Trellix Endpoint Detection and Response (EDR) Mac Content version 4.2.1.4955 and Linux Content version 4.2.1.4952 are now available and support EDR Client 4.2.1.x. We recommend applying these updates to ensure your endpoints benefit from these enhancements.
This release focuses on streamlining Client operations and improving the overall endpoint footprint.
This release includes the following enhancements:
-
Improved detection on Linux platforms
- For GTFOBins and MSV OpenSSL usage
- For malicious AWK usage (Reverse shells and privilege escalation)
-
Performance optimization: This update includes optimized logic to minimize the strain on system resources and reduce disk I/O, thereby improving overall performance.
- Noise reduction: Updated default compatibility logics and trusted signers to ensure seamless interoperability with verified third-party security and administrative software (UEMS_Agent).
To ensure you receive the latest content, see the "General policy configuration" section of the Product Guide for configuring content updates.
For more information, see the EDR documentation on the Product Docs portal.
Trellix EDR Mac Content version 4.2.1.4955 and Linux Content version 4.2.1.4952 are available now through the Product Downloads site and ePO software catalog.
Note: To receive information about product updates, sign up for the Support Notification Service.
For instructions, see the Thrive Portal User Guide and navigate to Profile and Settings > My Settings > Manage Support Notification Services (SNS) subscription preferences.