ITarian Platform and Agents Update - January 08, 2026

Resolved an issue where performance metrics (CPU, RAM, etc.) were not displaying correctly in the Endpoint Manager Portal.

Impact: Users will now consistently see accurate performance metrics (CPU, RAM, disk usage) in the device summary section, improving visibility and management of endpoints across the platform.

Endpoint isolation behavior has been tightened to ensure isolated devices no longer retain unintended access to internal network resources.

Network isolation rules now fully restrict internal resource access.

Improved enforcement ensures isolated endpoints cannot communicate with internal shares or intranet services.

Impact: Isolated endpoints are now truly contained, reducing the risk of lateral movement while maintaining effective threat response.

The XCS engine has been updated to better handle malicious Excel documents containing macro-based threats.

Enhanced support for analysing macro-heavy Excel files.

Added required libraries for handling complex macro scenarios.

Improves detection of malware embedded in macro-enabled Office documents.

Impact: Customers receive improved protection against document-based malware leveraging Excel macros.

A critical issue was resolved where autorun entries could not be re-enabled after the related file was restored from Quarantine.

Autorun items now correctly re-enable after trusted verdict and file restoration.

Impact: Improves control and consistency in managing trusted autorun entries across all endpoints.

The Autorun Monitor now reliably detects and quarantines embedded-code shortcuts copied from SMB shares—even after the first detection.

Improved handling of shortcut execution paths during copy operations.

Enhanced logic to delay detection until copy process is complete.

More consistent behavior across different file copy methods.

Impact: Better protection against threats hiding in startup shortcuts copied from network locations.

Virus Scope now reliably quarantines detected threats, including active ransomware like Cryptolocker, even when running inside the sandbox.

Improved handling of WinAPI calls (TerminateProcess/DeleteFile).

Ensures malware files are removed even if the malicious process fails to terminate.

Impact: Increases security by guaranteeing quarantine action on live malware detected by Virus Scope.

The export functionality for “File List Changes” events is now fully operational.

Export to .htm is supported again for this event type.

Ensures full visibility and audit capability through exported reports.

Impact: Users can now reliably export file change event data for documentation and investigation.

Installer files for CCC and EDR are no longer blocked when DLL blocking is active.

Ensures seamless update of CCC and deployment of EDR.

Addresses trust logic around installer files and file extensions.

Impact: Reduces deployment issues and installation failures in secured environments.

We have resolved a critical issue that caused a Blue Screen of Death (BSOD) when using XCS version 13.5.0.9769 in specific environments.

Impact: Improved platform stability and uninterrupted access to security services.

A critical stability issue affecting XCS version 13.5.0.9769 has been resolved. The issue caused frequent crashes of cmdagent.exe, leading to agent disappearance from the device list in the portal.

Impact: Improved reliability and agent stability across endpoints.

Resolved an issue where some Autoruns and DLP events were not consistently appearing in the portal, despite being logged on the endpoint.

Impact: Ensures all critical security events (Autoruns/DLP) are properly reflected in the portal, improving visibility and incident response.

Fixed an issue where the antivirus database update status for endpoints was not correctly reported to the Endpoint Manager (EM) portal after AVDB updates.

Devices showed ““Updating”” status even after updates completed successfully.

Impact: Ensures that antivirus DB update statuses are accurately reflected in the EM portal, improving monitoring and compliance visibility for managed endpoints."

Windows: