Product documentation
uberAgent
Current Release (7.3.0) 7.2.1 7.2.0 7.1.2 7.1.1 7.1.0 7.0.2 7.0.1 7.0.0

Changelog and Release Notes

September 3, 2024
Contributed by: 
C

Version 7.3

New features

  • Citrix CVAD/DaaS (Windows) [B395]: additional metrics are now collected.
  • Event log forwarding (Windows) [B395]: uberAgent can now collect and forward events from the Windows event log.
  • Process startup (macOS) [B975]: uberAgent now reports blocked process creations where a security product prevented the exec system call. When this happens, uberAgent generates a ProcessStartup event with a blocked flag.

Improvements

  • Agent [B205]: the log file path can now be configured.
  • Agent (Windows) [B784]: uberAgent’s kernel drivers use lists to buffer data for collection by the service (user mode). The sizes of these lists are now configurable, and they’re reported as part of the memory statistics in the log file.
  • Agent (macOS) [B933]: improved peer verification for IPC.
  • Agent (Windows) [B937]: improved efficiency by introducing batch processing of processes and libraries in the driver to agent communication.
  • Agent [B938]: improved logging if Azure Event Hubs configuration is invalid.
  • Agent (macOS) [B976]: optimized long-term memory usage and performance for systems under high load conditions.
  • Agent (Windows) [I1200]: significantly reduced CPU usage when determining a huge number of performance counters.
  • Agent (Windows) [I1205]: better protection against user-writable directories in the %PATH% environment variable when launching child processes.
  • Browsers (Windows) [I1176]: enhanced communication between the browser extensions’ native messaging hosts and the uberAgent service.
  • Browsers (Windows) [I1223]: added support for flag #launch-windows-native-hosts-directly in Chromium-based browsers.
  • Citrix CVAD/DaaS (Windows) [B211]: the database size is now determined and visualized in the Citrix Virtual Apps and Desktops Databases dashboard.
  • Citrix CVAD/DaaS (Windows) [B710]: licenses are now determined for Citrix DaaS, too, and visualized in the Citrix Virtual Apps and Desktops Licenses dashboard.
  • Citrix CVAD/DaaS (Windows) [B232]: status information per delivery group is now determined and visualized in the Citrix Virtual Apps and Desktops Machines dashboard.
  • Configuration (Windows) [I1221]: configuration files are no longer searched in the installation directory.
  • Dashboards [B954]: the Data Volume dashboard now includes a dropdown to filter indexes.
  • NetScaler [B808]: the NetScaler Virtual Server dashboards now show hit rate, request rate, response rate, and current client and server connections.
  • NetScaler [B808]: the NetScaler Gateway Performance dashboard now shows the number of users and number of AAA sessions per gateway.
  • Security score [B929]: renamed the host to license distribution chart to uberAgent component to host ratio on the Security Score dashboard. The chart now displays where ESA is used in comparison to UXM.
  • Security score [B931]: removed redundant fields in the Host Analysis drilldown panel on the Security Score dashboard.
  • uAQL [B966]: The new jsonp function makes it possible to use JSON pointers to easily access specific values in a JSON object.

Bugfixes

  • Agent (Windows) [I1183]: fixed a possible case of DLL search order hijacking.
  • Agent (Windows) [I1210]: fixed a race condition in the logger resulting in the configuration log being written twice.
  • Agent (macOS) [I1213]: fixed small memory leak when using credentials store.
  • Agent (Windows) [I1215]: fixed a bug that might result in uberAgent attempting to terminate arbitrary processes due to PID reuse.
  • Agent (macOS) [I1216]: removed unnecessary log output while collecting information for the SystemPerformanceSummary2 sourcetype.
  • Agent (macOS) [I1231]: fixed process exit processing for blocked exec events.
  • Agent (macOS) [I1243]: fixed occasional high CPU load caused by network monitoring.
  • Configuration [I1202]: configuration rules are now evaluated in the order defined in the configuration.
  • Citrix CVAD/DaaS (Windows) [I1227]: fixed a bug that might result in uberAgent not computing Citrix virtual channel metrics on older Citrix VDA installations.
  • Dashboards [I1240]: improved timestamp handling in the Stop Errors table on the Single Machine Details dashboard.
  • Drivers (Windows) [I1159]: fixed an issue in the file system filter driver that could cause writes to any named pipes on the system to fail.
  • Experience score [I1211]: total Experience Score calculation is now in line with sub-scores.
  • Performance counters [I1225]: percent values are not capped at 100 anymore.
  • Setup (Windows) [I1238]: fixed an issue where the service was not removed and continued running after uninstallation.
  • Threat Detection Engine [I1244]: reduced CPU usage for network-related rules.
  • Threat Detection Engine [I1246]: rules for event type Net.Any are now properly evaluated.

