Skip to content
  • There are no suggestions because the search field is empty.

Netwitness recommend to Upgrade 11.7 windows endpoint agents to 11.7.1.2.

Tags: Advisories, Technical Advisories

Advisory Type

Technical


Advisory Content

Summary

Netwitness has identified an issue with the Netwitness Endpoint Windows Agent 11.7 that can potentially cause high CPU utilization on the Endpoint machines when a suspicious thread is detected. This is isolated only to Windows agent and does not affect Linux or MacOS agents.

Affected Platforms

Netwitness Endpoint Agent 11.7

Recommendation

Upgrade Windows Endpoint agents to 11.7.1.2  

An updated advisory will be published soon outlining further details on upgrading to the 11.7.1.2 release.

If you are still on 11.7.X and some reason cannot upgrade to the latest release then as a workaround, apply the following advance setting in the Agent Endpoint (EDR) policy to disable the suspicious thread detection.

{

"trackingConfig": {

                 "sentinelConfigOverride": true,

                 "sentinelConfigValue":891

                 }

}

For additional documentation for groups and policy, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.