A newer version is available. For the latest information, see the current release documentation.
« Release notes 7.16 »
Elastic Docs Elastic Security Solution [7.17] Release notes

7.17

edit

7.17

edit

7.17.25

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.25 release.

7.17.24

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.24 release.

7.17.23

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.23 release.

7.17.22

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.22 release.

7.17.21

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.21 release.

7.17.20

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.20 release.

7.17.19

edit

Bug fixes and enhancements

edit
  • Adds file and size constraints to value lists (#176074).

7.17.18

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.18 release.

7.17.17

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.17 release.

7.17.16

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.16 release.

7.17.15

edit

Security updates

edit

  • If Elastic Endpoint (v7.9.0 - v7.17.14) is configured to use a non-default option in which the logging level is explicitly set to debug, and Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext.

    The issue is resolved in Elastic Stack 7.17.15.

    For more information, refer to our related security announcement.

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.15 release.

7.17.14

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.14 release.

7.17.13

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.13 release.

7.17.12

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.12 release.

7.17.11

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.11 release.

7.17.10

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.10 release.

7.17.9

edit

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.9 release.

7.17.8

edit

Bug fixes and enhancements

edit
  • Fixes a bug that caused Elastic Endpoint to crash when running on busy Linux systems and when the collection of network events or malicious behavior protection was enabled.

7.17.7

edit

Bug fixes and enhancements

edit
  • Fixes a bug that sometimes caused Elastic Endpoint to change to a non-running state on Windows endpoints (#29).

7.17.6

edit

Known issues

edit

  • In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will have an Unhealthy status when this happens (#29).

    To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:

    PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe"


   ProviderName: Microsoft-Windows-CodeIntegrity

TimeCreated                      Id LevelDisplayName Message
-----------                      -- ---------------- -------
9/22/2022 10:47:35 AM          3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
9/19/2022 2:10:14 PM           3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...

    If Elastic Endpoint is not running, there are several workarounds you can take:

    • Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:

      c:\Program Files\Elastic\Agent\elastic-agent.exe restart

    • Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.

      Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be Unhealthy. The status will change to Healthy once the integration is reinstalled.

    • Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.

Bug fixes and enhancements

edit

There are no user-facing changes in the 7.17.6 release.

7.17.5

edit

Known issues

edit

  • In some situations, Elastic Endpoint might change to a non-running state on Windows endpoints and fail to restart. Elastic Agent will appear Unhealthy when this happens (#29).

    To determine whether Elastic Endpoint has stopped running because of this issue, run the following PowerShell command as an administrator:

    PS C:\Users\user> Get-WinEvent Microsoft-Windows-CodeIntegrity/Operational | where Id -eq 3004 | where Message -match "elastic-endpoint.exe"


   ProviderName: Microsoft-Windows-CodeIntegrity

TimeCreated                      Id LevelDisplayName Message
-----------                      -- ---------------- -------
9/22/2022 10:47:35 AM          3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...
9/19/2022 2:10:14 PM           3004 Error            Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Elastic\Endpoint\elastic-endpo...

    If Elastic Endpoint is not running, there are several workarounds you can take:

    • Manually uninstall, then reinstall Elastic Endpoint on affected hosts: Remove an invalid Elastic Endpoint installation by running the Elastic Endpoint uninstall command on affected hosts. Once the uninstallation process has finished, run the following command to restart Elastic Agent, which automatically reinstalls Elastic Endpoint:

      c:\Program Files\Elastic\Agent\elastic-agent.exe restart

    • Uninstall, then reinstall the Endpoint Security integration on affected hosts: Uninstalling and reinstalling the Endpoint Security integration on affected hosts will also force the uninstallation and reinstallation of Elastic Endpoint on these hosts.

      Uninstalling the Endpoint Security integration may temporarily cause Elastic Agent’s status to be Unhealthy. The status will change to Healthy once the integration is reinstalled.

    • Downgrade Elastic Agent and Elastic Endpoint versions: Downgrading to unaffected Elastic Agent and Elastic Endpoint versions resolves this issue.

Bug fixes and enhancements

edit
  • Fixes a sorting and tooltip issue in Timeline for non-ECS fields without nested values (#132570).
  • Fixes a bug that interfered with Windows' boot up process if Elastic Endpoint’s Protected Process Light (PPL) service wasn’t fully uninstalled on the machine (#20).

7.17.4

edit

Bug fixes and enhancements

edit
  • Allows preconfigured connectors to be used with cases (#130372).
  • Fixes a trusted applications path bug that caused a timeout error when users defined a matching Path value without wildcards (#131085).
  • Fixes sorting issues that were related to unmapped fields (#132190).

7.17.3

edit

Bug fixes and enhancements

edit
  • Fixes a bug that prevented more than 20 pinned events from displaying when opening an existing Timeline (#128852).
  • Allows alerts without a populated meta field to be investigated in a Timeline (#129427).

7.17.2

edit

Bug fixes and enhancements

edit
  • Fixes an Endpoint Security integration bug that prevented benign Windows files from being deleted under certain circumstances.
  • Ensures Endpoint Security continues to run on all supported Windows versions by changing the primary signer of the elastic-endpoint.exe file from ELASTICSEARCH B.V. to Elasticsearch, Inc. (#15).
  • Updates the minimum role permissions needed to import rules with actions. After this change, roles must have at least Read privileges for the Actions and Connectors feature to import rules with actions (#126203).

7.17.1

edit

Known issues

edit
  • An Endpoint Security integration bug prevents benign Windows files from being deleted under certain circumstances.

7.17.0

edit

Known issues

edit
  • On macOS versions before 12.4, if Elastic Endpoint is used with other products that monitor or manage network traffic (such as antivirus programs, firewalls, or VPNs), users might experience network connection issues. To resolve this issue, upgrade to macOS 12.4 or later.

Breaking changes

edit

Deprecations

edit
  • The Elastic Endpoint kernel module was deprecated in the 7.17.0 release.

Bug fixes and enhancements

edit
  • Adds detailed telemetry statistics for legacy and regular notifications (#123332, #122472).
  • Fixes a bug that changed the message in the Activity Log tab when users re-fetched log data for a date range without data (#123039).
  • Updates privilege checks when users view the Exceptions page (#122902).
  • Removes leftover alert notifications after a rule is deleted (#122610).
  • Enables cross-space telemetry for cases (#122477).
  • Updates the Reporter column in the Cases table to use usernames instead of full names (#121820).
  • Improves endpoint performance and warns users that trusted applications with a wildcard path might experience performance impacts (#120349).
  • Fixes an issue that caused the Cases feature to crash the UI when determining if a connector was deprecated (#120686).
« Release notes 7.16 »