TOC & Recently Viewed

Recently Viewed Topics

Log Correlation Engine Windows Client 4.2.0 Release Notes - 9/26/2013

The Log Correlation Engine Windows Client 4.2.0 is now available. This release contains the following changes:

New features:

  • Malware Scanning: The LCE client will scan running processes regularly for malware, similar to Nessus. The following configuration items can be used to tune the scanning, but should not be specified in LCE Client 4.0.1 policies.
  • The frequency of the scan can be controlled by adding <malware-scan-frequency> tags to your LCE Client 4.2.0 policy files, where the value is in seconds between scans; for 1 hour scans:

    <malware-scan-frequency>3600</malware-scan-frequency>

  • Processes may be whitelisted by adding MD5 checksums of the corresponding .exe files to the <whitelist-hashes> tag:

    <whitelist-hashes> 0e17d427520db98aa72f5c509f015f5e 1866eda15efde7fc1d4360da92b315e3</whitelist-hashes>

  • Custom malware hashes can also be specified, and will be flagged as malware if they are detected by the LCE client, via the <custom-malware-hashes> tag:

    <custom-malware-hashes>0e17d427520db98aa72f5c509f015f5e 1866eda15efde7fc1d4360da92b315e3</custom-malware-hashes>

Improvements and bug fixes:

  • The LCE Client log is now automatically rotated after 75 MB to lce_client.log.previous
  • Specifying "all" in an <event-log> tag now also catches the Application-specific event logs, like TaskScheduler
  • When available, the FQDN is used when sending CPU usage data, disk usage data, and heartbeats to the LCE server
  • Added detection of generic USB devices (in addition to the already-monitored USB volumes)
  • Fixed an issue that could cause sporadic disconnections when sending events rapidly
  • Fixed an issue that could cause the LCE Client to be unable to write a policy file in the common data directory after a successful installation
  • Fixed an issue where, when a USB device without a volume was detected, there was a possibility that the device would be unavailable for a short timeframe

File Names & MD5 Checksums

File MD5
lce_client-4.2.0-windows_2003_x86.msi 0e379e3a73ca7c626ff4bc2477ed4e53
lce_client-4.2.0-windows_2008_x64.msi 73c530ec7a16503eee108d6782d8fc32
lce_client-4.2.0-windows_2008_x86.msi b73807d091eb23d727dbe6ad065637b7

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.