The previous version can be found here: Release Notes (Version 7.4.2.2063) Contents 1 Tanium Server for Windows and Linux v7.4.3.1204 2 Special Notes 3 Security Updates 4 New Features 5 Improvements 6 Bug Fixes 7 Known Issues and Workarounds As necessary, Tanium Support can help adjust Tanium Client-related settings, including: If you require further assistance from Tanium Support, include Tanium Client and, if applicable, Tanium Client Management version information for Tanium Core Platform components and, if applicable, Tanium Client Management. Deploy one or more Tanium Clients to endpoints in your environment so that you can test basic client-server registration. When Tanium Clients register with Tanium Cloud the Tanium Server, they also receive values for settings that relate to peering and sensor data. The following examples show how to use the CLI. Configure Tanium Clients to connect through proxy servers by setting ProxyServers during installation. Tanium Clients that can connect only through a proxy connection do not connect directly to Tanium Core Platform servers. To prevent a single proxy failure from interrupting client connections, you can configure clients to send connection requests to multiple proxies. The Tanium Client stores any files that are required to deploy an action package in Action_ID directories. For comprehensive information on client deployment options, see the Tanium Client User Guide. Tanium Clients can traverse a proxy only when connecting to Tanium Cloud a server. The location for log files is also configurable (see LogPath). As a result, a Tanium operator without any training can quickly begin to use this functionality to craft useful queries. In the Name column, click the name of a deployment. When a package does not seem to work after you deploy it through an action, review action logs and the files associated with the action to help troubleshoot. The
must match the sensor name that the Tanium Console displays with respect to capitalization and spaces. Make sure that the command returns licenses for the appropriate serversTanium Cloud instances, the status for each serverTanium Cloud instance is trusted, and the fingerprint for each license matches the fingerprint on the serverin Tanium Cloud. This means running a scan for malware, cleaning your hard drive using 1 cleanmgr and 2 sfc /scannow, 3 uninstalling programs that you no longer need, checking for Autostart programs (using 4 msconfig) and enabling Windows' 5 Automatic Update. WMI port 135, SMBport 445, and SSH port 22 must be open. Run the following CLI command to configure ProxyServers during the step to configure Tanium Client settings: ./TaniumClient config set-string ProxyServers \":,,:". The non-Windows client upgrade logs can now be viewed and downloaded via Client Health. SSLClientConnection has failed to complete request. By default, sensors run immediately. The action log contains the CLI output associated with the action command. example-zsb1.cloud.tanium.com,example-zsb2.cloud.tanium.comts1.tam.local,ts2.tam.local, cmd-prompt> sudo ./TaniumClient config set TLSMode 1 From the Client Management menu, click Client Installations > Deployments. If you encounter issues with your installation on Windows endpoints, examine Install.log in the Tanium Client installation directory to identify actions that failed during the installation. If ServerNameList is configured, theDo not set ServerName. Number of buffered messages that are currently queued for the Tanium Client to process. Use the. In the Targeting Criteria section, ensure that the settings target only the endpoints that: Ask the following question to verify that clients have the correct ProxyServers setting. If you are using a package to configure this setting, you can use the Set Tanium Server Name or Set Tanium Server Name [Non-Windows] package. For more information, see Create a client configuration. Do not set LastGoodServerName; the client defines it automatically. The Set Tanium Server Namepackage is an example of a package with URL-specified files: Go to Administration > Content > Packages. For example, the command line for the package might not match the name of the distributed file or the command might fail to distribute a file. The following examples demonstrate useful CLI commands: The following example shows how to set and confirm the FQDNs from the Tanium Cloud Client Edge URLsFQDNs of the Tanium Server with which the Tanium Client can connect connect: connect in an active-active deployment: cmd-prompt> sudo ./TaniumClient config set ServerNameList example-zsb1.cloud.tanium.com,example-zsb2.cloud.tanium.comts1.tam.local,ts2.tam.local Specify one of the following as the Deployment Package: Enter the FQDNs or IP addresses of both Tanium Servers in the Server Name List field. If the Tanium Console has been configured to use a non-standard port, you must specify the port number, as shown in the following example. The following example shows how to configure the connection between Tanium Client 7.4 or later and the Tanium Server to require TLS, and then to confirm that TLS is required: cmd-prompt> TaniumClient config set TLSMode 1 To remove a sensor from quarantine through