7.17edit
7.17.15edit
Security updatesedit
-
If Elastic Endpoint (v7.9.0 - v7.17.14) is configured to use a non-default option in which the logging level is explicitly set to
debug, and Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext.The issue is resolved in Elastic Stack 7.17.15.
For more information, refer to our related security announcement.
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.15 release.
7.17.14edit
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.14 release.
7.17.13edit
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.13 release.
7.17.12edit
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.12 release.
7.17.11edit
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.11 release.
7.17.10edit
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.10 release.
7.17.9edit
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.9 release.
7.17.8edit
Bug fixes and enhancementsedit
- Fixes a bug that caused Elastic Endpoint to crash when running on busy Linux systems and when the collection of network events or malicious behavior protection was enabled.
7.17.7edit
Bug fixes and enhancementsedit
- Fixes a bug that sometimes caused Elastic Endpoint to change to a non-running state on Windows endpoints (#29).
7.17.6edit
Known issuesedit
-
In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will have an
Unhealthystatus when this happens (#29).To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:
PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe" ProviderName: Microsoft-Windows-CodeIntegrity TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 9/22/2022 10:47:35 AM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo... 9/19/2022 2:10:14 PM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
If Elastic Endpoint is not running, there are several workarounds you can take:
-
Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:
c:\Program Files\Elastic\Agent\elastic-agent.exe restart
-
Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.
Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be
Unhealthy. The status will change toHealthyonce the integration is reinstalled. - Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.
-
Bug fixes and enhancementsedit
There are no user-facing changes in the 7.17.6 release.
7.17.5edit
Known issuesedit
-
In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will appear
Unhealthywhen this happens (#29).To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:
PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe" ProviderName: Microsoft-Windows-CodeIntegrity TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 9/22/2022 10:47:35 AM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo... 9/19/2022 2:10:14 PM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
If Elastic Endpoint is not running, there are several workarounds you can take:
-
Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:
c:\Program Files\Elastic\Agent\elastic-agent.exe restart
-
Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.
Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be
Unhealthy. The status will change toHealthyonce the integration is reinstalled. - Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.
-
Bug fixes and enhancementsedit
7.17.4edit
Bug fixes and enhancementsedit
- Allows preconfigured connectors to be used with cases (#130372).
-
Fixes a trusted applications path bug that caused a timeout error when users defined a matching
Pathvalue without wildcards (#131085). - Fixes sorting issues that were related to unmapped fields (#132190).
7.17.3edit
Bug fixes and enhancementsedit
7.17.2edit
Bug fixes and enhancementsedit
- Fixes an Endpoint Security integration bug that prevented benign Windows files from being deleted under certain circumstances.
-
Ensures Endpoint Security continues to run on all supported Windows versions by changing the primary signer of the
elastic-endpoint.exefile fromELASTICSEARCH B.V.toElasticsearch, Inc.(#15). -
Updates the minimum role permissions needed to import rules with actions. After this change, roles must have at least
Readprivileges for theActions and Connectorsfeature to import rules with actions (#126203).
7.17.1edit
Known issuesedit
- An Endpoint Security integration bug prevents benign Windows files from being deleted under certain circumstances.
7.17.0edit
Known issuesedit
- On macOS versions before 12.4, if Elastic Endpoint is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later.
Breaking changesedit
- Preconfigured connectors cannot be used with cases (#120686).
Bug fixes and enhancementsedit
- Adds detailed telemetry statistics for legacy and regular notifications (#123332, #122472).
- Fixes a bug that changed the message in the Activity Log tab when users re-fetched log data for a date range without data (#123039).
- Updates privilege checks when users view the Exceptions page (#122902).
- Removes leftover alert notifications after a rule is deleted (#122610).
- Enables cross-space telemetry for cases (#122477).
- Updates the Reporter column in the Cases table to use usernames instead of full names (#121820).
- Improves endpoint performance and warns users that trusted applications with a wildcard path might experience performance impacts (#120349).
- Fixes an issue that caused the Cases feature to crash the UI when determining if a connector was deprecated (#120686).