CHANGES FOR PLATFORM
Please choose from the release notes listed below:
- Portal Update - April 2026
- Agent 2.1.9 (Mac-only) - April 22, 2026
- WRPillr module 2.0.0.2 - April 1, 2026
- Portal Update - March 2026
- Portal Update - February 2026
- WRPillr module 2.0.0.1 - January 13, 2026
- Agent 2.1.9 (Windows-only) / WRPillr Module 2.0.0.0 - January 7, 2026
- Portal Update - October 2025
- Portal Update - August 2025
- Portal Update - July 2025
- Portal Update - June 2025
- Portal Update - May 2025
- Portal Update - April 2025
- Agent 2.1.7 - April 9, 2025
- Portal Update - March 2025
- Portal Update - February 2025
- Portal Update - January 2025
- Portal Update - December 2024
- Portal Update - November 2024
- Portal Update - October 2024
- Agent 2.1.2 - September 12, 2024
- Portal Update - September 2024
- Agent 2.1.1 - August 27, 2024
- Agent 2.1.0 - August 12, 2024
- Agent 2.0.10 - April 30, 2024
- Agent 2.0.9 - April 5, 2024
- Agent 2.0.8 - February 6, 2024
| Updates |
- Improved alert categorization to support expanded MDR capabilities.
- Added suspicious login alerting for anomalous ASN and ISP activity.
- Added alerting for high risk geographic login activity.
- Added the ability to trigger workflows based on alerts from specific integration sources.
- Improved workflow stability.
- Improved visibility into alert muting and unmuting actions.
- Improved search stability across large and historical datasets.
- Updated the Endpoint Protection integration to OpenText Core branding while maintaining Webroot search compatibility.
- Defaulted the portal to light mode for new users and improved theme selection guidance.
- Improved portal availability and login stability in the UK data center.
- Improved platform foundations to support future console convergence.
|
| Fixes |
- Fixed an issue where authentication and Windows log data were not displayed in search for UK-based portals.
- Fixed an issue where threat intelligence queries could return errors in the UK data center.
- Fixed an issue where portal search could hang during long-running or historical queries and fail to display errors.
- Fixed an issue where monthly reports showed only a week of data instead of the full reporting period.
- Fixed an issue where compliance storage usage reporting did not accurately reflect billable usage.
- Fixed an issue where Webroot integration alerts were not consistently ingested.
- Fixed an issue where newly provisioned UK customers could not sign in via SSO.
- Fixed an issue where workflows could fail when multiple agents shared the same hostname.
- Fixed an issue where alert mute condition changes were not reflected immediately in the UI.
- Fixed an issue where Linux installers were not generated correctly for GSM deployments.
- Corrected false positive vulnerability detections for Microsoft .NET Runtime packages.
- Fixed an issue where Alerts API access for GSM integration was not properly authorized.
|
| Known Issues |
- In some cases, search results may not return expected data while backend indexing completes. This does not impact alerting or detection functionality.
|
| Updates |
- Brought the macOS agent to feature parity with the Windows 2.1.9 agent.
- Improved agent registration in the Global Site Manager (GSM) console by applying a virtual machine flag, when appropriate, to prevent duplicate device entries.
- Updated agent signing to ensure internal trust.
|
| Fixes |
- Corrected isolation status reporting to ensure devices properly update their status after being de-isolated.
|
| Deployment Notes |
- This release is delivered via a gradual rollout. Agents are expected to receive the update over approximately two days, provided the device remains powered on and connected.
|
| Updates |
- Improved proxy handling during EDR/MDR component installation.
- Ensured consistent installation behavior in environments with enforced HTTP/HTTPS proxies.
|
| Updates |
- Added the ability for users to include a phone number in their profile.
- Updated the Users list to display phone numbers.
- Mac and Windows agent downloads now appear alongside all other agent downloads in the Portal.
- Enhanced performance for app‑based vulnerability reporting.
- Improved clarity and usability of the Integrations list.
|
| Fixes |
- Fixed an issue where certain versions of Wireshark and Firefox were not appearing in vulnerability alerts.
- Reduced false positives related to web application shell‑spawn detections.
- Applied general workflow stability improvements.
|
| Updates |
- Rule Muting from Alert View: Added the ability to mute a rule directly from a rule’s triggered alert page for faster alert management.
- Microsoft Integration License Warnings: Added warnings when a customer's Microsoft license level is insufficient to support all alert types.
- Enhanced CVE Alerts: Added severity scoring and direct links to the vulnerabilities page for faster investigation.
- Improved consistency and accuracy of threat intelligence reporting.
- Applied general stability improvements and security hardening across the platform.
|
| Fixes |
- Fixed automated provisioning issues in the UK data center.
- Resolved workflow execution failures in the UK data center.
- Corrected an issue that caused URL index data to fail to display in both data centers.
- Fixed BrightCloud Reputation Index display so low (bad) scores correctly appear in red.
- Resolved intermittent failures where the Workflow Closures Report did not send on schedule.
