Symtrex Inc.

Cyber Security Specialist

Call - 866-431-8972 | Send an Email | Request a Quote
Visit Us On FacebookVisit Us On TwitterVisit Us On Linkedin

Profile

Enterprise Snare Agent Update

by

Please be advised that two of the Enterprise Snare Agents have patch updates available – the Enterprise Snare Agent for Windows and the Enterprise Snare Agent for MS SQL.

For the Enterprise Snare Agent for Windows:

  • Improve debugging output

Enhanced debugging support is added for the windows agent. To output debug logs to a file, and after stopping the snare service, the agent is run from administrative console, ie. SnareCore.exe -c -d9 >> log.txt

Then log.txt file will include the event IDs of all the events that SnareCore will capture, regardless if
they are ignored by objectives.

  • Windows Agent Crashing on occasion with USB events

There was an issue with the registry bookmark handling of the events specially when dealing with USB events (where Enable active USB auditing? is selected on Network Configuration in the web UI). Due to this issue, Snare might crash while  processing USB events. This issue is fixed in this release and now bookmarks and USB events work correctly together.

Snare Enterprise Agent for MS SQL

  • SnareMSSQL does not remove its service on uninstall

An issue was identified with the uninstaller of the SnareMSSQL v1.4.1, v1.4.2 and v1.4.3 agent versions. Due to this issue if the uninstaller was run on a SQL server standalone machine then the uninstaller may not remove the SnareMSSQL service which could be left in a disabled state requiring a reboot to clear. This issue is fixed in this release. Now uninstaller removes the SnareMSSQL service  correctly during uninstall.

  • The MSSQL agent picks the machine hostname for current events instead of event hostname

An issue was found for installs that use cluster mode with the ‘system’ column on current events page. Due to this issue, sometimes, the machine hostname was shown in the system column instead of current active cluster node name. This issue is fixed in this release and now the system column shows the appropriate active node name.

  • Issue with the loadinf option on cluster machine
  • Error handling astray when checking groups

An issue was found with the way errors were reported on the web UI during the ‘Check Groups’ operation from objective page. Due to this issue, the next error was appended with the previous one; causing confusing error text. This issue is fixed in this release.

These updates can be downloaded from your client area, should you wish more information please contact us.