New
- Agents on Windows machines can now use Rapid7's in-house
fswalk
command to traverse file systems when scanning for Log4Shell and Spring4Shell vulnerabilities.fswalk
is faster than the Windowsdir
command. It also excludes junctions as well as cloud and non-local storage folders and drives.
Improved
- The Registry Exporter job now captures keys within the WOW6432Node path for assessments.
Fixed
- We reverted a recent change that removed an undocumented feature for sending unencrypted data to a collector. Additionally, the Insight Agent will provide metrics so that we can measure the feature's use by customers.
- When installation fails, the Armor installer script deletes the newly-created Armor directory to provide a clean path for the next attempt.
- We fixed an issue where the Rapid7 Endpoint Prevention installer failed to recognize the correct architecture on some Windows machines.
- Administrative privileges on files required for the Complementary Scan feature to run are now reliably set on non-English Windows systems.
- The Rapid7 Endpoint Prevention script installer now performs proper clean-up when used for upgrades.
- We updated the assessment service's file_info job data to resolve issues consuming filesystem root path information, which could lead to incomplete population of additional mount points in the asset document files section.
- The Rapid7 Endpoint Prevention installer script now correctly handles spaces in the current working directory path.
- Insight Agent no longer includes the third-party "future" Python library, which was vulnerable to CVE-2022-40899
- The Insight Agent's Quarantine feature no longer fails on Linux systems where iptables is installed under /usr/sbin instead of /sbin.
Updated Operating System Support
- The Insight Agent now supports Windows 11 23H2.
- As of version 4.0.2, the Insight Agent no longer supports the following operating systems:
- MacOS 10.15
- Microsoft Server 2012
- Amazon Linux 1
- Fedora 36
- SUSE Linux Enterprise Desktop 15 SP3
Refer to our operating system support page for the latest information.