New
- New data collection for Patch Tuesday: We updated the Insight Agent's data collection capabilities on Windows assets to support Patch Tuesday vulnerability checks for July 2023.
Improved
- More accurate fingerprinting: Updated data collection to improve InsightVM fingerprinting for Firefox Java to better match results between the Insight Agent and the Scan Engine.
Updates
Upgrade to Sysmon service 15.0: Previously, a rollout to upgrade all desktop editions of Windows 8.1, 10, and 11 to Sysmon 14.16 was paused to investigate an issue reported in Microsoft's Q&A forum which indicated that Sysmon 14.16 could be causing system crashes or freezes on assets running Windows Server. On June 27, 2023, Microsoft released a fix to this issue - Sysmon 15.0.
Therefore, we are no longer continuing the rollout of Sysmon 14.16 and will begin to upgrade all Windows assets (managed by Rapid7’s Sysmon Installer) to Sysmon 15.0. We are currently running tests on Sysmon 15.0 and monitoring online forums for reports of new issues. The rollout of Sysmon 15.0 will begin in the second half of July and end by the first week of August.
While the Sysmon Installer component is managed independently from the Insight Agent itself, its update behavior is still subject to the update settings you have configured in Agent Management. As long as Enable automatic updates and Keep me on the latest version are selected for your organization, your assets with installed Insight Agents will receive the Sysmon 15.0 upgrade automatically. If your organization does not currently have automatic updates enabled, or does but with a version lock applied, you will need to change your update settings as stated to receive the Sysmon 15.0 upgrade.