7.17
edit7.17
edit7.17.28
editBug fixes
edit-
Fixes a bug that prevented Elastic Defend from correctly populating the
event.createdfield for process events on Windows. - Fixes a bug that prevented Elastic Defend from installing on SUSE Linux Enterprise Server (SLES) 15.6.
7.17.27
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.27 release.
7.17.26
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.26 release.
7.17.25
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.25 release.
7.17.24
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.24 release.
7.17.23
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.23 release.
7.17.22
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.22 release.
7.17.21
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.21 release.
7.17.20
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.20 release.
7.17.19
editBug fixes and enhancements
edit- Adds file and size constraints to value lists (#176074).
7.17.18
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.18 release.
7.17.17
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.17 release.
7.17.16
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.16 release.
7.17.15
editSecurity updates
edit-
If Elastic Endpoint (v7.9.0 - v7.17.14) is configured to use a non-default option in which the logging level is explicitly set to
debug, and Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext.The issue is resolved in Elastic Stack 7.17.15.
For more information, refer to our related security announcement.
Bug fixes and enhancements
editThere are no user-facing changes in the 7.17.15 release.
7.17.14
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.14 release.
7.17.13
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.13 release.
7.17.12
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.12 release.
7.17.11
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.11 release.
7.17.10
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.10 release.
7.17.9
editBug fixes and enhancements
editThere are no user-facing changes in the 7.17.9 release.
7.17.8
editBug fixes and enhancements
edit- Fixes a bug that caused Elastic Endpoint to crash when running on busy Linux systems and when the collection of network events or malicious behavior protection was enabled.
7.17.7
editBug fixes and enhancements
edit- Fixes a bug that sometimes caused Elastic Endpoint to change to a non-running state on Windows endpoints (#29).
7.17.6
editKnown issues
edit-
In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will have an
Unhealthystatus when this happens (#29).To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:
PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe" ProviderName: Microsoft-Windows-CodeIntegrity TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 9/22/2022 10:47:35 AM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo... 9/19/2022 2:10:14 PM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
If Elastic Endpoint is not running, there are several workarounds you can take:
-
Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:
c:\Program Files\Elastic\Agent\elastic-agent.exe restart
-
Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.
Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be
Unhealthy. The status will change toHealthyonce the integration is reinstalled. - Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.
-
Bug fixes and enhancements
editThere are no user-facing changes in the 7.17.6 release.
7.17.5
editKnown issues
edit-
In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will appear
Unhealthywhen this happens (#29).To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:
PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe" ProviderName: Microsoft-Windows-CodeIntegrity TimeCreated Id LevelDisplayName Message ----------- -- ---------------- ------- 9/22/2022 10:47:35 AM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo... 9/19/2022 2:10:14 PM 3004 Error Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
If Elastic Endpoint is not running, there are several workarounds you can take:
-
Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:
c:\Program Files\Elastic\Agent\elastic-agent.exe restart
-
Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.
Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be
Unhealthy. The status will change toHealthyonce the integration is reinstalled. - Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.
-
Bug fixes and enhancements
edit7.17.4
editBug fixes and enhancements
edit- Allows preconfigured connectors to be used with cases (#130372).
-
Fixes a trusted applications path bug that caused a timeout error when users defined a matching
Pathvalue without wildcards (#131085). - Fixes sorting issues that were related to unmapped fields (#132190).
7.17.3
editBug fixes and enhancements
edit7.17.2
editBug fixes and enhancements
edit- Fixes an Endpoint Security integration bug that prevented benign Windows files from being deleted under certain circumstances.
-
Ensures Endpoint Security continues to run on all supported Windows versions by changing the primary signer of the
elastic-endpoint.exefile fromELASTICSEARCH B.V.toElasticsearch, Inc.(#15). -
Updates the minimum role permissions needed to import rules with actions. After this change, roles must have at least
Readprivileges for theActions and Connectorsfeature to import rules with actions (#126203).
7.17.1
editKnown issues
edit- An Endpoint Security integration bug prevents benign Windows files from being deleted under certain circumstances.
7.17.0
editKnown issues
edit- On macOS versions before 12.4, if Elastic Endpoint is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later.
Breaking changes
edit- Preconfigured connectors cannot be used with cases (#120686).
Deprecations
edit- The Elastic Endpoint kernel module was deprecated in the 7.17.0 release.
Bug fixes and enhancements
edit- Adds detailed telemetry statistics for legacy and regular notifications (#123332, #122472).
- Fixes a bug that changed the message in the Activity Log tab when users re-fetched log data for a date range without data (#123039).
- Updates privilege checks when users view the Exceptions page (#122902).
- Removes leftover alert notifications after a rule is deleted (#122610).
- Enables cross-space telemetry for cases (#122477).
- Updates the Reporter column in the Cases table to use usernames instead of full names (#121820).
- Improves endpoint performance and warns users that trusted applications with a wildcard path might experience performance impacts (#120349).
- Fixes an issue that caused the Cases feature to crash the UI when determining if a connector was deprecated (#120686).