & Platform today! This release includes key enhancements and targeted bug fixes aimed at improving overall performance and usability. The deployment will take around 2 hours to complete. No service disruption is expected, but if anything unusual comes up post-update, we’re here to help.

Deployment Schedule:

  • US & EU Region Portals: 2025-05-15T07:00:00Z

What’s Included in This Update:


Xcitium Enterprise & Platform

Improvements

  • Improved containment logs by showing the original process that triggered containment in the Security > Contained Threats section, making it easier for users to manage rules without deep technical knowledge.
  • Updated uninstallation logs under device details to reflect the correct name “XCS Uninstallation” instead of “CCS Uninstallation”, as part of ongoing rebranding efforts for consistency across the platform.
  • Added default file groups for embedded code detections, enhancing rule creation and improving the user experience when managing CMD and PowerShell scripts.
  • Implemented a dynamic notification flow in the Device List to guide users upgrading from XCS Windows version 12.12 or older, displaying a message recommending an intermediate upgrade to version 13.0.1 to prevent upgrade failures.

Bug-Fixes

  • Fixed an issue where Mac logs sent to the SIEM were missing essential information such as device name and file details, ensuring complete and accurate log representation for incident tracking.
  • Fixed an issue where the latest stable version was incorrectly shown as 9.3 for Xcitium Communication Client Agent; the correct version, 9.4.49, is now properly displayed in both the UI label and dropdown selection.
  • Fixed an issue where log forwarding was incorrectly set to false for accounts with an active Managed CNAPP license, ensuring licensed users have proper log forwarding enabled.

Appendix

New Portal Versions
  • Xcitium Enterprise: 4.44.1
  • Xcitium Platform: 10.1.4

If you have any questions or run into issues, don’t hesitate to reach out. We appreciate your continued partnership and commitment to Xcitium.

Best regards,
Xcitium Product Management Team

1 Like

This is a fantastic improvement.

1 Like

Hi @Umut

Is there more information about “Improved containment logs by showing the original process that triggered containment in the Security > Contained Threats section, making it easier for users to manage rules without deep technical knowledge.”?

I see an extra row of Policy object in the Contained Threats section of my platform, but it shows N/A.

Thanks

Hi @allen,

The file must be executed by a process that is itself running in containment to see the data produced under Policy Object column instead of N/A.

And in addition, this feature is working with Preview agent version 10.1, Latest stable (9.4) doesn’t support this feature.

Best regards,
Umut.

Hi @Umut

Does your version 10.1 refer to the XCC version?
I am currently using this version but I still see N/A on my log.

Thanks

Hi @allen,

No it is not. It’s referring Xcitium Platform (classic view) version, mostly they’re sharing the same version numbers with XCC Agent.

Best regards,
Umut.