Starting with version 1.7.9 all release notes have been consolidated into one page.
npcap driver has been upgraded to version 0.9991.
The TLS probe now reports
tls.notAfterTS fields as unix timestamps.
Updated Ethernet fingerprints.
Devices that relay mDNS from other networks (ex: Ubiquiti USG) are no longer associated with the relayed asset information.
Additional Google Chrome paths are considered for screenshot collection. Snap packages of Chromium are no longer used.
The Windows agent will now try harder to work around temporary issues while installing an update.
The Windows agent will now clear any stale chrome.exe processes running as LocalSystem during the update process.
Screenshots will now limit the number of concurrent Chrome processes based on core count, available RAM, and architecture.
The bundled npcap build has been updated to version 0.9990.
A full system disk no longer results in a deadlocked scan.
Fingerprints have been updated for Ethernet MAC addresses, BACnet vendors, and Enterprise IDs.
HTTP/1 probes now expicitly disable HTTP/2 upgrades even when advertised. HTTP/2 is handled separately.
Generic protocol negotiation is no longer attempted on NDMP ports (10,000/30,000). A future release will support improved NDMP detection and negotiation.
A potential deadlock in the runtime library has been resolved by reverting to an older runtime version.
A NTP probe has been added that reports the clock skew compared to the scanning instance.
A TFTP discovery probe has been added that requests a non-existent file and stores the response. The TFTP probe supports port ranges.
An OpenVPN probe has been added that can detect remote instances across multiple ports.
A dTLS discovery probe has been added that handles both bare dTLS and CAPWAP-encoded variants.
Microsoft Remote Desktop Gateway instances are now fingerprinted through dTLS and HTTP, reporting the
rdg.Transport service key.
The protocol handlers for NATPMP, WS-Discovery, and UPnP Device XML now parse out specific subfields for easier matches and future fingerprinting efforts.
The UPnP Device XML parser now triggers a request to download and report the device icon.
The SYN scanner has been updated to improve reliability and report more accurate progress.
The HTTP probe now identifies and reports web site icons as base64-encoded images along with their MD5 hashes.
The HTTP probe now extracts the generator meta tag from HTML responses.
The HTTP probe now extracts splunkd versions from HTML responses.
The RPCBind probe now sends a null call to every UDP service and probes the NFS daemon directly.
VMWare ESXi detection has improved and will be used as a fallback in more cases.
TCP protocol fingerprinting will retry more often on temporary network errors.
Empty fields in the
result structure within the JSON output are now omitted.
Linux on ARM 64-bit (aarch64) is now a supported platform.
Improved detection and early rejection of invalid CIDRs.
The SMB probe now records the NTLMSSP response from a wider range of operating systems.
The HTTP probe now stores the response to
GET / and the response after any redirects are followed. Key names for the redirect responses are prefixed by
last, such as
The HTTP probe now handles compression and chunked transfer encoding properly, storing the normalized HTTP body.
The HTTP probe now reports a banner consisting of the raw HTTP response.
The HTTP probe now supports collecting environment data from LANDesk Management Agents.
HTTP screenshots are now only collected when a 2XX HTTP response code is seen.
HTTP screenshot processing is now more reliable.
The SMB Server GUID attribute is now used to correlate results to assets.
The SNMP sysName and sysObjectID attributes are now used to unmatch assets that have changed IPs or were mistakenly matched through another attribute (shared bogus MAC addresses or similar).
Interfaces with no global unicast addresses (including RFC1918) are no longer considered by the ARP and SYN scanners.
VLAN-tagged frames are now ignored by the SYN scanner resolving an issue where packets could be sent on the wrong interface by mistake.
SYN scans now have a mandatory delay between retry attempts, which improves reliability and decreases change churn when small network ranges are scanned.
Concurrent scans now use less resources and provide more accurate results.
A bug that caused some HTTP requests to be sent with an empty Host header has been fixed.
Version 1.4.1 and 1.4.2 were internal test releases and not deployed.
Agents now support concurrent scans, configured via the cloud console.
Agents now write log files and rotate these log files automatically.
Agents now scan faster on local segments within AWS VPCs.
Agents now support SNMP v3 Context values in the scan configuration.
Agents now try harder to recover from error cases during installation.
Max Group Sizeoption to limit the number of concurrent scan targets.
syn-max-retriesparameter in the console.
task lost to agent restart.