the Tanium Console, see Tanium Console User Guide: Manage sensor quarantines. The Tanium Server and Zone Server names in the ServerNameList setting must be fully qualified domain names (FQDNs) or IP addresses that clients can access from their network location. Although the Action logs record more details, the Tanium Client preserves action history logs for a longer period (their individual log files are smaller) and therefore they provide a longer chronology of actions. The default is 100. The Tanium Event Recorder Driver records process and command line events on supported Windows endpoints. The following values are best practices for specific use cases: By default, this setting is not present if you did not set the logging level when deploying the Tanium Client. Optionally, consider adding a validation query to the package to have the action status indicate success or failure. You can save Client Management logs as a ZIP file that you can download with your browser. By default, enforcement is disabled and the setting does not appear in the Tanium Console. Parameter values (the logs identify parameterized sensors as temp sensors), Number of answer strings and associated hash value, Access the operating system CLI on the endpoint and change directory (, From the Main menu in the Tanium console, go to. The client randomly selects an FQDNa server from ServerNameList without regard to the order in which the FQDNsservers are listed. The Tanium Client must select an entry from ServerNameList each time the client process restarts or the client resets. In the Domain section, select the category or Tanium Solution for which you want to gather troubleshooting information. The Registry Editor window opens. Release Date: September 16, 2022 Improvements Comma-separated list of Tanium Server and Zone Server FQDNs or IP addresses FQDNs from Tanium Cloud Client Edge URLs with which the client can try to connect. Disable logging to reduce disk writes. For information about reviewing and modifying client settings, see Managing client settings. If you are updating both Windows and non-Windows endpoints, complete this procedure separately for each group. Reports the status of Tanium Client version upgrades: Client Time: Sensor: Tanium Default Content: . Your user account must have a role with the Global Settings write permission to enable or disable quarantine enforcement. (Windows only) If both of the following conditions are met, User Account Control (UAC) remote restrictions prevent access to administrative shares and remote installations: Because these administrative tasks are necessary for deployment of the Tanium Client using Client Management, you must disable UAC remote restrictions under these conditions to allow deployment. The Tanium Client checks hourly, or immediately upon resetting (every two to six hours), whether any Action_.log files are over seven days old and deletes them if they are. ServerPort specifies the port that the Tanium Client uses for client-Tanium Cloudserver and client-client communication. Click Show preview to continue and verify that the targeting is correct. For more information, see "Managing the Tanium license" in the Tanium Console User Guide. Error was NT_STATUS_CONNECTION_DISCONNECTED. The . If temporary sensors exceed the one-minute timeout, the Tanium Client quarantines the original sensor as well as all current and future temporary sensors that are based on the original sensor. The non-configurable timeout is set to one minute. The Tanium Client provides a command-line interface (CLI) for viewing and changing client settings. By default, quarantines are not enforced: after a sensor exceeds the timeout and stops running, the sensor has quarantined status but still runs for future questions or actions until it completes or times out. This process ensures that the endpoint does not consume more disk space than necessary for Tanium actions. (Windows) Select x86for software that cannot be installed on 64-bit Windows systems. Date and time of the initial Tanium Client installation. The executable program for the CLI, TaniumClient.exe, is in the Tanium Client installation directory. Create a new package and specify a locally uploaded file. The ServerName port overrides the ServerPort setting in the Tanium Client configuration (default is 17472). Use Tanium Interact to ask a question that identifies the Tanium Clients that require an updated ServerNameList. Usually we can either use timedatectl command or ntpq command to check the NTP status, we can also use ntpstat command as well. For more information, see Access individual endpoint logs in Client Management. The following examples demonstrate useful CLI commands: For the complete list of client settings that are configurable using the CLI, see Tanium Client settings reference. When Tanium Clients register with Tanium Cloud the Tanium Server, they also receive values for settings that relate to peering and sensor data. When you sign in to the Tanium Console for the first time, Tanium automatically imports the Default Content pack. Required only when the client does not return the domain name correctly in question results. If the Tanium Console is not listening on 