--- title: "Early Explorer release notes" hide_from_indexes: true --- ## Explorer release notes prior to 1.7.9 Starting with version 1.7.9 all release notes have been [consolidated](release-notes.md) into one page. ### v1.7.8 `2020-05-23` * Fingerprint updates. ### v1.7.7 `2020-05-22` * Fingerprint updates. ### v1.7.6 `2020-05-14` * Corrects inconsistent use of the new service attributes when processing the dynamic MAC address filter. ### v1.7.5 `2020-05-14` * Asset and Service attributes have been normalized. All keys are now camelCase and most service attributes are now prefixed by the protocol name. ### v1.7.4 `2020-05-13` * Support has been improved for the following database protocols: Memcached (TCP), CouchDB, Cassandra, Redis, ElasticSearch, Riak (TCP/HTTP), MySQL, PostgreSQL, MongoDB, MSSQL, and Oracle. ### v1.7.3 `2020-05-07` * Cisco HSRP MAC addresses are now ignored for the purposes of asset correlation. * Updated Ethernet fingerprints. ### v1.7.2 `2020-05-06` * A bug in the mDNS probe that could lead to a hung scan on certain platforms has been resolved. ### v1.7.1 `2020-05-06` * Diagnostic information is now returned in the "systeminfo" response. * Updated Ethernet fingerprints. ### v1.7.0 `2020-05-04` * The bundled `npcap` driver has been upgraded to version 0.9991. * The TLS probe now reports `tls.notBeforeTS` and `tls.notAfterTS` fields as unix timestamps. * Updated Ethernet fingerprints. ### v1.6.10 `2020-05-03` * Updated Ethernet fingerprints. ### v1.6.9 `2020-05-01` * The runZero Agent will verify its own binary and exit on startup if corrupted. * Updated Ethernet fingerprints. ### v1.6.8 `2020-04-23` * Updated Ethernet fingerprints. ### v1.6.7 `2020-04-23` * The scan engine can now identify TCP services on the scanning system across all platforms. ### v1.6.6 `2020-04-22` * An issue that could lead to the scan engine hanging with misbehaving HTTP services has been resolved. ### v1.6.5 `2020-04-22` * Updated Ethernet and BACnet fingerprints. ### v1.6.4 `2020-04-17` * Devices that relay mDNS from other networks (ex: Ubiquiti USG) are no longer associated with the relayed asset information. * Additional Google Chrome paths are considered for screenshot collection. Snap packages of Chromium are no longer used. ### v1.6.3 `2020-04-14` * An issue that could lead to scans hanging while processing HTTP services has been resolved. ### v1.6.2 `2020-04-13` * The Linux agent now restarts properly on Ubuntu 14.04, CentOS 6.10, and other Upstart-based platforms. * Fingerprint updates for Crestron, ELAN, MAC addresses, and BACnet. ### v1.6.1 `2020-04-08` * The Windows agent will now try harder to work around temporary issues while installing an update. * The Windows agent will now clear any stale chrome.exe processes running as LocalSystem during the update process. ### v1.6.0 `2020-04-06` * Screenshots will now limit the number of concurrent Chrome processes based on core count, available RAM, and architecture. * The bundled npcap build has been updated to version 0.9990. ### v1.5.6 `2020-04-04` * The RDP probe now collects the full NTLMSSP response for more platforms. * The HTTP probe now collects information about web forms and their inputs. ### v1.5.5 `2020-03-27` * The SNMP probe no longer reports invalid MAC addresses found in ARP caches or MAC tables. ### v1.5.4 `2020-03-26` * The TCP probe now handles a wider variety of RDP responses. ### v1.5.3 `2020-03-26` * The SMB probe now reports subprotocols (smb1, smb2, and smb3) consistently. * The SMB probe now collects hashing, encryption, and compression methods from SMBv3 servers. * The SMB probe now reports the server-allocated Session ID for smb2 and smb3. * The TCP probe now collects NTLM information from Remote Desktop endpoints and reports the protocol as rdp. * The HTTP probe now collects additional information from VMware SOAP endpoints. ### v1.5.2 `2020-03-20` * A bug that could lead to the HTTP/2 probe stalling during TLS negotiation has been resolved. ### v1.5.1 `2020-03-14` * A full system disk no longer results in a deadlocked scan. * Fingerprints have been updated for Ethernet MAC addresses, BACnet vendors, and Enterprise IDs. * HTTP/1 probes now explicitly disable HTTP/2 upgrades even when advertised. HTTP/2 is handled separately. * Generic protocol negotiation is no longer attempted on NDMP ports (10,000/30,000). A future release will support improved NDMP detection and negotiation. * A potential deadlock in the runtime library has been resolved by reverting to an older runtime version. ### v1.5.0 `2020-03-04` * A NTP probe has been added that reports the clock skew compared to the scanning instance. * A TFTP discovery probe has been added that requests a non-existent file and stores the response. The TFTP probe supports port ranges. * An OpenVPN probe has been added that can detect remote instances across multiple ports. * A dTLS discovery probe has been added that handles both bare dTLS and CAPWAP-encoded variants. * Microsoft Remote Desktop Gateway instances are now fingerprinted through dTLS and HTTP, reporting the `rdg.Transport` service key. * The protocol handlers for NATPMP, WS-Discovery, and UPnP Device XML now parse out specific subfields for easier matches and future fingerprinting efforts. * The UPnP Device XML parser now triggers a request to download and report the device icon. * The SYN scanner has been updated to improve reliability and report more accurate progress. * The HTTP probe now identifies and reports web site icons as base64-encoded images along with their MD5 hashes. * The HTTP probe now extracts the generator meta tag from HTML responses. * The HTTP probe now extracts splunkd versions from HTML responses. * The RPCBind probe now sends a null call to every UDP service and probes the NFS daemon directly. * VMware ESXi detection has improved and will be used as a fallback in