EDR December 11, 2025 v12522 release notes

NOTE Datto EDR leverages a staggered release process. You'll receive an in-product notification when these updates are available to your instance.

Version information

Endpoint Security Agent	Ransomware Agent	Rollback Agent	API
3.17.1.4346	1.5.1	1.4.0.191	5.0.0

New features

Execute bulk response actions on the Alerts tab

You can now execute bulk response actions on multiple alerts from the Alerts tab, improving operational efficiency and streamlining alert management. Simply select the check boxes for the desired alerts (or filter the Alerts table), and click Respond.

Enhanced ransomware monitoring

A new Enhanced Monitoring toggle is now available in Ransomware Detection and Rollback (RWD-RB) policies in Datto EDR. When enabled, enhanced monitoring allows the rollback service to run in a low-overhead mode, delivering faster and more precise ransomware detections. The system can now block and kill ransomware processes including those running with system privileges, prevent blocked processes from restarting, and block additional suspected executables. These improvements help you stop ransomware attacks more effectively and provide deeper visibility into process activity during an incident.

Enhancements

Fetch all agent logs

The Fetch Logs action has been upgraded to collect additional agent log files. This enhancement streamlines troubleshooting by ensuring all relevant diagnostic files are gathered automatically.

BMS integration

We have improved the BMS Integration UX by adding pagination in the BMS Map Accounts tab for easier navigation of large account lists.

User selected Datto AV threat categories

You now have full control over which threat categories the Datto AV engine protects against. In the Datto AV policy, you can enable or disable 13 threat categories. Newly added categories such as Application (APPL), Games, Jokes, Unusual Runtime Compression Tools, and Security Privacy Risk (SPR) are disabled by default but can be configured to fit your needs.

Double confirmation required when unassigning using bulk actions

When you unassign licenses or device groups using bulk actions (without selecting specific devices in the table), you’ll be prompted to double-confirm your intent. This prevents accidental changes and ensures that critical actions are always deliberate.

Fixes

Fixed a permissions issue that prevented external analyst users from executing response actions on alerts from the Alert Detail page.
Fixed an issue where Datto AV agents could run full scans even when only quick scans were enabled in the assigned policy. This ensures that scan behavior strictly adheres to policy configuration.
Addressed an issue in the Timeline tab logic where alerts were grouped by hostname, The change prevents unrelated alerts from different devices with the same hostname from appearing together.

Artifacts

agent.linux-amd64.2067b2c781afaf0e73a30381ab90657a9c1b56c9344a51ce1e515b4a5d630606.bin.gz 
agent.linux-arm64.70940e3d56539491a264384d537815926abd0022e68d07928219b8ff384a76f4.bin.gz
agent.linux-x86.69d443c678e19af4351a8e8021da50c42c029f11e985389da659733869e3a263.bin.gz
agent.macos-amd64.404d1bd1741f0c5497971fbeb0150540bade5f6e6fcf16f670bf8d6384283e41.bin.gz
agent.macos-arm64.d30203ebbcffcc6820f91d4226425aac0fa0c7c2cd6d9712826ec1cd19a270be.bin.gz
agent.windows-amd64.358bc55aacfc1fa3731448ebbd921dd8e6e0ae4b13e5b9caf0e6c8895e62d9e8.exe.gz 
agent.windows-x86.0313b69d24b6b7c5a25069b61082750eee89bd8824f9406448f36c7454e5e0a9.exe.gz

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.