Changelog

Thank you for supporting TensorGuard.

Major Features

• Evie Engine 2.1 Upgrade: Our Evie Intelligence Engine has been upgraded, featuring newly optimized sub-components for significantly faster parallel processing, more accurate artifact parsing, and deeper awareness. You should see a significant improvement to reporting speed with even better accuracy.
• Remote Collection Progress Tracking: Analysts can now monitor the real-time progress of forensic collections, not just analysis, occurring on remote endpoints directly from the Console, allowing for better operational awareness during live incident response.
• Unified Artifact & Report Packing (TG Spade v1 Beta): We have entirely rearchitected our internal reporting storage architecture. Reports and their associated metadata are now securely packed, encrypted, and rehydrated directly alongside raw collections within our standard forensic “Spade” files, greatly improving portability and security.

Features

• [Console] New cryptography status indicator in the version menu to instantly verify active cryptography modes (e.g., FIPS aligned)
• [Console] Added browser safety prompts to prevent accidental navigation away from active workflows
• [Console] Introduced a new global model management editor for administrative environments
• [Console] Added advanced artifact path filters, custom format matchers, and explicit IPv4/IPv6 extraction rules to the reporting engine
• [Collector] Integrated additional advanced service hardening, tamper resistance, and resilient error recovery mechanisms
• [Collector] Improved default file naming conventions for local manual exports (incorporating company, host, type, and date)
• [Collector] Enforced explicit administrative privilege requirements inside Windows executable manifests
• [Collector] Renewed metadata and system attestation gathering method for strengthened chain of custody

Fixes

• [Console] Resolved an issue where organization device counts occasionally failed to decrement upon enrollment cancellation
• [Console] Restored the Chain of Custody (CoC) PDF export option on specific device report views
• [Console] Improved error handling and validation messaging for user access control logic
• [Console] Corrected UI labeling on artifact tables for clarity (e.g., explicitly defining “Interface IP”)
• [Console] Prevented UI halting from non-critical, unrecognized log collection errors
• [Console] Enhanced Chain of Custody (CoC) PDF exports with explicit UTC timezone markers and additional report metadata fields
• [Collector] Enhanced connection resilience and configuration handling for endpoint services
• [Collector] Enforced strict endpoint validation during service installation
• [Internal] Upgraded internal RPC framework for hardened authentication and robust state handling
• [Internal] Implemented advanced SIMD lane memory optimizations for high-performance artifact analytics
• [Internal] Massive build pipeline restructuring for global deployment scaling and parallelized edge builds
• [Internal] Numerous dependency and performance updates across all backend services

Thank you for supporting TensorGuard.

Major Features

• Full Language Localization Into 9 Additional Languages: TensorGuard now supports 10 locales in total: English (en-US), Bengali (bn-BD), German (de-DE), Spanish (es-ES), French (fr-FR), Hindi (hi-IN), Japanese (ja-JP), Korean (ko-KR), Portuguese (pt-PT), and Taiwan Chinese (zh-TW), in both the Console and Collector products. Check out the new speech bubble icon in the bottom left status menu to switch between locales.

• Chain of Custody Exports (v1): Full chain of custody reports are now available as PDF exports on all collected artifacts detailing who took a forensic collection, when they took the collection, and every TensorGuard user access since. In the future, these reports will include cryptographic proofs alongside user/time logs– without needing to export out an entire collection artifact to your local system.

Features

• [Console] You can now Shift + Left Click rows in a table to select a range
• [Console] Call To Action reminder on the login page that the native version offers additional performance
• [Collector] Attestation Statement added to manual collections interface (Chain of Custody requirement)
• [On-Premises] Changes to how different blob storage types are stored at rest
• [On-Premises] New multi-line content editor for some settings

Fixes

• [Console] Additional in-memory security techniques on sensitive data
• [Collector] Additional in-memory security techniques on sensitive data
• [Console,Collector] Various fixes related to FIPS technology processing
• [On-Premises] Small UI touchups to management interface
• [Internal] Additional in-memory security techniques on artifact extraction sensitive data
• [Internal] Other logic and reliability improvements
• [Internal] Miscellaneous internal maintainability improvements
• [Internal] Remove some now unneeded logic workarounds
• [Internal] Performance improvements, including with artifact extraction
• [Internal] Various dependency updates
• [Internal] Certain internal components open-sourced to github.com/xangelix

Thank you for supporting TensorGuard.

