RELEASES Q2 2025
Product - Description Releases
SaaS is a multi-tenant, globally scaled management service that runs in the AWS cloud infrastructure.
Enterprise-grade security management in the cloud
Fast set up to get up and running in a few minutes
Delivers continuous updates so that endpoints is always up to date
Platform that enables centralized policy management and enforcement for endpoints and enterprise security products.
Monitors and manages your network, collects data on events and alerts, creates reports, and automates workflow to streamline product deployments, patch installations, and security updates.
As an open and comprehensive platform, Trellix ePO - On-prem integrates more than 150 third-party solutions for faster and more accurate responses.
Several significant enhancements have been implemented across updates 2025 Update 3 to 5:
Enhanced Identity and Access Management: ePO SaaS now incorporates Microsoft Entra ID (formerly Azure Active Directory) to fortify user authentication and authorization protocols.
Dark Mode: ePO SaaS console now supports dark mode offering improved readability, modern aesthetic and consistency across all XConsole apps.
Scalable Event Services: A new foundational infrastructure for event services has been established, facilitating direct routing of events to the Everest backend. This initiative augments scalability and reduces data storage expenditures by negating the dependence on the ePO database for event flow.
API Support:
The Repository API is available for all users. There is a new scope support for the Agent Deployment URL API (epo.agtdp.r).
You can now filter Device APIs by the attributes datVer and timeZone.
5.10 SP1 Update 5: This update introduces several key enhancements:
Microsoft Entra ID Integration: ePO OnPrem now seamlessly integrates with Microsoft Entra ID (previously Azure AD), enabling both device synchronization and user-based policy enforcement.
Automated Response Enhancements: Administrators can now set up Automatic Responses in ePO to send email notifications for blocked application approval requests.
Trellix ePO SaaS
Trellix ePO OnPrem
Improved User Experience and Conflict Prevention: The new Multiple Tabs option helps prevent data conflicts by allowing administrators to configure warnings or restrictions for users who are editing the same item across several tabs.
Centralized User Auditing: The Rolled-Up User Audit feature offers a consolidated view of user login and audit information from multiple ePO servers on a single reporting server.
Enhanced System Deletion Warnings: Trellix Products can now display warning messages in ePO OnPrem before deleting systems or groups that have those products installed.
Security Hardening: This release also includes critical security hardening enhancements, featuring updates to Tomcat, Java, BC-FIPS, and other libraries.
Trellix Agent
A client-side component of ePO (On-prem and SaaS) that provides secure communication between Trellix ePO and managed products.
In addition to downloading and enforcing policies, Trellix Agent performs client-side tasks such as deploying and updating endpoint products.
Trellix Agent 5.8.4 release includes several key enhancements:
SIR Integration: Introduced System Information Reporting (SIR) integration with TA for Operational Technology (OT) on Windows platforms.
Security Hardening: To bolster security, we've upgraded the openssl and libcurl libraries.
Updated Certificates: New Trellix and Skyhigh certificates are now bundled with the release.
Interop/ppct team tremendously contributed and helped in validating the following
Monthly PPCT - Co-ordinated Monthly PPCT for April, May, June 2025 for in-dev and in-field point product versions
INTEROP validation of ENSM 10.7.12, ENSW 10.7.18, EDR 4.2.1 HOTFIX, EDRF 1.7 and TACC 8.4.3.
Interop Collab validation of ENSM 10.7.12
SUVP & Hotpatch validation for April, May and June 2025 -to satisfy and meet MVI goals
MPT and ENSW CI Runs
PPCT CI on MPT 25.5 and 25.8 builds PPCT CI on ENSW Update 18 builds
TEEM
Application Control blocks unauthorized executables on servers, corporate desktops, and fixed-function devices.
Change Control monitors and prevents changes to the file system.
Used on endpoints that doesn’t change often like POS, ATMs, etc.,
Allows bidirectional communication between endpoints on a network.
It connects multiple products and applications, shares data, and orchestrates security tasks using a real-time application framework called the Data Exchange Layer fabric.
Implemented SSL certificates for TEEM production and TEEM staging environments.
Onboarded support for macOS 15.1.1 (Sequoia) M4 ARM, macOS 26.0 Tahoe, and macOS 26.0 Tahoe ARM.
Incorporated support for Windows 11 LTSC24 x64, Windows 11 24H2 Hotpatch, Windows Server 2025 Hotpatch, W1125H2, W11IOTLTSC24, ORL96, RHEL96, and RHEL100.
TACC Windows 8.4.3:
Enhanced self-protection for TACC files: Additional self-protection mechanisms have been introduced for specific TACC files, including evt_cache, inventory, TACC log files, and the TACC service.
Automatic Response configuration: The response is triggered only for Received approval requests that include a user email. Users can modify the default configuration to enable responses for Received and Not Received requests. If configured, an automatic response can be triggered regardless of the approval request status.
TACC Linux 6.1.1: Provided same-day support for RHEL 10 and zero-day support for RHEL 9.6.
Responsible for sending new content to Endpoint Security products
DXL 6.1.1
Now provides support for strong ciphers in conjunction with weak ciphers for MQTT connections.
