Skip to main content
CYFOX EDR For Windows
Omer Kushmirski avatar
Written by Omer Kushmirski
Updated over a month ago

AG.AI 2.5.1

11 Nov, 2024

AG.AI Version 2.5 introduces critical improvements, addressing various bug fixes and enhancing features for a more seamless experience:

  • Added digital signatures to all CYFOX Agent files that were missing certifications, ensuring greater security and integrity.

  • Resolved an issue where the system incorrectly reported events as attacks even when they were excluded.

In addition, Agent version 2.5 includes support for two additional features, available via the XDR Server configuration:


AG.AI 2.3.3

Coming Soon

Version 2.3.3 includes enhancements to event handling to prevent system overload. The algorithm responsible for sending events to the server has been optimized, including a new limitation on sending recurring events. This ensures that failed events (e.g., due to no internet connection) are not repeatedly sent.


AG.AI 2.3.2

20 Aug, 2024

AG.AI version 2.3.2.0 addresses a critical bug that caused active agents to be incorrectly reported as unmanaged devices, an issue primarily occurring when the agent was deployed on virtual machines. This update includes an improved sync query to ensure timely data synchronization, ensuring that agents are now correctly reported as managed devices.


AG.AI 2.3

29 July, 2024

AG.AI Version 2.3 includes several bug fixes and general system security improvements to CYFOX Agent.

  • Fixed the large number of FIM (File Integrity Monitoring) false positive alerts caused by incorrect registry paths.

  • Resolved the issue with the direction of the “\” in the filePath of events when checking for blacklisted files and the exclusion list.

  • Added agent tampering mechanisms to prevent unauthorized deletion of any files related to the agent. This protection does not affect legitimate agent uninstallation, which remains supported and functional.


AG.AI 2.2

1 July, 2024

This version includes the option to exclude specific files or folders from being actively scanned (and mitigated if needed).

This feature aims to provide users with greater control over Agent scans, allowing them to ignore Agent recommendations or actions. This is particularly useful for managing false positives, specific penetration testing scenarios, troubleshooting, and more.

For detailed instructions on how to use this new feature, please refer to the following article.


AG.AI 2.1.1.7

25 Jun, 2024

Agent version 2.1.1.7 provides a hot fix to the continuing issue of pop-ups related to UI Connection that costumers are getting.


AG.AI 2.1.1.5

5 Jun, 2024

Version 2.1.1.4 provides a hotfix resolving the following issues:

  • Moved the watchdogs and Permission Manager initialization to occur after the SQL initialization. This change should resolve multiple errors related to SQL access in the UI - causing to Continuous Windows Error Pop-ups on Customer's Laptop

  • Added a feature to delete the Update directory content before downloading a new update.

  • Modified the way the Agent checks for installed antivirus software by checking if the name contains “defender”.


AG.AI 2.1

24 April, 2024

CYFOX AG.AI version 2.1 introduces the first integration of an additional engine, the Opcode Malware Classifier™, specifically designed to handle executable files (.exe). This engine represents the next generation of static analysis, seamlessly integrated as an additional component within the Agent. It enhances the system's capability to identify a broader spectrum of executable attacks, including new, previously unidentified ones (zero-day attacks).

The Opcode Analysis Engine breaks down binary files into their basic components. Then, it uses AI to scan the file's detailed code for any harmful signs. This helps find possible security risks and unusual activities.

The engine is built with advanced AI, which means it gets smarter over time, automatically adjusting to new kinds of cyber threats. This smart system doesn't require manual updates from people to recognize new dangers, making it very efficient at protecting against attacks.

Bug Fixes & Enhancements

  • Implemented a new solution for the safe and effective deletion of specific registry paths, ensuring cleaner and more secure system configurations.

  • Added a method for altering the installation directory of the agent, allowing for more flexible deployment options and better compatibility with system requirements.

  • Introduced a solution for changing the service binary path, facilitating easier updates and maintenance of service components.

  • Resolved Agent FIM Configuration issues.


AG.AI 2.0.5.3

9 April, 2024

  • Added functionality to generate Attack Hunter alerts for sub-event ID 1002 for persistence-related activities.


AG.AI 2.0.5

13 March, 2024


The following Agent Updates include a hot fix targeted at agents running on servers. This fix addresses server slowdowns caused by the active scanning mechanism.

Please note that the slowness does not affect all servers, only specific types. Customers who wish to apply this fix will need to Reinstall the Agent in Server mode. For help with the installation process, please contact our support team.


AG.AI 2.0.3.7

15 Jan, 2024

The following Agent update includes critical hot-fixes addressing issues in the Agent "Sensor Mode", particularly related to interactions with the local firewall:

  • Fixed the Sensor Mode condition so it will restrict the Agent from initiating active actions, like enabling the firewall.

  • Enforced a mandatory deactivation of firewall profiles during the initiation of the upgrade process.

These changes are designed to enhance system compatibility and stability when operating in Sensor Mode.


AG.AI 2.0.3.6

14 Jan, 2024

This update provides essential bug fixes and high cpu consumption issues

  • Resolved the issue that caused ESET to block the Agent installation package.

  • Minimized CPU consumption by service.exe

  • Adjusted the active scan logic to prevent high CPU usage by the Agent.


AG.AI 2.0.3

18 Dec, 2023

This update provides essential bug fixes and performance enhancements:

  • Implemented filtering for unnecessary WMI events to reduce the event load on the servers.

