Changelog
Version 1.5.1492.0
- Fixed: issues with exclusions
- Fixed: issues with purge
- Fixed: issues related to search
- Due to the bug some rules were rewritten during the installation. It has been fixed and now following new rules will appear in the ruleset:
- "Process communicating over potentially Suspicious Protocol - detected VNC communication"
- "Process communicating over Suspicious Protocol - SMTP communication, unpopular process"
- "File with extension used by Win32/Filecoder.Crysis has been written" - Update of the rule "Suspicious PowerShell script - Screen/Keystroke/Window Capture"
Version 1.5.1485.0
- Added: Ability to work with rules via Public REST API (list, create, edit and delete)
- Added: Ability to trigger Network Isolation via Rules (only for Windows endpoints)
- Added: Support for full Unicode characters
- Added: Ability to add multiple comments to Detection, Executables, Computers, and Processes
- Added: Various performance improvements (e.g. faster search, purge, rules engine and others)
- Fixed: Multiple issues related to internal server errors and exclusions
- Added: Improved detection capability for advanced code injection methods
- Added: Ability to invalidate trust attributes of compromised processes
- Added: Information related to execution of files via shortcuts (LNK files)
- Added: Visibility into file reading operations for specific scenarios (e.g. reading of passwords)
- Added: Visibility into WMI Query behavior
- Added: Information about named pipes (to detect e.g. Cobalt Strike)
- Added: Visibility into MS Office VBA macros (if enabled in MS Office)
- Added: Ability to detect suspicious protocols (e.g. TOR, VNC, and BitTorrent)
Version 1.4.1364
- Added: macOS support - EI Agent now available also for macOS
- Added: Public REST API - Detections can now be managed via API
- Added: 2FA support for login into the EEI console (currently using out own ESET Secure Authentication 2FA solution)
- Added: Tagging of Objects - users now have the option of creating custom tags and adding to various objects
- Added: Events Load view and Event storage filter to be able to precisely see and select which event types should or should not be stored
- Added: Alerts view to Computer details - to see system related information, such as ability to detect alive, but non-reporting clients
- Added: Auto resolving of alarms/detections matched by an exclusion
- Added: Visibility into WMI
- Added: Visibility into scripts executed by PowerShell, CScript, WScript and MS Office for rule engine and investigation
- Added: Credential dumping monitoring
- Added: DNS requests monitoring
- Added: SHA-256 and MD-5 hashes - additional hash value types can now be calculated
- Added: Network Isolation of endpoints - ability to isolate endpoints from the rest of the network while keeping connection to management consoles intact
- Added: Terminal (remote PowerShell interface)
- Added: Possibility to block hashes automatically
- Added: Necessary internal changes to be compatible with upcoming Windows OS builds to be released in H1 2021
- Improved: New Filter Bar and Improved Filters
- Improved: Various aspects of Search - Rename, Tooltip, Process search
- Improved: Custom order of columns - columns in all table views can now easily be reordered by mouse dragging
- Improved: OS aware Computer actions and menus - to see exactly which functionality is available for which endpoints based on OS type
- Improved: User account monitoring
- Improved: Performance and scaling
Version 1.3.1145.0
- Fixed: Enterprise Inspector does not communicate with LiveGrid due to changes in communication protocol
- Fixed: Enterprise Inspector service has to be started manually after restart of OS
- Fixed: Wake up call does not work properly
- Fixed: Not possible to install EI Server on MS SQL 2016
Version 1.3.1143.0
- Fixed: Database cleanup process issue
- Fixed: Fix for EI Agent crashing when sending events
- Fixed: Fix for Database purge failing with "Duplicate entry" error
- Fixed: Fix for EI Agent not sending data (and not reverting to direct connection to EI Server) if proxy is not available
- Fixed: Fix LiveGrid connection status being reported incorrectly
Version 1.3.1128.0
- Fixed: EI Agent works incorrectly in offline mode
Version 1.3.1124.X
- Added: Support for MS SQL Server
- Added: EI rules linked with MITRE ATT&CK technique database
- Added: Ability to create and download SysInspector log
- Added: Ability to search the Internet for a module hash
- Added: Ability to support ancestors of the current process in rules
- Added: Ability to Export and Import Exclusions
- Added: Ability to detect (process in Rules) remote thread creation
- Added: Link between DLL and loading process and the ability to specify loaded DLL to define exclusion
- Added: Support for 64-bit server
- Added: Ability to release disk space immediately when purge settings are changed
- Added: Warning that additional space is needed when changing purge settings
- Added: Ability to see new registry value for registry writes
- Improved: Resolving alarms
- Improved: Firewall integration by using data from NetProt
- Improved: User experience improvements including better auditing and the ability to mark a module as inspected or add a comment to modules, alarms, etc.
- Improved: Provided information in alarms view
- Improved: Search functionality
- Improved: Ability to sort alarms by quantity
- Improved: EIAgent supports HTTP Proxy when connecting to EI Server
- Improved: Performance improvements
- Fixed: Minor functional and usability issues
Version 1.2.894.X
- Added: Database upgrade requires disk space check
- Improved: Script updates require less space
- Fixed: Command line installer does not perform database configurations check
- Fixed: Command line upgrade does not download Certification Authority (CA) from ESET Security Management Center (ESMC)
- Fixed: Use of PBE Parser causes high CPU usage
- Fixed: High frequency of CPU and memory usage checks result in high CPU usage
- Fixed: Installation progress indicator hangs at 92%
- Fixed: Upgrading to latest version of EEI hangs in case server is restarted
Version 1.2.892.X
- Added: Support for MySQL 8
- Added: Display for Process Integrity Level
- Added: Option to export a table to CSV
- Added: Path text filter in Aggregated Events
- Changed: Rules match DLL events
- Changed: Time filter with seconds granularity and ranges support
- Improved: Clarity of instructions in installer with regard to certificate usage
- Improved: It is possible to download also quarantined files from the EEI interface
- Improved: Ability to create exclusions for the Parent process
- Improved: Ransomware Shield detections are reported to EEI
- Improved: More granular information about firewall alarms are displayed in EEI
- Improved: Performance improvements
- Fixed: Minor functional and usability issues