New
- Sysmon Installer and Events Monitor components released: We added 2 new components to the Insight Agent: Sysmon Installer and Events Monitor. Sysmon Installer is responsible for installing Sysmon and managing its configuration, while Events Monitor is responsible for sending Sysmon Process Start events to InsightIDR. Sysmon Installer and Events Monitor run under the processes
rapid7_sysmon_installer.exeandrapid7_events_monitor.exe, respectively. Our How the Insight Agent Works documentation has been updated to reflect these new processes.- Oct 21, 2022 update: This note was not initially included with this release group's first publication. The 3.1.2.35 release group has been updated with this additional note to show when these Insight Agent components were released.
Fixed
- We fixed a Local Privilege Escalation vulnerability that was introduced by Insight Agent v3.0.1 that caused certain DLLs to be loaded and executed with
SYSTEMpermissions. Thank you Dawson Medin for discovering and reporting this vulnerability!