EDR Version 10212

NOTE Datto EDR leverages a staggered release process. You'll receive an in-product notification when these updates are available to your instance.

Version information

Endpoint Security Agent	Ransomware Agent	Rollback Agent	API
3.14.0	1.3.0	1.2.2	5.0.0

New Features

System notifications

You now can elect to be notified when the following system events occur:

An API token is about to expire or has expired.
A device has been isolated automatically.
A device has been offline for 3 days, 14 days, or 30 days.

To enable the events for which you want to be notified, select Admin > Settings. In the System Notification Settings section, enable the toggles for the desired events.

When an event occurs for which you have enabled its notification setting, the new System Notification icon on the top navigation bar will display a number. Clicking the icon displays the User Notifications table.

Enhancements

Create an exclusion within a Datto AV alert

Users can now create an AV exclusion directly from any Datto AV alert. Simply click the new Create Exclusion button from inside the Datto AV alert.

Include Universal AV Exclusion in Datto AV policies

Make your Datto AV exclusions easier to manage with Universal AV Exclusion. Universal AV Exclusion is a single list of all file, folder, and process exclusions that can be inherited into any Datto AV policy.

You can access Universal AV Exclusion via the Policies button in the top navigation bar.

Inherit Universal AV Exclusion by enabling the Include Universal AV Exclusion toggle in any Datto AV policy.

Response link to the original alert

You can now open the specific alert for which a response action was taken. Click the Respond button in the top navigation bar. In the Responses table there is a new column named Alert with a link to the original alert.

Improved agent upgrade process

We have improved our agent upgrade process to protect devices from becoming ‘Disabled’ due to download errors of the update files.

Once your agents are upgraded to the newest agent build, you can expect that devices will not appear in the ‘Disabled’ state anymore.

Note that this will be released for new agents and it is important that you enable any device previously in this state so you can complete the agent updates.

Improved VSAX synced locations management

VSAX integrated users can now freely move non-VSA synced devices into VSA synced locations. This will allow you to better manage and group devices across large networks.

Improved handling of misconfigured global variables

The Agent will better handle misconfigured global variables within extensions. Some users noticed response actions such as host isolate could fail if the allowed_domains global variable was not setup correct. The agent will now gracefully move forward with full isolation if the domain cannot be resolved.

Remember to enter domains using the format sub.domain.com. Do not include leading protocols such as http:// or ftp://. Tip: You can confirm the domain is entered correctly by using ping or nslookup in the command line on your PC.

Bug fixes

Analysts may have seen permission errors when attempting to respond to a detection. We have updated the platform so users with the Analyst role can use response options such as isolation and reverting isolation options.
Resolved an issue with EDR detection suppressions not respecting the File Signature field when used as match criteria.

Artifacts

agent.linux-amd64.94623f58c0839e95a000f6264cd17cf28ef7bceba0f1ba6226b1c8903f567ef0.bin.gz
agent.linux-arm64.034c0ec80c79bd7bd1858860891b619c4b42ef0ce9e0170c3bcc72032375da16.bin.gz
agent.linux-x86.48ed522e658e1f280d115f7e74bbbd71e209699a697a7d35fbdc46f506825916.bin.gz
agent.macos-amd64.7bc6e637975929ea3d09caa83c00479ff1cc96cdd0aba1616a7e846f3159e071.bin.gz
agent.macos-arm64.3a82bd597ded8b22dacd810c9f054a3d411b22f8defe84fd9a50e07f8b68de99.bin.gz
agent.windows-amd64.9ee1a10f697bec554ea11aa5694be498e39c02fe084970b2a25afae1b5721018.exe.gz
agent.windows-x86.26ae2e52f0600e515c355550bef1b7ee0ecd5eb325a552306288b2a9c3ff7aa0.exe.gz
integrator.windows64.fbb706073459de90303e42f356be48765c2615bb2178eb2ba3d78780bd1956ad.exe.gz

Coming soon!

DNS Secure

A new layer of security is being added to your Datto AV policies. DNS Secure provides an intuitive UI to block access to an array of content-based categories. In addition, you can block or allow specific websites as needed.

Blocked access to any security based category will create a non-alert, aka observable event, in the alert table as well. Prior to the full feature release, we will publish a full training document on how to setup and use DNS Secure.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.