Skip to main content

Changelog

All notable changes to SecuritySnares will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased] - 2.2.0.0

2.0.1.5 - 2026-04-30

Added

  • Agent health telemetry reporting service status, thread health, API call results, and boot history to the management console for proactive monitoring of agent fleets
  • Driver health telemetry surfacing driver-level operational metrics alongside agent health data
  • System memory telemetry included in agent metrics reporting

Changed

  • Removed the 100-entry cap on the known-good process cache to improve trust evaluation on systems with many processes

2.0.1.4 - 2026-04-21

Added

  • WiperSnare anti-wiper protection, powered by the core SecuritySnares detection engine, defends against destructive wiper malware that permanently destroys data rather than encrypting it for ransom
  • Remote mute rule updates pushed from the management console, allowing administrators to update agent mute rules without redeployment

Fixed

  • Resolved issue where trusted processes could incorrectly trigger alerts

2.0.1.3 - 2026-04-14

Added

  • Configurable mute paths to reduce filesystem noise from high-I/O operations, improving performance on systems with intensive disk activity

2.0.1.2 - 2026-03-27

Added

  • Microsoft Defender Protected Process Light (PPL) compatibility
  • --skip-api-key-check installer parameter to skip API key validation during installation

Changed

  • Improved accuracy of memory measurement in agent metrics
  • Enforced maximum file size limit on backups to \SSAgent\
  • Reduced log verbosity by removing unnecessary process detail entries

Fixed

  • Reduced backup storage usage by filtering out non-essential agent files
  • Optimized allow-list path matching to handle duplicate entries more efficiently

2.0.1.1 - 2026-03-13

Fixed

  • Backup files left behind after reboots or standby mode are now automatically cleaned up to free disk space
  • Improved memory management for better overall performance
  • Enhanced stability with a new thread pool for more reliable operation

2.0.1.0 - 2026-03-12

Added

  • SMB share protection prevents SMB clients without a SecuritySnares agent from encrypting data on protected SMB shares. SMB clients with the SecuritySnares agent installed may encrypt data provided the encrypting process is trusted.
  • Allow SMB clients to write to SMB shares

Fixed

  • Resolved where some log messages displaying as pop-up dialogs
  • Improved end-user notification dialog box stability
  • Fixed an issue where web browsers were incorrectly flagged as unsafe processes
  • Improved logging function thread-safety during concurrent logging operations
  • Corrected installation issue on Windows Server 2016 and Windows 10 version 1607

2.0.0.4 - 2026-02-04

Changed

  • Driver modified to raise events for newly created files
  • Improved recovery of files attempted to be encrypted

Fixed

  • Resolved issue where Microsoft would delay the start of the service

2.0.0.2 - 2026-01-14

Fixed

  • Driver now properly notifies on file creation events
  • Alert-Only and Protect modes now alert consistently on the same activities
  • Resolved issue where the parent process of a script encrypting data was not reported

Performance

  • Optimized process evaluation for improved performance

2.0.0.1 - 2025-12-20

Changed

  • Changed driver altitude number to 261400.6 for cleaner upgrades from legacy driver

Fixed

  • Resolved issue where management console and agent mode could become desynchronized
  • Resolved bug that caused the service to not restart cleanly, leading to the agent being in a stale unhealthy state
  • Resolved uninstallation issue where the agent was not properly authenticated and authorized to terminate gracefully

2.0.0.0 - 2025-12-15

Added

  • Rearchitected driver for increased performance and extensibility
  • Script Control detects when scripts are used to encrypt data
    • VisualBasic 6
    • Bash (GitBash, Cygwin)
    • Mozilla JavaScript (ESR 52, 60, 68, 78, 91, 102)
    • JScript (ES2015+)
    • PHP (v5, v6, v7)
    • Node.js
    • Powershell
    • JScript v9
    • LuaJIT
    • JavaScript (Microsoft Legacy Engine)
    • Python
    • Ruby
  • Data exfiltration detection using tactics common with ransomware groups

1.3.8.640 - 2025-08-01

Fixed

  • Hotfix for file recovery queue

1.3.8.639 - 2025-07-10

Added

  • Protected paths prevent other applications from modifying agent files and folders
  • Enhanced diagnostic capabilities for troubleshooting
  • Automatic installation of required security updates on legacy OS versions

Changed

  • File hash calculation upgraded to OpenSSL 3.3 from 1.x
  • Legacy OS version now uses libcurl+openssl to resolve TLS 1.2+ compatibility issues
  • Improved process termination function
  • Backups disabled in alert-only mode

Fixed

  • Uninstaller now completes successfully on legacy OS versions
  • Mute paths now function correctly
  • Improved detection of renamed files
  • Uninstall password now works on legacy OS versions

Performance

  • Multiple performance optimizations across the agent
  • Added MapViewOfFile file access method detection for improved performance

1.3.7.606 - 2025-04-10

Added

  • Killswitch command and agent safe mode for emergency control
  • Service protection prevents unauthorized processes from stopping the service
  • Service process protection prevents the service process from being terminated
  • Enhanced service reliability with automatic recovery
  • Splunk Forwarder integration support
  • Automated testing suite for improved reliability
  • System information collection with logs for enhanced diagnostics
  • %USER_PROFILE% variable support in allow-list
  • Alternative file reading method when raw disk access is unavailable

Changed

  • Product rebranded from RansomSnare to SecuritySnares
  • Self-update events now logged to Windows system log
  • Manual agent updates now preserve previous settings (API URL/key)
  • Legacy Windows versions now use libcurl for backend communication with TLS 1.3 support

Fixed

  • Driver log settings now apply immediately when changed from backend
  • Corrected URL for log alerts endpoint
  • Trust status now applies consistently to all processes with the same path
  • Child process tracking now recovers encrypted files from all processes, not just the parent
  • Improved AppData folder cleanup during uninstallation
  • Settings decryption now works correctly on legacy OS versions

1.3.6.598 - 2025-02-21

Added

  • BrightCloud Cyber Threat Intelligence service integration for enhanced threat detection

Changed

  • Process termination now targets entire process tree for more thorough threat elimination

Fixed

  • Microsoft Edge process termination now works correctly
  • Splunk folders added to mute paths