Skip to main content

Changelog

All notable changes to SecuritySnares will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

SMB server protection blocks file write attempts from unprotected SMB clients when encrypted data is detected, preventing infected clients from encrypting data on SMB servers

2.0.0.4 - 2026-02-04

Changed

Driver modified to raise events for newly created files
Improved recovery of files attempted to be encrypted

Fixed

Resolved issue where Microsoft would delay the start of the service

2.0.0.2 - 2026-01-14

Fixed

Driver now properly notifies on file creation events
Alert-Only and Protect modes now alert consistently on the same activities

Performance

Optimized process evaluation for improved performance

2.0.0.1 - 2025-12-20

Changed

Changed driver altitude number to 261400.6 for cleaner upgrades from legacy driver

Fixed

Resolved issue where management console and agent mode could become desynchronized
Resolved bug that caused the service to not restart cleanly, leading to the agent being in a stale unhealthy state

2.0.0.0 - 2025-12-15

Added

Rearchitected driver for increased performance and extensibility
Script Control detects when scripts are used to encrypt data
- VisualBasic 6
- Bash (GitBash, Cygwin)
- Mozilla JavaScript (ESR 52, 60, 68, 78, 91, 102)
- JScript (ES2015+)
- PHP (v5, v6, v7)
- Node.js
- Powershell
- JScript v9
- LuaJIT
- JavaScript (Microsoft Legacy Engine)
- Python
- Ruby
Data exfiltration detection using tactics common with ransomware groups

1.3.8.640 - 2025-08-01

Fixed

Hotfix for file recovery queue

1.3.8.639 - 2025-07-10

Added

Protected paths prevent other applications from modifying agent files and folders
Enhanced diagnostic capabilities for troubleshooting
Automatic installation of required security updates on legacy OS versions

Changed

File hash calculation upgraded to OpenSSL 3.3 from 1.x
Legacy OS version now uses libcurl+openssl to resolve TLS 1.2+ compatibility issues
Improved process termination function
Backups disabled in alert-only mode

Fixed

Uninstaller now completes successfully on legacy OS versions
Mute paths now function correctly
Improved detection of renamed files
Uninstall password now works on legacy OS versions

Performance

Multiple performance optimizations across the agent
Added MapViewOfFile file access method detection for improved performance

1.3.7.606 - 2025-04-10

Added

Killswitch command and agent safe mode for emergency control
Service protection prevents unauthorized processes from stopping the service
Service process protection prevents the service process from being terminated
Enhanced service reliability with automatic recovery
Splunk Forwarder integration support
Automated testing suite for improved reliability
System information collection with logs for enhanced diagnostics
%USER_PROFILE% variable support in whitelist
Alternative file reading method when raw disk access is unavailable

Changed

Product rebranded from RansomSnare to SecuritySnares
Self-update events now logged to Windows system log
Manual agent updates now preserve previous settings (API URL/key)
Legacy Windows versions now use libcurl for backend communication with TLS 1.3 support

Fixed

Driver log settings now apply immediately when changed from backend
Corrected URL for log alerts endpoint
Trust status now applies consistently to all processes with the same path
Child process tracking now recovers encrypted files from all processes, not just the parent
Improved AppData folder cleanup during uninstallation
Settings decryption now works correctly on legacy OS versions

1.3.6.598 - 2025-02-21

Added

BrightCloud Cyber Threat Intelligence service integration for enhanced threat detection

Changed

Process termination now targets entire process tree for more thorough threat elimination

Fixed

Microsoft Edge process termination now works correctly
Splunk folders added to mute paths