EDR Version 10307

NOTE Datto EDR leverages a staggered release process. You'll receive an in-product notification when these updates are available to your instance.

Version information

Endpoint Security Agent	Ransomware Agent	Rollback Agent	API
3.15.0	1.3.0	1.2.2	5.0.0

Enhancements

When a user creates a new Datto AV policy with alert only mode enabled, Real Time Protection Scan will now be disabled automatically. This does not apply to existing AV policies that already have alert only mode enabled unless you disable then re-enable the policy.

Real time protection will always quarantine files and users may have accidentally set up a policy for alert only mode with Real Time protection enabled. We recommend you verify that your existing AV policies with alert only mode enabled don't have Real Time protection enabled as well.
Response items have been added to the Responses table. When a user manually isolates a device or reverts isolation on the Device Details page, the response is listed in the Responses table. Previously, only responses taken from an alert were logged in the Responses table.
We have extended the autostart scanning to monitor additional paths and registry entries.
Sync logic has been updated to better detect orphan accounts in Autotask integrations that will support new and existing mappings.
Removed the need to opt into memory submissions/ scans via the Admin Settings page. Therefore, the Enable memory injection submissions to VirusTotal option has been removed. EDR will continue to leverage 3rd party threat intelligence in memory scans while keeping submissions confidential.
Lowered resource utilization when scanning memory with real time EDR monitoring.

Bug fixes

Includes bug fix for a performance issue that may have caused intermittent Datto AV offline errors for a small number of customers.
When users selected alert check boxes on the Alerts page and then sorted the list, the selections were removed. Now, after you make selections and sort the list, the check boxes remain selected.
For partners with more than 25 device groups, page size limitations blocked the user from seeing all device groups on the Device Groups page. This issue has been resolved.
The executive threat report did not list all organizations if the tenant had greater than 50 organizations. Users can now see all of their locations in the executive report options.
Datto AV details were not visible on the Device Details page when a Datto AV policy was enabled but an EDR policy was not enabled. Users can now see the Datto AV details for devices without an enabled EDR policy.

Artifacts

agent.linux-amd64.28eb4028d3e7e7f509ef03c31dddc7a31f607b6e62e6b808e9ad1caf6d1a5dd3.bin.gz
agent.linux-arm64.5521ceffc7e95b89d91e28072ac0b1fca84b18c32deac2245bf2bc2cf7f0c43b.bin.gz
agent.linux-x86.80db57b82f35d42ebea66c5def44b0fae4db4e4078ab7b2e5662a241a81eb02a.bin.gz
agent.macos-amd64.80615e170626ecaa5b7cd6ce59d6033132ff8220058690240841428269270410.bin.gz
agent.macos-arm64.38c350afbd3c48dbfab9593ce19f107c0cbf3a517254bba103b167da2228fca5.bin.gz
agent.windows-amd64.1002c76aeb8459e38418940ef6d351d18144782bb569f1c26b15c0cc7ad2f3f8.exe.gz
agent.windows-x86.4abc03b5d1992dae19f52451e074dff32a8d24b387f4864574c016134a37092f.exe.gz
integrator.windows64.26ddd43e8fac5bd0308ea6d17b967e44b84aa393937170d8bbfd7d121585a757.exe.gz

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.