From now on, Teramind will be using a new versioning scheme: <major>.<minor>. For example, 3.1. The <major> part of the version will change with each public release. The <minor> part will change with any hotfix/patch updates.

This will simplify version control and make it compatible with Windows product versioning guidelines. It will also help with tools like WiX and SCCM to understand what version of the Agent is installed so that they don't accidentally remove/change the installed application. The new versioning will also help admins who have a custom agent understand what/when they need to update.

A new rule criteria, Running Elevated is added under Activity Rules > Applications. This will allow you to detect any application that's launched with an elevated permission with Windows User Control (UAC):

An app is usually run as elevated when you launch it from the Windows Start menu while holding down the SHIFT+CTRL keys. Or, when you run it from the Explorer with the right-click and then select the Run as administrator option:

This new rule feature will enhance the security of your system as software which usually require admin permission might make changes to your system. It can also help you mitigate the impact of malware and prevent unauthorized privilege escalation, etc.

Teramind Agent (dwm.exe) is launched for every logged in user (session) and is being controlled by a service (svc.exe, service name is tsvchst). When you use a command like sc stop tsvchst, it stops all the agents.

Before this update, agents were being stopped sequentially one after another, which would drastically slow down the shutdown of the service, especially on a terminal server where multiple users/sessions could be running.

With this improvement, services are stopped in parallel improving both speed and reliability.

Under the hood changes were made so that the Agent doesn't check for events for the desktop and background windows for activity changes - improving speed and resource utilization.

Currently to update an Agent you would use a command like this::

Now, you don't need to provide the TMROUTER parameter anymore. So, the new command should look something like this:

The Agent would crash sometimes when you changed the language/region. This is fixed now.

Due to a memory leak bug in tmfsdrv2, the Agent would sometimes crash with a Blue Screen Of Death (BSOD). The bug is fixed now.

Due to an internal bug, the Revealed Agent would crash without displaying any error message. This is fixed now.

In some rare situations, if you had many tabs open, the Agent would crash (with a TMDIAG fatal error log watchdog timeout). The bug causing the error is fixed now.

In some cases, a sharing violation error may occur when a file is being accessed. The bug is fixed now.

You might have seen an error like the below on Python when the script tries to access a file:

The issue seemed to occur with pathlib (but no problem on Python 3.10) and nt.path (but not os.path).

The issue is fixed now.

In some cases, the app icon for the Teramind Revealed Agent weren't being displayed correctly on the Windows Taskbar. This is fixed now.

A bug caused a Protected Agent installation (e.g., a Hidden Agent installed with the DO_PROTECT=yes parameter) lose it's protection when the same version of the Agent was installed over the current (protected) version of the Agent:

The bug is fixed now so that the installer performs the correct checks before updating a Protected Agent.

Due to how a the password for a Protected Hidden Agent was stored, an attacker could bypass the password using a MD5 hash generator together with the computer's name. Name.

The vulnerability is fixed now by implementing a more complex hash and storage mechanism.

Teramind Revealed Agent for Windows had a potential vulnerability due to its use of insecure storage of the user credentials. As the uninstaller didn't clear the user's login information from the Registry, an attacker could gain unauthorized access to the account or clone the registry keys for use in a different machine. The security flaw is fixed now and the user credentials are removed when the Agent is uninstalled.

Teramind Hidden Agent had a potential "DLL sideloading" vulnerability. An adversary could use this vulnerability to execute code inside a trusted (signed) process with elevated (SYSTEM) privileges.

While the Agent and its supporting files are all signed, the signatures weren't being checked before loading a DLL.

The flaw is fixed now so that each file is checked to ensure that the loaded file can be trusted and is actually issued by Teramind before its loaded and executed.

Due to a bug, The Agent would sometimes block USB peripherals (e.g., hub, webcam, mouse, etc.) connected to computer. This is fixed now.

Teramind injects proxy certificates in the browser to monitor web activities. Due to a bug, this certificate wasn't being injected properly into Tor browser. The issue is fixed now.

Due to incorrect memory access in IMAP handler, sometimes email monitoring might not work properly for some emails. The bug is fixed now.

There was a bug with MTM (a service used to monitor Outlook emails) preventing it from connecting to the Outlook Desktop client if a message was opened and minimized. You might have seen an error like the one below due to this bug:

This would cause issues with email monitoring. The bug is fixed now.

Due to a bug, printers weren't opened properly causing printer activities not getting reported. The bug is fixed now.

You might have noticed one or more of the following issues caused by an error of code injection in the browser:

A fix was made so all the these issues should be remedied.

Due to a bug, sometimes the Agent would detect and report on Insert/Eject events for external drives that aren't really present on the system:

The bug is fixed now so that no such events are detected or reported.

Due to a bug in Skype monitoring, Web Upload/Web Download events weren't tracked properly causing the Filenames being reported incorrectly:

The bug is fixed now.

Due to a bug, WhatsApp Web events such as meetings weren't being captured properly. This is fixed now.

Due to a bug, MS Teams events such as chats/calls weren't being captured properly. This is fixed now.

Due to a bug, MTM wouldn't connect to Outlook if a message is opened and then minimized.

Due to a bug, Gmail weren't captured properly. This is fixed now.

Due to a bug, Twitter events such as create post or comment weren't being captured properly. This is fixed now.

Due to a bug, the Uninstall Agent from PC option the COMPUTERS screen wouldn't work:

It would show the Agent was removed but in reality, it wasn't. The bug is fixed now.

Due to a bug, Remote Desktop Protocol (RDP)-based rules (e.g., Activity > Network rules with the Remote host or Remote port conditions) wouldn't trigger properly.

The bug is fixed so that RDP-based rules work as expected.

We noticed that memory usage was high when copying large amount of data to network locations when using Content > Files rules similar to the one below:

The memory leak bug that was causing the issue is fixed now.

You might have noticed that idle time/active time grows incorrectly (exponentially) causing Behavior Rules based on idle time not triggering properly. This bug is fixed now.

In some scenarios, matched values weren't being reported correctly for active/idle time. This would cause rules like the example below to not trigger properly:

The bug is fixed now so that rules based on idle/active time should work properly.

In some scenarios, Activity > Files based rules with an EXCEPT condition wouldn't work if used with an IM. For example:

The bug is fixed now so that Files rules which uses the EXCEPT condition and IM should work properly.

In some scenarios, Activity > Applications based rules with the Launched from CLI and Command Line Arguments criteria wouldn't trigger. For example:

The bug is fixed now so that these rules should work properly.