Includes Cisco PxGrid 2.0 customer property modifications.
Features TIE IPE plugin enhancements.
The DXL Topic Authorization issue in the Server settings page has been resolved.
Sign DATs with the new Musarubra certificate 2025-03-26 - V2 DAT 11385 & V3 DAT 5840
TACC
DXL
Product - Description Releases
ENS
Protects endpoint devices against cyber attacks
Network + static scanning + behavior scanning + Machine Learning + Reputation + Exploit Prevention
Supports Windows, Linux, & Mac OS
EDR
Analyzes large amounts of data collected from endpoints. Generates alert
Analytics happens on the cloud. Supports both – ePO On Prem & ePO SaaS
EDRF
Brings in EDR and Forensics capabilities under a single product. Supports migration and direct upgrades from EDR Clients. Future versions will bring in HX Endpoint migrations along with additional module capabilities.
ENS MacOS 10.7.11
Full support for IPv6 (all modes) End to End Stack
Bundles Engine 6800 and fixes for multiple customer/security bugs
ENS Windows 10.7.17
Full support for IPv6 (all modes) End to End Stack
Fixes for multiple Customer/security bugs
ENS Linux version 10.7.20
Full support for IPv6 (all modes) End to End Stack
Support for RHEL 9.6 and 10
Added new kernel support
EDR Client 4.2.2 SaaS Release
EDR Client Windows now supports ARM64 along with x86_64 systems.
EDR 4.2.1 HF
Updated libcurl library for Scotiabank (BNS)
ESM
Enterprise Security Manager. SIEM product
Analyst-centric dashboards, reports, reviews, rules, and alerts
Predefined dashboards. Customizable compliance reports
EDRF 1.7 Release
Migration support from EDR to EDRF
Tech debts
eBPF sensor
Acquire/collect advanced artifacts
View Threat artifacts and triage output
ESM 11.6.15 (June 2025)
Increased count of static routes between ESM and ERC interfaces
Ability to configure receivers to which specific ELM events would be routed
Resolution for customer issues and vulnerabilities
Core technologies that are utilized by several endpoint products
SysCore -> kernel drivers
AMCore -> scanning components + GTI lookups
JCMCore -> Single source of reputation on the endpoint
AV Engine -> core scanner
AM Tools -> GetClean, GetSusp, Stinger, GetQuarantine
Cloud based XDR offering
Native & Open Connectors. Goes across attack vectors
~500 connectors across 200+ vendors
Provides deep visibility, across environment searches, correlated alerts, immediate automated responses, and attack mitigation
Support for Windows Server 2022 OS SIEM Collector 11.5.12943 (May 2025)
Tool chain updates to make the agent a 64 bit application
FTE 25.5. Notable changes
Create quarantine for items detected with applied action block
Contained blocked items using an AAC rule
Updated 3rd party libraries, OpenSSL 3.0.16 and SQLite 3.49.1
Implement support for Cloud IVX
Improved ARM support
Enhancements to process hooking
AMCore-Catalog Release
Fixing MS Integrity related issues across multiple Endpoint products
Other AMCORE Content Release
Secure Container AAC Rules for hollowing and TSDE-21084
Support ENSWContent.dat release for ENSW-126941
AV Scan Engine 6810 GA: 30th June 2025
Bug Fixes and vulnerability fixes
Additional capability on Excel files
Helix Connect, featuring significant updates to the Alert UI for better analyst experience, along with Hyperautomation (SOAR) and Archive Search (Snowflake), is scheduled for release at the end of Q3
FTE
HELIX
Product - Description Releases
MLP CLOUD
Machine Learning based protection component
Used in ENS & MVE
A combination of on-disk model and in-cloud models
Policy Auditor
Auditing & compliance product
Evaluate systems against independent standards
MLP Cloud v1.06 (April 2025)
Classifier comms improvements
Aerospie NoSQL DB migration to EKS
MLP Cloud v1.06 (June 2025)
IPv6 support Vulnerability fixes
Bi-Weekly content releases
MS Patch Tuesday content releases
Titan - M Titan
Data Lake for internal usage
Product telemetry is stored
Insights & Threat Researchers use this data
Support for SecondSight, with new schema and interactive dashboard for threat hunting Vulnerability fixes
Whitelisting (Unknown) - POC (Based on REST Data)
XAgent (HX agent)
Combined Protection & Detection product.
Both on-prem & cloud offerings
HX 10.0.4 & Logon Tracker 1.3.3
GCP Support
FIPS and CC compliance
CSRF vulnerability fix
IOC Streamer v1.3.169
Performance fix for MTR Corp
First GA build YARA rules support Security fixes Extended Forensics
Product - Description Releases
Data Center Security
Suite of products spanning DCS use cases
MOVE - Offloaded AV Scanning
ENSS Smart Scheduler 5.8.2.74
Customer escalation fixes
Cloud Workload Security - Security Posture assessment and remediation
Sharepoint and Exchange Security
ENS for Servers
CWS now supports IPv6
IPv6 validation
