Cloud Workload Protection
agent release notes

December 15, 2021 - Agent 6.8.2.69 (Linux only)
The following issues are fixed in this release:
  • In certain cases, after patching a Linux RHEL 7.9 OS (of kernel 3.10.0-1160.42.2.el7.x86_64 sdcss-kmod-10.0.1-862.el7.x86_64) for a server instance, the custom policy got removed and the policy state changed to "Policy not Applied" in the console. This issue has been fixed.
  • In certain cases, on changing the hostname of the instance, the Antimalware definitions were not updated making the instance status as "at risk". This issue has been fixed.
  • Container discovery was failing after upgrading the of
    Symantec Cloud Workload Protection
    agent to 6.8.2.60. This issue has been fixed.
September 20, 2021 - Windows SEP 14.3 RU3 agent upgrade
  • A new SEP agent version,
    SEP 14.3 RU3
    , is now available for the Windows instances of
    Symantec Cloud Workload Protection
    .
    All existing SEP agents of
    Symantec Cloud Workload Protection
    can upgrade to SEP 14.3 RU3 (from September 24, 2021 onwards) based on the configuration that you defined for the
    Client Updates Schedule
    setting of the Windows Anti-Malware policy.
    Restart the Windows instances to complete the SEP agent upgrade.
May 26, 2021 - Agent 6.8.2.67 (Windows only)
The following issue has been fixed in this release:
  • During shutdown of a few .NET Core applications, the
    Symantec Cloud Workload Protection
    agent hangs. This issue has been fixed.
Known issue
The Windows agent 6.8.2.67 has the following known issue and a workaround:
  • Sometimes, after you install the agent, the agent status does not display "Reboot required", but instead displays the IPS and RT-FIM settings as disabled.
    Workaround
    : Reboot the instances to load the required drivers and display the correct status of the agent in the console.
May 12, 2021  - Windows SEP 14.3 RU2 agent upgrade
  • A new SEP agent version,
    SEP 14.3 RU2
    , is now available for the Windows instances of
    Symantec Cloud Workload Protection
    .
    All existing SEP agents of
    Symantec Cloud Workload Protection
    can upgrade to SEP 14.3 RU2 (from May 19, 2021 onwards) based on the configuration that you defined for the
    Client Updates Schedule
    setting of the Windows Anti-Malware policy.
    Restart the Windows instances to complete the SEP agent upgrade.
November 23, 2020 - Agent 6.8.2.60 (Linux only)
The following
new feature
is added for the
Cloud Workload Protection
agent:
  • A new detection policy called the
    Advanced Visibility Policy
    is introduced that leverages the existing capabilities as well as the following new detection capabilities of this Linux agent:
    • Process Launch and Process Terminate
    • Network Connections
    Fixed Issues of Agent 6.8.2.60 (Linux only) release
    • The Linux agent did not detect docker container even after the docker was installed on an instance. This issue is fixed and now the agent is successfully detecting docker container after a docker is installed on an instance on which
      Cloud Workload Protection
        is already installed.
    • Cloud Workload Protection
      did not monitor docker containers that were running before the Intrusion Detection Service (IDS) policy was initiated. This issue is fixed and now
      Cloud Workload Protection
      successfully monitors the docker containers .
    • The stargate folder remained erroneously after the CWP agent was upgraded. This issue is resolved and now the agent after upgrading successfully deletes the stargate folder.
    • The http_proxy entry from AMD service file was not removed when installagent.sh configure is called with --proxy-mode Disabled. This issue is fixed and now the http_proxy entry in AMD service file is removed when installagent.sh is run with proxy mode disabled
    Known Issue of Agent 6.8.2.60 (Linux only) release
    • You cannot configure tags after the agent is installed using the following command:
      ./installagent.sh --tags <tagname>
      Workaround:
      Configure the required tags at the time of agent installation .
