After being installed on a Windows managed device, the Antimalware Agent auto-updates when a new agent version is released to the cloud service (i.e., the same repository from which signature updates are pulled). This document lists the released Antimalware Agent versions and fixes.
In ZENworks Control Center, you can use the Device Malware Signature Version dashlet located on the Security Dashboard to view the Antimalware Agent version installed on each managed device.
By default, managed devices check for Antimalware Agent updates every 4 hours. If an update is available, it is installed immediately. You can customize how often the check occurs by using the Antimalware Agent Schedules configuration settings at the zone, device folder, or device level. ZENworks Control Center navigation for these schedules is shown below:
Zone: Configuration > Management Zone Settings > Security
Device folder: Folder object (Details link) > Settings > Security
Device: Device object > Settings > Security
Updates do not typically require a reboot, but the schedule lets you postpone potential reboots if desired. For more information about configuring the schedules, see Antimalware Agent Schedules
in the ZENworks Endpoint Security Antimalware Reference.
To force managed devices to check for and install updates, use the “Update Antimalware Agent” action in the Device Malware Signature Version dashlet.
Released: September 21, 2022
New Features and Improvements:
Added support for Windows 11 22H2
Resolved Issues:
Fixed an issue that affected a few product files after an unexpected shut down.
Resolved an edge-case scenario where the Antimalware module displayed On-Access as disabled in the local interface even though it was enabled in the policy.
Security fixes
Released: July 7, 2022
Resolved an issue with the update module of the Endpoint Security Endpoint SDK. The issue manifests in the form of an update error (error code -1016) visible in the Update.
Released: February 4, 2022
Resolved issues:
Fixed the following security vulnerability:
CVE-2021-4199
CVSS Score: 7.8
Risk Level: High
Vulnerability details: Allows a remote attacker to escalate local privileges to the SYSTEM.
NOTE: CVE-2021-4198, regarding a crash in the messaging_ipc.dll, has been recently published. This vulnerability was previously fixed and shipped in September 2021.
No reboot is required.
Fixed an issue where the integrated Support Tool, when run manually to collect log files for troubleshooting purposes, would sometimes remove directories in the same destination path as the saved logs.
Released: October 28, 2021
Resolved issues:
Resolved an issue where the Endpoint Security Service generated high RAM usage when the endpoint received new policy settings.
Resolved an issue where the Endpoint Security Console service randomly created a certain file on endpoints.
Addressed a specific scenario where the product caused critical errors (BSOD). The issue is now fixed.
Resolved an issue where the Endpoint Security Console service crashed after installing the security agent on a different partition in Windows Server 2012.
In some cases, the agent installation failed on endpoints with Windows Defender enabled. The issue is now fixed.
Fixed two security vulnerabilities in the update module:
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/en-us/legal.
© Copyright 2022 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (Micro Focus) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.