Features

• New Artifact: Microsoft 365: Microsoft 365 artifact collection for Business Email Compromise and Account Takeover is now supported by the TensorGuard Forensic Collector. We are thrilled to expand your investigative reach into the cloud, enabling you to seamlessly correlate endpoint activity with tenant-level threats. As this source is more likely than others to include sensitive information, it is not enabled by default. Please reach out to support if you would like to enable this feature on your account.
• FIPS Technology Collection Packages: TensorGuard Forensic Collection Packages (or, ‘spade’ packages), are now compliant to FIPS standards by default, as is now the collection process itself. Please note that TensorGuard Forensic Collection has not be audited or validated by an issuing party, and as such, is not FIPS Validated or FIPS Certified (even though our encryption and integrity processes now use the FIPS audited library, ‘aws-lc’, compiled for FIPS usage).
• Estimated Time to Completion and Greater Performance for Collections: Forensic collection can take minutes on modern hardware, and technical limitations can make this time hard to predict. The collection package system has been rearchitected from the ground up to allow further performance improvements, and accurate ETAs.

Fixes

• [Console] Resolved an issue that prevented uploading single, unpacked artifacts
• [Console] Better account debugging features
• [Console] Fixed a crash related to reading empty Timelines
• [Console] Fixed a regressed vertical scroll overlap issues with nested table reports
• [Collector] Resolved an issue that could have wrote unnecessary temporary files
• [Console,Collector] Various fixes related to FIPS technology processing
• [On-Premises] Better methodology for monitoring and handling cert renewal
• [Internal] Logic and reliability improvements
• [Internal] Logging improvements for extraction jobs
• [Internal] Performance improvements
• [Internal] Various dependency updates
• [Internal] Certain internal components open-sourced to github.com/xangelix

Thank you for supporting TensorGuard.

Features

• New Device Enrollment Screen: The Forensic Collector’s Device Enrollment user interface has once again been remodeled for better clarity, better error handling, better security, and for Pin Enrollment. You can also expect device service management and automatic upgrades to be much more reliable than before.
• Pin Enrollment: The Forensic Collector now supports short, Pin-based enrollment. This is often more convenient than transferring entire enrollment keys, or scanning QR-codes from a cellular device. Very certain and specific measures have been taken to ensure this does not lessen device authentication security.
• Cancel Device Enrollments: The ability to cancel pending device enrollments has been once again restored after internal changes.
• More Case Metadata: The Organization screen now displays additional metadata about each case, including enrolled device and manual report counts.
• More CPU Compilation Targets: At the cost of larger distributed binaries, we now support many more unique CPU architectures for accelerated operations. Runtime performance for client and server binaries should be improved more than 30% in modern environments.

Fixes

• [Evie 2.0] Small bug and efficiency fixes
• [Console] Simplify display logic for empty report artifacts
• [Console] Significant table filter order stability bug fixed
• [Console] Simplify report link processing
• [Console] Local report viewer improvements
• [Console] Fix executable manifest on Windows native version
• [Collector] Very safe new method for priming schannel certs, resolves bug on fresh Windows systems
• [Collector] Non-critical progress/status errors moved to mouse-hover menu
• [Collector] Greatly improve service start/stop/upgrade reliability
• [Collector] Log file listener performance improvements
• [Collector] Much better handling and recovery for errors
• [Console,Collector] Make logs Down->Top for frame consistency
• [Console,Collector] Improve embedded/open-source license view
• [Console,Collector] Better incomplete log timestamp estimation
• [Console,Collector] Better code paths for update mechanisms on all platforms
• [Console,Collector] Improve client/server version compatibility comparison
• [Console,Collector] Small character spacing fixes after renderer text kerning update
• [Console,Collector] Better network traffic efficiency
• [Console,Collector] Correct a fallback source with table indexing
• [Internal] Many maintainability and management improvements
• [Internal] Additional configuration overrides
• [Internal] Logic and reliability improvements
• [Internal] Performance improvements
• [Internal] Various dependency updates
• [Internal] Certain internal components open-sourced to github.com/xangelix

