Our latest Trellix Endpoint Detection and Response with Forensics (EDRF) threat detection content release is now available, summarizing the threat detection expansions deployed throughout November 2025. This cumulative update delivers 100 new detections and over 300 rule enhancements to strengthen your endpoint security.
Key defense highlights
- New malware coverage: Added capabilities for ChillyHell, Odyssey Stealer, Cookie Spider, and Tollkeeper
- Advanced threat protection: New detection for Bluenoroff (backdoor injection) and Airstalk, a suspected nation-state supply chain threat
- MacOS security: Introduced detection for "Rusty Pages", targeting recent Rust-based, multi-stage attacks
- Platform reach: Significant updates across Windows (92 new detections), Linux, and macOS platforms
These updates are compatible with all EDR and EDRF client versions. There is no action required.
For more details and a complete list of the changes, see the Knowledge Base article Trellix EDR with Forensics Threat Detection Update – December 2025.
For more information, see the EDRF documentation on the Product Docs site.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.