- Corrected behavior where unmapped field headers failed to remain locked during searches.
- Restored GeoIP map visibility for authentication log searches.
|
| Updates |
- Expanded OS support to include older Windows 10 and Windows 11 systems.
- Removed PowerShell as an installation dependency to streamline deployment in restricted environments.
|
| Components |
- Agent 2.1.9 (Windows-only)
- WRPillr Module 2.0.0.0
|
| Updates |
- Updated the WRPillr module interface to support Windows EDR and MDR components.
- Improved agent registration in the Global Site Manager (GSM) console by applying a virtual machine flag, when appropriate, to prevent duplicate device entries.
- Updated agent signing to ensure internal trust.
|
| Fixes |
- Corrected isolation status reporting to ensure devices properly update their status after being de-isolated.
|
| Updates |
- Added the ability to run a workflow manually.
- Improved performance of the Integrations settings page.
- Improved availability and reliability of threat intelligence backend services.
|
| Fixes |
- Resolved issues with alert muting behavior.
|
| Updates |
- Added a new workflow action that notifies the primary user for a given partner.
- Added the ability to mute or silence alerts based on conditions, preventing certain alerts from syncing to integrations.
- Improved the accuracy and effectiveness of vulnerability reporting.
|
| Fixes |
- Fixed an issue where workflow names containing certain special characters could not be saved.
- Fixed an issue where alerts table headers were resetting after page refresh; header selections are now preserved.
|
| Updates |
- Improved accuracy of application CVE reporting.
- Improved the overall effectiveness of vulnerability reporting.
- Added support for workflow actions triggered from specified saved search alerts.
- Enabled saved search alert triggers to be used with workflow actions.
|
| Updates |
- Added a light mode option for the Portal.
- Added the ability to multi‑select agents for bulk actions.
- Added a report showing the percentage of alerts closed manually vs. automatically by workflows.
- Expanded date‑filtering options on the log retention page.
|
| Updates |
- Improved performance for concurrently executing workflows.
- Updated the webhook action in workflows to include a customer field.
|
| Fixes |
- Fixed a saved search scope issue that caused some saved searches to be incorrectly hidden from users.
|
| Updates |
- Enabled SSO integration with other OpenText platforms.
- Added the ability to generate reports for multiple customers.
- Added SOC escalation instructions to the workflow action.
|
| Updates |
- Added the agent as part of the OpenText Detection and Response cybersecurity portfolio.
- Improved agent diagnostic reporting and backend communication.
|
| Updates |
- Improved agent filtering by adding more filter options, enabling more fine‑grained filtering.
- Improved email notifications for custom alerts.
|
| Fixes |
- Fixed workflow validation issues and improved error handling.
- Fixed an issue that caused agents not to appear for some customers with multiple product subscriptions.
|
| Updates |
- Improved performance of the log retention report.
- Added a Microsoft Azure AD user lockout action.
|
| Fixes |
- Fixed an issue that caused duplicate mobile alerts.
|
| Updates |
- Added a new workflow template library.
- Improved the alert UI, including making the KB article area scrollable.
- Added support for macOS Application Vulnerability Reporting.
- Added isolation status to the Portal.
|
| Updates |
- Improved input handling for the Check Field workflow task.
- Added a Discussions tab for Cases.
|
| Updates |
- Improved case management behavior when changing case status.
- Improved automatic case creation for brute‑force alerts.
- Added support for detection fields in the Check Field workflow task.
- Improved alert‑update email notifications.
|
| Updates |
- Improved agent diagnostic checks.
- Updated the Monthly Metrics Report to translate common Windows Event Codes into human‑readable names.
|
| Fixes |
- Fixed an issue in the Check Field workflow task that affected validation of certain Windows log fields in alerts.
|
| Updates |
- Improved the fixes introduced in Agent 2.1.1.
|
| Updates |
- Improved the alert page UI.
- Improved syslog alerting.
|
| Fixes |
- Fixed an issue in vulnerability reporting that caused some application vulnerability false‑positive results.
- Fixed an issue with workflow notification email template rendering.
|
| Updates |
- Tuned ransomware encrypted‑file detection.
|
| Fixes |
- Fixed issues with temporary file handling.
|
| Updates |
- Added alerting for ransomware encrypted‑file detection.
- Added support for Brave and Opera browser URL inspection.
- Improved syslog parsing.
- Tuned YARA rules.
- Added an agent watchdog to improve resilience.
- Improved alert delivery speed.
- Added additional connectivity diagnostics.
- Added support for additional Linux distributions and macOS versions.
|
| Fixes |
- Fixed conflicts with the SentinelOne agent.
|
| Updates |
- Improved syslog timestamp parsing to ensure correct event times.
|
| Fixes |
- Fixed incompatibilities with certain other security software related to file inspection.
|
| Updates |
- Added new endpoint actions, including the ability to:
- Quarantine a file
- Delete a file
- Shut down the system
- Restart the system
- Perform a full disk scan
|
| Updates |
- Improved performance and added additional diagnostic reporting.
|