more cases. * TCP protocol fingerprinting will retry more often on temporary network errors. * Empty fields in the `result` structure within the JSON output are now omitted. * Linux on ARM 64-bit (aarch64) is now a supported platform. * Improved detection and early rejection of invalid CIDRs. ### v1.4.5 `2020-02-19` * The SMB probe now records the NTLMSSP response from a wider range of operating systems. * The HTTP probe now stores the response to `GET /` and the response after any redirects are followed. Key names for the redirect responses are prefixed by `last`, such as `last.http.code`. * The HTTP probe now handles compression and chunked transfer encoding properly, storing the normalized HTTP body. * The HTTP probe now reports a banner consisting of the raw HTTP response. * The HTTP probe now supports collecting environment data from LANDesk Management Agents. * HTTP screenshots are now only collected when a 2XX HTTP response code is seen. * HTTP screenshot processing is now more reliable. ### v1.4.4 `2020-02-16` * The SMB Server GUID attribute is now used to correlate results to assets. * The SNMP sysName and sysObjectID attributes are now used to unmatch assets that have changed IPs or were mistakenly matched through another attribute (shared bogus MAC addresses or similar). * Interfaces with no global unicast addresses (including RFC1918) are no longer considered by the ARP and SYN scanners. * VLAN-tagged frames are now ignored by the SYN scanner resolving an issue where packets could be sent on the wrong interface by mistake. * SYN scans now have a mandatory delay between retry attempts, which improves reliability and decreases change churn when small network ranges are scanned. ### v1.4.3 `2020-02-13` * Concurrent scans now use less resources and provide more accurate results. * A bug that caused some HTTP requests to be sent with an empty Host header has been fixed. * Version 1.4.1 and 1.4.2 were internal test releases and not deployed. ### v1.4.0 `2020-02-04` * Version 1.4.0 is a rollup of post-1.3.0 point release work. ### v1.3.2 `2020-02-02` * Agents now support concurrent scans, configured via the cloud console. * Agents now write log files and rotate these log files automatically. * Agents now scan faster on local segments within AWS VPCs. * Agents now support SNMP v3 Context values in the scan configuration. * Agents now try harder to recover from error cases during installation. ### v1.3.1 `2020-01-26` * A race condition was resolved that could leave abandoned chrome.exe processes after a scan. ### v1.3.0 `2020-01-07` * Version 1.3.0 is a rollup of post-1.2.0 point release work. ### v1.2.3 `2019-12-19` * The agent now tracks virtual hosts better for reported HTTP and TLS services. ### v1.2.2 `2019-12-19` * Support for the BACnet protocol has been added. ### v1.2.1 `2019-12-13` * The protocol detection engine has received a number of small improvements (mongod recognition among others). ### v1.2.0 `2019-12-01` * Version 1.2.0 is a rollup of post-1.1.0 point release work. ### v1.1.15 `2019-12-01` * Improved normalization of wireless network fields for the wlan-list probe. ### v1.1.14 `2019-11-27` * Additional bug fixes for SNMP processing. * Initial support for the wlan-list probe module. ### v1.1.13 `2019-11-26` * Better support for truncated HTTP responses. ### v1.1.12 `2019-11-24` * Invalid SNMP responses are now handled more efficiently. ### v1.1.11 `2019-11-24` * A bug that could lead to memory exhaustion when Max Group Size was set to zero has been resolved. ### v1.1.10 `2019-11-23` * A bug in the SNMP probe that could result in the scan missing the last round of enumeration results has been fixed. * Scans that result in excessive memory usage will now automatically upload a heap profile to enable support diagnostics. ### v1.1.9 `2019-11-22` * Improved error handling and logging, minor performance increase. ### v1.1.8 `2019-11-22` * Reduced memory usage on scan reply deduplication. ### v1.1.7 `2019-11-19` * Cisco-specific MIBs are now enumerated for CAM/MAC table enumeration. * SNMP v2 is now queried two ways by the SNMP probe to improve device compatibility. * SNMP v3 authenticated enumeration is now available. ### v1.1.6 `2019-11-19` * A number of small bugs in the SNMP probe have been resolved. ### v1.1.5 `2019-11-18` * The SNMP probe will now try to obtain the full interface and MAC address list from each asset. ### v1.1.4 `2019-11-14` * Miscellaneous fingerprinting improvements. ### v1.1.3 `2019-11-07` * Improved protocol detection for the Click Modular Router daemon. ### v1.1.2 `2019-11-05` * A bug that could lead to a agent being stuck in "stopping" status when a scan is stopped has been resolved. ### v1.0.15 `2019-11-04` * Scans now support the `Max Group Size` option to limit the number of concurrent scan targets. * The MAC address prefix database and various other dependencies and fingerprints were updated. ### v1.0.9 `2019-10-24` * The SYN probe now sends retries using the same source port and sequence number to minimize duplicate responses. MAC address fingerprints have been updated. ### v1.0.8 `2019-10-23` * The SYN probe now retries twice if no RST is received. This improves reliability at the cost of a small increase in scan times. This can be changed by the `syn-max-retries` parameter in the console. ### v1.0.7 `2019-10-21` * Scanner performance is no longer reduced when the ARP probe is enabled for non-local scan targets. ### v1.0.3 `2019-10-06` * The macOS agent now supports additional interface types (loopback and tunnel adapters). ### v1.0.2 `2019-10-02` * A race condition was fixed that could cause an agent to crash mid-scan. Affected scans would have an error status of `task lost to agent restart`. ### v1.0.1 `2019-10-01` * Rumble Network Discovery is [out of Beta with version 1.0.0](https://www.runzero.com/blog/announcing-rumble-1/)!