7.17edit

7.17.6edit

Known issuesedit

  • In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will have an Unhealthy status when this happens (#29).

    To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:

    PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe"
    
    
       ProviderName: Microsoft-Windows-CodeIntegrity
    
    TimeCreated                      Id LevelDisplayName Message
    -----------                      -- ---------------- -------
    9/22/2022 10:47:35 AM          3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
    9/19/2022 2:10:14 PM           3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...

    If Elastic Endpoint is not running, there are several workarounds you can take:

    • Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:

      c:\Program Files\Elastic\Agent\elastic-agent.exe restart
    • Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.

      Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be Unhealthy. The status will change to Healthy once the integration is reinstalled.

    • Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.

Bug fixes and enhancementsedit

There are no user-facing changes in the 7.17.6 release.

7.17.5edit

Known issuesedit

  • In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will appear Unhealthy when this happens (#29).

    To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:

    PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe"
    
    
       ProviderName: Microsoft-Windows-CodeIntegrity
    
    TimeCreated                      Id LevelDisplayName Message
    -----------                      -- ---------------- -------
    9/22/2022 10:47:35 AM          3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
    9/19/2022 2:10:14 PM           3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...

    If Elastic Endpoint is not running, there are several workarounds you can take:

    • Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:

      c:\Program Files\Elastic\Agent\elastic-agent.exe restart
    • Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.

      Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be Unhealthy. The status will change to Healthy once the integration is reinstalled.

    • Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.

Bug fixes and enhancementsedit

  • Fixes a sorting and tooltip issue in Timeline for non-ECS fields without nested values (#132570).
  • Fixes a bug that interfered with Windows' boot up process if Elastic Endpoint’s Protected Process Light (PPL) service wasn’t fully uninstalled on the machine (#20).

7.17.4edit

Bug fixes and enhancementsedit

  • Allows preconfigured connectors to be used with cases (#130372).
  • Fixes a trusted applications path bug that caused a timeout error when users defined a matching Path value without wildcards (#131085).
  • Fixes sorting issues that were related to unmapped fields (#132190).

7.17.3edit

Bug fixes and enhancementsedit

  • Fixes a bug that prevented more than 20 pinned events from displaying when opening an existing Timeline (#128852).
  • Allows alerts without a populated meta field to be investigated in a Timeline (#129427).

7.17.2edit

Bug fixes and enhancementsedit

  • Fixes an Endpoint Security integration bug that prevented benign Windows files from being deleted under certain circumstances.
  • Ensures Endpoint Security continues to run on all supported Windows versions by changing the primary signer of the elastic-endpoint.exe file from ELASTICSEARCH B.V. to Elasticsearch, Inc. (#15).
  • Updates the minimum role permissions needed to import rules with actions. After this change, roles must have at least Read privileges for the Actions and Connectors feature to import rules with actions (#126203).

7.17.1edit

Known issuesedit

  • An Endpoint Security integration bug prevents benign Windows files from being deleted under certain circumstances.

7.17.0edit

Known issuesedit

  • On macOS versions before 12.4, if Elastic Endpoint is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later.

Breaking changesedit

Bug fixes and enhancementsedit

  • Adds detailed telemetry statistics for legacy and regular notifications (#123332, #122472).
  • Fixes a bug that changed the message in the Activity Log tab when users re-fetched log data for a date range without data (#123039).
  • Updates privilege checks when users view the Exceptions page (#122902).
  • Removes leftover alert notifications after a rule is deleted (#122610).
  • Enables cross-space telemetry for cases (#122477).
  • Updates the Reporter column in the Cases table to use usernames instead of full names (#121820).
  • Improves endpoint performance and warns users that trusted applications with a wildcard path might experience performance impacts (#120349).
  • Fixes an issue that caused the Cases feature to crash the UI when determining if a connector was deprecated (#120686).