  • Enhanced the static engine handler for new and modified files to address client concerns regarding files not opening due to the Agent mitigations mechanism.


AG.AI 2.0.1

6 Dec, 2023

This update includes crucial bug fixes and security enhancements, making it highly recommended for all users:

  • Reduced ML false positives.

  • Optimized the transfer of WMI events from the agent to the server.

  • Optimized CPU consumption.


Introducing Version 2.0: The Next-Generation Agent: CYFOX AG.AI™

27 Nov, 2023

Introducing CYFOX AG.AI™, the latest version of the CYFOX™ Agent. This release marks a significant enhancement in adaptive security logic, threats response capabilities and advanced tampering , significantly improving endpoint security.

Unveiling the New Agent: AG.AI

At the core of the new agent, AG.AI™ - Lies an advanced machine learning that carefully analyze simulated attacks, enabling it to identify threats with behaviors that behave similarly to known attack patterns.

This innovative approach ensures rapid detection and prevention of even the most sophisticated and novel threats.

Below you can see how the AI engine lays as another layer of detection and prevention, making it extremely secure.

As it operates within a specific user environment, the newAG.AI™ actively learns and adapts to the unique behavior patterns of that user. This adaptive learning process includes gaining insights into the user's preferred programs, typical usage patterns, and more. By doing so, the agent becomes even more effective in safeguarding the user's digital space, leveraging its knowledge of user behavior to further enhance its success rate in identifying and mitigating threats.

Actively Responding to Threats

The upgraded Agent now proactively responds to a wider range of threats, going beyond just identification. Its enhanced capabilities include:

  • Killing Suspicious Processes: When the agent identifies suspicious processes, it terminates them.

  • Isolating Malicious Files: Once malicious files are detected by the agent, it quarantines them to prevent any potential harm.

  • Blocking Suspicious Connections: It can also prevent suspicious connections from establishing themselves on the endpoint, bolstering overall security.

Improved Static (Signatures) Engine

The updated agent includes an improved logic to its static engine, which actively checks for static signatures (hashes) indicative of malware and hazardous files. This refined logic encompasses:

  • Expanding Signature Database: It incorporates numerous new signatures to encompass recently discovered attack vectors.

  • Increased Frequency of Static Engine Checks: This ensures more up-to-date protection without compromising performance.

Attack Hunter Engine: New Attacks Detection, Less False Positives

The Attack Hunter engine, tasked with detecting and reporting attacks at both the Endpoint and Network levels, has undergone crucial adjustments, including:

  • Incorporating Additional Rules: New ruleset have been added to identify the latest attack techniques.

  • Rule Refinement: Existing rules have been refined to minimize the occurrence of false positives.

Enhanced Tampering Protection

In response to valuable feedback, the new Agent has been engineered with a an improved tampering protection. Its enhanced tampering include:

  • Vulnerability Uninstallation Resolution: The Agent has addressed vulnerability uninstallation issues.

  • Preventing Microsoft Defender Deactivation: The new Agent actively disallows any attempts to disable Microsoft Defender.

  • Service Startup Protection: The Agent has improves its capability to ensure that essential services, critical to the Agent's functionality, remain enabled and cannot be disabled. This safeguards the seamless operation of the Agent.

USB Protection and Control

The new Agent includes also the addition of an USB protection mechanism, designed to provide comprehensive control over which USB devices can be connected to an organization's endpoints. This USB protection feature can be accessed through the Policy Screen --> Event Response section, under the Agent Policy menu (accessible by scrolling down).

To create a new USB protection rule, simply click on the 'Add' button, select the desired scope level, select the USB event and apply the relevant configuration options.

It's important to note that if you wish to create a whitelist or blacklist of USB devices, you will need to define a list of serial keys. For more detailed information about how you can doing so - Please visit USB Control - User Guide

Enhanced Performance and Reduced CPU Load

With the addition of numerous new features to the Agent a primary objective was to minimize its resource footprint. The new Agent has achieved substantial improvements in resource efficiency, consistently maintaining an average CPU usage of less than 4%.

Agent Sensor Mode

The Agent's sensor mode feature has been significantly improved to operate passively, focusing on reporting and detection without active response. This feature can be valuable for debugging and addressing false positive scenarios.

Authorized Software Logic

Untrusted software introduces a variety of potential risks, including vulnerabilities and viruses, which can pose a significant threat to both individual endpoints and the overall security of a company.

To address this concern, the CYFOX Agent deploys an additional layer of software evaluation. It goes beyond just identifying malicious files; it also checks for official certificates that indicate the software's legitimacy and the trustworthiness of the provider.

While the best practice is always to utilize official and trusted software, we understand that certain scenarios demand alternative solutions. Thus, the Agent offers the flexibility to release and whitelist software even without a certificate. You can find detailed instructions in the following user guide: How to Release a Quarantined Software

Bug Fixes and Enhancements

ML Events Forwarded to SYSLOG

The agent now supports forwarding ML Events to SYSLOG.

Linux Agent Installation Issue Resolution

We have successfully resolved the installation issue with the Linux agent.

Resolution of FIM Errors Across Multiple Environments

We have addressed and resolved File Integrity Monitoring (FIM) errors in various environments.

Correction of DC Alerts

We have fixed issues related to Domain Controller (DC) alerts.

Improved PDF Reports Download:

We have resolved download failures for PDF reports that occurred in multiple environments, ensuring efficient access to critical information.

Did this answer your question?