September 4, 2020 -  Agent 6.8.1.203 (Linux only)
The following new features are added for the
Cloud Workload Protection
agent:
October 3, 2019  - Agent 6.7.5.285 (Linux only)
The following versions of SuSE Linux Enterprise Server kernels are supported for the agent:
Version
Supported versions of Kernel
SuSE Linux Enterprise Server 12 SP3
4.4.73-sp3:4.4.73-5
4.4.82-sp3:4.4.73-5
4.4.92-sp3:4.4.73-5
4.4.103-sp3:4.4.73-5
4.4.114-sp3:4.4.73-5
4.4.12[06]-sp3:4.4.73-5
4.4.13[128]-sp3:4.4.73-5
4.4.14[03]-sp3:4.4.73-5
4.4.15[56]-sp3:4.4.73-5
4.4.162-sp3:4.4.73-5
4.4.17[568]-sp3:4.4.73-5
4.4.180-sp3:4.4.73-5
SuSE Linux Enterprise Server 12 SP2
4.4.21-sp2:4.4.21-69
4.4.38-sp2:4.4.21-69
4.4.[45]9-sp2:4.4.21-69
4.4.74-sp2:4.4.21-69
4.4.90-sp2:4.4.21-69
4.4.103-sp2:4.4.21-69
4.4.114-sp2:4.4.21-69
4.4.12[01]-sp2:4.4.21-69
SuSE Linux Enterprise Server 12 SP1
3.12.49-sp1:3.12.49-11
3.12.5[1379]-sp1:3.12.49-11
3.12.6[279]-sp1:3.12.49-11
3.12.74-sp1:3.12.74-60.64.40
!3.12.74-60.64.69-default:! #excluded kernel (This kernel is not supported)
SuSE Linux Enterprise Server 12 SP0
3.12.28-sp0:3.12.28-4
3.12.3[2-9]-sp0:3.12.28-4
3.12.4[348]-sp0:3.12.28-4
3.12.51-sp0:3.12.28-4
3.12.55-sp0:3.12.28-4
3.12.6[01]-sp0:3.12.28-4
August 8, 2019 -  Agent 6.7.5.279 (Linux and Windows)
The agent build contains few performance enhancements and the following defect fixes:
  • After an agent upgrade a secret key and a proxy password was required. This issue has been fixed.
  • AP scanning slows down other applications. The AP scan timeout is reduced to 10 seconds. This issue has been fixed.
  • After upgrade, the system becomes unresponsive. This issue has been fixed.
  • Ubuntu 18.04 agent system crashes during persistence test. This issue has been fixed.
  • IDS policy does not get applied to Linux Containers consistently. This issue has been fixed.
  • Multi-byte characters are not process correctly in exclusion list. This issue has been fixed.
  • The system becomes unresponsive if a malware or a virus file name includes multi-byte characters. This issue has been fixed.
  • After the agent upgrades, the AMD INI file is not updated to include the new settings on schedule scan. This issue has been fixed.
  • A user was allowed to modify the registry keys. This issue has been fixed.
  • Overlayfs2 in EVT/AP kernel modules was not supported. This issue has been fixed.
  • RHEL7.5 agent system crashed during persistence test. This issue has been fixed.
  • AP exclusion list included /proc /sys. This issue has been fixed.
  • The Moving File and Directory exclusion logic to usermode; quarantine was not synchronized. This issue has been fixed.
  • AMD service status reporting to server did not include "APDisabled" and "Disabled". This issue has been fixed.
  • EICAR string test did not catch Linux cases when written using vi. This issue has been fixed.
  • A file was not included in the currentdate.exe. This issue has been fixed.
  • The IDS driver status was not consistent for Linux and Windows. This issue has been fixed.
  • The FIM driver status check was not working. This issue has been fixed.
  • The Driver status for AgentInfo was not sent to the server. This issue has been fixed.
  • Incorrect values were sent to tags during default installation. This issue has been fixed.
  • Unable to rename a registry key. This issue has been fixed.
  • No validation check for Quarantine directory size and file period was present. This issue has been fixed.
  • Unable to schedule Antimalware scanning. This issue has been fixed.
  • It was not possible to enable or disable Malware file quarantine in the scan scheduler. This issue has been fixed.
  • For Windows Server 2019 translator changes were not present. This issue has been fixed.
  • Regex with file name was not getting excluded from scan. This issue has been fixed.
  • The installagent.sh was not updated after the service script was moved to /etc/systemd/system. This issue has been fixed.
  • Unable to apply policy to instances. The following error is displayed in the CAF logs:
    Fatal error in Enrollment: not an object.
    This issue has been fixed.
  • In the enroll body, the agent reported incorrect OS version for Windows server 2019. This issue has been fixed.
July 11, 2019 - Agent 1.5.253 (Windows only)
  • Cloud Workload Protection
    now supports agent on Windows 2019 platform
  • Google Chrome processes were incorrectly running on Windows OS sandbox. This issue has been fixed.
  • After OOTB policies were applied to a Windows 2016 instance installed with AD, the denied events such as PFIL, PPRC and PREG were logged incorrectly. This issue has been fixed.
  • It was not possible to add members to the Windows AD instances if OOTB policies were rolled out on both the AD as well as the member Windows instances. This issue has been fixed.
  • The executable, LSASS.exe was denied access to few core Windows executables like RUNDLL32.EXE, WMIPRVSE.EXE and Symantec applications (SCS.EXE,) to perform operations when prevention policy was enforced. This issue has been fixed.
  • Access of LSASS.exe was not blocked on Windows OS sandbox. This issue has been fixed.
  • On disabling the
    Allow Execution of files
    option in IIS sandbox, the IIS worker processes were blocked and did not execute. This issue has been fixed.
  • On Windows instances, if the agent was installed through installagent.bat without a switch, then "%NEW_TAGS% tags were passed in enrollment request during the default installation. This issue has been fixed.
  • It was not possible to prevent administrators from modifying or deleting any specific Windows registry keys. This issue has been fixed (CASE: 14166132).