EA-2026-5-18-WIN
Features or Fixes
Improvement: Improved Endpoint Agent stability with fixes for application freezes, crashes, and startup delays, along with compatibility updates for Windows 11 Insider Preview (25H2).
Fix: Resolved a security vulnerability in the Ransomware Protection driver that could allow an unauthorized process with system-level access to interfere with ransomware protection.
Fix: Resolved an issue where threats located in system folders accessible via Windows path aliases could be missed during scans.
Fix: Resolved a security vulnerability that could allow a locally privileged user to manipulate the agent's security library configuration through a writable file path.
Fix: Resolved an issue that could cause the Endpoint Protection service to crash when a scan was interrupted by a service stop or system shutdown.
Fix: Resolved an issue where running mirror backup software to a network-attached storage (NAS) device could trigger a system crash (blue screen) due to a conflict with the Ransomware Protection driver.
Fix: Resolved an issue where reinstalling the Endpoint Agent after a partial uninstall could prevent the protection service from starting.
Fix: Resolved additional crash conditions in the Endpoint Protection service that could occur under high-load scenarios.
Refer to the table below for the changes to the Endpoint Agent on Windows and Windows ARM included in this release.
| Component Name | Version |
|---|---|
Agent | 2.2.0.71 |
Agent Service | 2.2.0.71 |
User Agent | 2.2.0.56 |
Asset Manager | 2.2.0.70 |
Endpoint Protection | 2.2.0.64 |
Endpoint Detection and Response | 2.2.0.53 |
Software management SDK | 4.3.5745 |
Endpoint Service Monitor | 2.0.0.20 |
Protection Service Updated | 4.7.7.500 |
Component Package Updated | 1.0.2829 |
Brute Force Protection | 2.2.0.50 |
Active Response Shell | 2.0.0.5 |
DNS Content Filtering | 2.2.0.53 |
DNS Crypt Proxy | 2.1.88 |
SIEM | 2.2.0.10 |
Browser Phishing Protection Updated | 2.2.0.22 |
Firewall Management | 2.2.0.50 |
EA-2026-5-7-WIN
Features or Fixes
Feature: Users can now view real-time progress for any running endpoint scan through a new View scan progress option in the tray icon, providing greater visibility into scan status and completion.
Feature: Support added for automatic cleanup of quarantined files on endpoints, reducing manual effort and preventing unnecessary storage buildup. Requires the new Quarantine Management policy setting to be enabled.
Feature: Improved diagnostic logging so endpoint health checks now more accurately reflect the agent's real protection status, helping support identify and troubleshoot issues more reliably.
Fix: Fixed an issue where a failed installer download for one app during a multi-app update could stop all updates.
Fix: Fixed an issue where disabling the Disable automatic updates policy did not fully clear cached Group Policy Cache values, ensuring policy changes now correctly take effect without requiring manual registry cleanup.
Fix: Fixed an issue where certain applications could be incorrectly blocked due to missing download links.
Refer to the table below for the changes to the Endpoint Agent on Windows and Windows ARM included in this release.
| Component Name | Version |
|---|---|
Agent Updated | 2.2.0.71 |
Agent Service Updated | 2.2.0.71 |
User Agent Updated | 2.2.0.56 |
Asset Manager Updated | 2.2.0.70 |
Endpoint Protection Updated | 2.2.0.64 |
Endpoint Detection and Response | 2.2.0.53 |
Software management SDK | 4.3.5745 |
Endpoint Service Monitor Updated | 2.0.0.20 |
Protection Service | 4.7.4.492 |
Component Package | 1.0.2801 |
Brute Force Protection | 2.2.0.50 |
Active Response Shell | 2.0.0.5 |
DNS Content Filtering | 2.2.0.53 |
DNS Crypt Proxy | 2.1.88 |
SIEM | 2.2.0.10 |
Browser Phishing Protection Updated | 2.2.0.22 |
Firewall Management | 2.2.0.50 |
EA-2026-5-7-MAC
Features or Fixes
Feature: The company contact name, email address, and phone number configured in OneView now display in the ThreatDown Endpoint Agent's About screen.
Feature: The Endpoint Agent now displays ThreatDown branding throughout the application, including the installer, About dialog box, system services, and application metadata.
Fix: Resolved an issue where endpoints would fail to migrate between sites in the OneView console.
Fix: Resolved an issue where threat and vulnerability scans remained stuck in a Pending state on devices configured to use UTC+0 timezone with 12-hour time display.
Fix: Resolved an issue where reassigning an endpoint to a new account would fail silently if the device previously had an invalid or missing account registration.
Fix: Resolved an issue where applying an account token via command line on macOS would hang indefinitely without completing.
Fix: Resolved a crash that caused the Endpoint Agent status tray and user interface to become unavailable.
Fix: Resolved an internal instability that could cause unpredictable crashes in the protection plugin.Fix: Resolved a memory leak in the macOS real-time protection daemon that could cause excessive RAM consumption, degrading endpoint performance.
Fix: Resolved a crash in the macOS real-time protection component that could occur during an active scan.
Fix: Resolved an issue where changing the update channel for a macOS endpoint was not correctly applied to the protection component, preventing the endpoint from receiving updates on the configured ring.
Refer to the table below for the changes to the Endpoint Agent on macOS included in this release.
Component Name | Version |
|---|---|
Agent Updated | 1.7.0.4111 |
User Agent Updated | 1.7.0.4111 |
Asset Manager | 1.7.0.218 |
Endpoint Protection | 1.7.214 |
| Endpoint Detection and Response | 1.7.0.439 |
| Software management SDK | 4.3.4141 |
Protection Service Updated | 5.11.1.674 |
| DNS Content Filtering | 1.7.0.70 |
| DNS Proxy Extension | 1.7.42 |