Release notes

  • Agent (Windows): the minimum OS requirement is now Windows 10 Build 1607 or Windows Server 2016.
  • Configuration [B784]: new ConfigFlag settings MaxProcessEventQueueSize, MaxLibraryEventQueueSize, MaxThreadEventQueueSize and MaxRegistryEventQueueSize.
  • Configuration [B937]: new ConfigFlag settings MaxProcessBatchSize and MaxLibrariesBatchSize.
  • Configuration [B971]: removed deprecated option Thread priority and stanzas [ProcessStartStop_Filter], [ProcessDetailFull_Filter] and [NetworkTargetPerformanceProcess_Filter]. The removed stanzas can be replaced with Event Data Filtering.
  • Dashboards [B965]: renamed the Citrix Virtual Apps and Desktops dashboards to CVAD/DaaS to emphasize that Citrix DaaS is supported, too.
  • NetScaler [B808]: raised the required NetScaler version from 10.5 to 13.1.
  • NetScaler [B808]: removed SSL3 as a valid security protocol when connecting to NetScaler. TLS 1.1 is now the minimum.
  • Setup [B979, 980]: the agent is no longer started after a successful installation. See Installing the macOS Endpoint Agent or Installing the Windows Endpoint Agent for details.
  • Sourcetype (Windows) [B211]: uberAgent:Citrix:Databases has new fields: DBSizeMB, DBDataSpaceUsageMB, DBIndexSpaceUsageMB and DBSpaceAvailableMB.
  • Sourcetype (Windows) [B232]: uberAgent:Citrix:DesktopGroups has new fields: Enabled and IsInMaintenanceMode.
  • Sourcetype (Windows) [B710]: uberAgent:Citrix:Licenses has new fields: LicenseUserUsage, LicenseDeviceUsage and CustomerId.
  • Sourcetype (Windows) [B808]: uberAgent:CitrixADC:Gateway has new fields: VpnUsers, and SslVpnUsers.
  • Sourcetype (Windows) [B808]: uberAgent:CitrixADC:vServer has new fields: HitsRate, RequestsRate, ResponsesRate, CurrentClientConnections, and CurrentServerConnections.
  • Sourcetype (Windows) [B808]: uberAgent:CitrixADC:vServer has removed fields: TotHits2, TotalRequests2, TotalResponses2, RequestMBRate, ResponseMBRate, RequestResponseRateMB.
  • Sourcetype (Windows) [B808]: uberAgent:CitrixADC:AppliancePerformance has removed fields: ApplianceMBReceived, ApplianceMBSent.
  • Sourcetype (Windows) [B395]: new sourcetype uberAgentESA:System:WinEvtLogForwarding with fields: ProviderName, EventID, Level, ProcessID, Channel, User and EventData.

Known issues

  • Agent (Windows) [I1154]: under heavy load the following message may be logged: CheckEventRecord,Events were lost. This may affect uberAgent's per-process disk, network, or UI-responsiveness metrics.
  • Boot monitoring [I1052]: on Windows 11, no information can be retrieved if there is no active session within the data collection period.
  • Browsers [I1085]: on systems with many user sessions the URL of the foreground tab might not match the browser’s window title.
  • Browsers/IE add-on (Windows): metrics are not collected on page reload.
  • Browsers/IE add-on (Windows): metrics are collected incompletely for the configured start page.
  • Browsers/IE add-on (Windows): monitoring does not work if IE is published from Citrix Virtual Apps. It does work from Citrix Virtual Desktops, however.
  • Browsers/Firefox add-on [I626]: if the option privacy.resistFingerprinting is set to true, browser metrics are not available due to invalid data being sent from Firefox.
  • Citrix CVAD/DaaS (Windows): data collection issue if the Citrix Remote Powershell SDK (required for Citrix Cloud monitoring) is installed on a CVAD controller.
  • Citrix CVAD/DaaS (Windows): when running the Citrix VDA on a Citrix delivery controller, some per-machine information is missing.
  • Experience Score [I377]: scheduled searches generate three warnings in Splunk’s _internal index every 30 minutes. The messages look like the following: DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (128) characters of event.. However, there is no impact on uberAgent’s functionality.
  • GPU (Windows) [I33]: values for the fields ComputeUsagePercentAllEngines, ComputeUsagePercentEngine0 and similar can be higher than 100 with Intel Iris GPUs on Windows Server 2016 1607.
  • Kafka [I291]: in rare cases, sending data to Kafka results in a SEC_E_BUFFER_TOO_SMALL error message in the logfile. This should have no effect; the transmission is repeated and succeeds on the second try.
  • NetScaler: in very rare cases, the content of the Virtual Server Performance field vServerName contains spaces in wrong places.
  • Update inventory (Windows): not all installed Windows updates may be reported due to API limitations.
  • User input delay (Windows) [I983]: determining this metric may trigger a handle leak in uberAgent caused by Windows. This was fixed by Microsoft in most OS versions, but still happens on Windows Server 2022 22H2.
  • Volume inventory (macOS): the encryption status of mounted read-only APFS snapshots may not be reported due to API limitations. This includes the root directory volume in a default installation of macOS.
Changelog and Release Notes
September 3, 2024
Contributed by: 
C
September 3, 2024
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.