Thank you for supporting TensorGuard.

Features

• Evie 2.0: Our Evie Intelligence Engine 2.0 is now considered stable, and the previous (1.4) version has been removed. Since 2.0 Beta, certain internal bug fixes and performance improvements have been made. Status progress reporting has also been improved.
• New Artifact: Slack Messages: Slack message collection is now supported as part of the standard forensic collection package, including attachments and multiple workspace accounts. As this source is more likely than others to include sensitive information, it is not enabled by default. Please reach out to support if you would like to enable this feature on your account.
• QR Code Device Enrollment: Transferring an enrollment key to a managed device can be annoying at best, and challenging at worst if a suspect device has been taken off the network. Device enrollment can now be performed from a mobile device by scanning a QR code inside the TensorGuard Forensic Collector.
• Report PDF Export: Reports can now be downloaded as PDFs, either individually from the Executive Summary tab of a report, or from the Case/Device menus by using the new table operation. If multiple reports are selected, they will be zipped into a single archive before download.
• Streaming Uploads: All uploads from the TensorGuard Console (native and web) or TensorGuard Forensic Collector are now streaming-based. This means peak memory usage during uploads should now remain extremely low, no matter how large the collection package or forensic artifact.
• On-Premisis Distribution Option - Docker/OCI: We now offer a docker/oci container deployment option with the compose syntax. While this has additional scaling limitations as compared to our other deployment options, this should be acceptable for deployments under 2,000 endpoints.

Fixes

• [Console] Highlighted/Tagged rows not shifted when a schedule is deleted
• [Console] Timeline highlights not sharing properly between organization users
• [Console] Timeline over-allocation of browser memory
• [Console] Additional client-side memory and performance improvements
• [Console] Better hostname mapping inside reports
• [Console] Issue with email truncation
• [Console] Set default browser zoom level on mobile devices to 175%
• [Console] Remove a case entry from recent cases if the user no longer has access to the case (visual bug only, security not impacted)
• [Console] Small usability improvements to the Case view, including Collector link copy buttons and a new table operation
• [Collector] SCM Stop channel issues with collector service install
• [Collector] Update SCM installation/run status on a regular clock interval to detect issues
• [Collector] Log file listener for much easier debugging/troubleshooting
• [Console,Collector] Significant version update improvements, logical and UI
• [Console,Collector] Product name inserted into disk logs
• [Internal] Many maintainability and management improvements
• [Internal] Additional configuration overrides
• [Internal] Visibility improvements
• [Internal] Performance improvements
• [Internal] Various dependency updates

Thank you for supporting TensorGuard.

Features

• Evie 2.0 Beta: We are glad to finally release our Evie Intelligence Engine 2.0 to all customers, at no additional cost, in Beta. This release builds on many internal changes with how forensic data is processed at scale. You should experience significant improvements to:
  • Overall analysis quality
  • Building on user-provided assumptions
  • Citation quality and format
• Backend upgrades to our web servers: the TensorGuard Console, Homepage, and Documentation pages should all perform slightly better after these changes, especially on unstable connections.

Fixes

• Browser OIDC handling improvements, allowing tab resumption after extended inactivity
• Resolved an issue with UI duplication on device selection
• Stability improvements to interconnects with our providers
• Non-critical reporting error rendering improvements
• Improvements to backend administrative automations
• Improvements to internal debugging tools & metrics
• Various dependency updates