EDR November 20, 2025 v12333 release notes

NOTE Datto EDR leverages a staggered release process. You'll receive an in-product notification when these updates are available to your instance.

Version information

Endpoint Security Agent	Ransomware Agent	Rollback Agent	API
3.17.1.4189	1.5.1	1.4.0.191	5.0.0

New features

Datto DNS Secure icon

You can now view the status of Datto DNS Secure directly on the Device details page. The Overview section indicates whether Datto DNS Secure is Active, Not Installed, or Unknown, allowing you to quickly assess protection status.

Enhancements

Reputation alerts moved to Rules Engine

Reputation type alerts will now appear as Rule source type alerts, allowing for further analysis and enrichment. Previously generated reputation alerts will remain on the Alerts page for up to one year. We recommend reviewing your existing Alert Suppression rules related to reputation alerts. Edits or removal may be necessary to align with the new alert structure.

Recommendation tab removed

The Recommendation tab has been removed from Rule alerts on the Alerts Details page in Datto EDR. Smart Investigate now provides enhanced guidance and recommendations, simplifying the user interface.

Datto AV update reliability

A threshold of three consecutive update failures has been set before marking Datto AV as out-of-date. A new command-line option agent.exe datto-av --force-update allows on-demand AV updates, supporting more efficient diagnostics and reducing unnecessary alerts.

License filtering restored

We’ve restored additional license filtering options in the Devices table. You can now filter devices by Unlicensed, No AV, No EDR, in the License column, improving visibility and control.

Enhanced EDR Version filter

The EDR Version filter in the Devices table has been enhanced, making it easier to find and manage endpoints running specific EDR agent versions.

Type-ahead search for location filter

You can now use type-ahead search in the Location filter on the Alerts page, allowing faster selection of locations by name.

macOS self-healing enhancements

This update improves the self-healing capabilities of the Datto EDR agent for macOS, using a more robust detection method to recover from connectivity issues and reduce silent failures.

KaseyaOne email update support

You can now change your KaseyaOne email address without losing access to Datto EDR via single sign-on (SSO).

RMM sync visibility

You can now identify and filter devices by their RMM sync status. A new Sync Status column in the Devices table shows whether a device is synced with VSA X or Datto RMM, streamlining device management.

Fixes

Resolved a UI issue where devices outside of assigned device groups appeared to inherit all location-level policies in the UI and alert metadata. The fix ensures both now correctly display only assigned policies.
Fixed an issue where bulk license modifications from the Location Details page could inadvertently impact devices outside the selected location. The fix ensures that license changes are properly filtered by location.
Resolved an issue where Customer-Created Detection Rules did not default to Local Detection Analysis. All new rules now default correctly. For more information on Detection Rules, refer to https://edr.datto.com/help/Content/5-learn/what-are-detection-rules.htm?
The Unlicensed filter option has been restored in the Devices table, allowing easier identification of unlicensed endpoints.
Resolved an issue that limited alert selection when Rows per Page exceeded 25 and sorting filters were applied. You can now view and select all alerts for bulk actions.
The device count was inaccurately displayed from the Location Details screen. The device count accurately reflects all assigned devices.
Resolved an issue that prevented users from downloading exported agent logs in some scenarios. Log exports now function consistently.
Resolved an issue Datto EDR where command-line and decoded payload data in process alerts were truncated, leading to missed rule matches and incomplete information. Full command-line data is now consistently captured and displayed.

Artifacts

agent.linux-amd64.610a1455e010d57258ce1b327eab9e6c35f39f0b8cc2f6704c696f407acbaf75.bin.gz
agent.linux-arm64.ceac9d20f812cd9e857713fd255d490c7ea6640ce4a114aac467789042cd4597.bin.gz
agent.linux-x86.c0d1a61a181022b3533ec990ad86b1de81cb172414cf978548c7c2b067757d8d.bin.gz
agent.macos-amd64.edfebd3194682647ad386d427ae3d1161b3d50f2893e87a7d5501ca7cba5eab5.bin.gz
agent.macos-arm64.99e6764d8e8af7a6171694912f16552dcecca28bd8faffbd846c54b729c8dfca.bin.gz
agent.windows-amd64.f915d14195fa53bd49a441813fc648310a598a91eec86dd4a13b6b470779aebe.exe.gz
agent.windows-x86.c697591e869c3f1d3838ca2e22c613657522cbde029030755a744ed57eabf4c0.exe.gz

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.