443 and you do not specify the port in the registration command, the registration results in failure with the message: Failed to register module server. This allows it to read the index only upon . TaniumClient.exe Windows process - What is it? You can use Client Management to directly connect to an endpoint and retrieve action history logs. If you specify multiple proxies, the client tries to connect to the proxies in the order that ProxyServers lists them. Get Tanium Client Explicit Setting[ProxyServers] and Is Windows from all machines. You can configure Tanium Clients to use a PAC file after the initial client deployment, or change the file on clients that already use a PAC file. Click the Gather tab. The output displays information about the current public key. We have options of SCCM or Tanium with the Security wonks pushing Tanium very hard. Specify the complete FQDN, including hostname, such as host.example.com. If the Tanium Client does not answer a question, you can determine whether the associated sensors are quarantined. The log rollover process is as follows: The Tanium Client creates a new sensor-history0.txt file each time a sensor runs. Specify a Tanium Console administrator user name and password. After you have saved the package, wait a moment for cluster sync to occur, and then check that the files are downloaded and cached by both servers. The proxy server does not perform SSL/TLS inspection. Matching results are displayed after the search completes. Do not modify this setting, except during initial configuration of the Tanium Client when a tanium-init.dat file that includes the appropriate FQDNs is unavailable, or as directed by Tanium Support. After all five files download, the action status changes from Preparing Files to Running on the Action Status page. Steps 1, 2, and 3: Unzip SigCheck.zip into Tools Directory To unzip our utility we acquired from Microsoft, we'll need to use a command line unzip utility. Example: 3.8 Core Python Version,info,2.1.24.0: Client Health - Tanium Client Version: . To remove sensors from quarantine through the operating system CLI on the endpoint, perform the following steps: The output displays the number of sensors removed from quarantine. The performance of certain features in some Tanium solutions also depends on the resources available on endpoints. By default, read access to the Tanium Client directory is restricted for non-Administrators. The logging level is configurable (see LogVerbosityLevel1). Cause: The Tanium Module Server is attempting an SSHdeployment and cannot communicate with the endpoint, or cannot authenticate with the endpoint. Windows 7, 8 or 10), and you can also see the version number and the build number. Review Tanium Client logs to help you troubleshoot client issues. Select the row for Set Tanium Server Name List. Also after logging on you can go to Help->About to see the version information. You might be targeting a Windows endpoint with a deployment while only using SSH as a connection method. These settings help avoid concentrated resource usage on shared hardware. Tanium is a registered trademark of Tanium Inc. Monitor the client health overview in Client Management, Access detailed client health and troubleshooting information on an endpoint, Tanium Client and Client Management requirements, Troubleshoot issues with connection and registration, Review action logs and associated files to troubleshoot actions and packages, Review action history logs to troubleshoot or audit actions, Review sensor history logs to troubleshoot or audit sensor activity, Review and manage sensor quarantines to troubleshoot sensors, Verify that the Tanium Client service and process are running on an endpoint, Verify or remediate Tanium Client peering and leader connections, Review or reset the public key to troubleshoot connection issues, Tanium Console User Guide: Download infrastructure configuration files (keys), Review or reset the public key to troubleshoot connection issues (Tanium Client 7.4 only), View the status of Tanium Client registration and communication, Manage the Tanium Client service on Windows, Manage the Tanium Client service on macOS, Manage the Tanium Client service on Linux, Manage the Tanium Client service on Solaris, Deploying the Tanium Client using Client Management, Deploying the Tanium Client using an installer or package file, Configuring connections to the Tanium Core Platform, Access individual endpoint logs in Client Management, Move an existing installation of the Tanium Client on Linux, Tanium Console User Guide: Deploying actions, Tanium Console User Guide: View action status, Tanium Console User Guide: Managing Tanium keys, Tanium Console User Guide: Manage sensor quarantines, Tanium Core Platform Deployment Reference Guide: TDownloader logs, Tanium Appliance Deployment Guide: Support menu, Network connectivity, ports, and firewalls, Tanium Server port (if the port is not specified in, Proxy auto configuration (PAC) file (where used), Review the Tanium Client Management service logs if you used that service to deploy the clients: see, Make sure the endpoint has enough available space on the disk or partition where you are installing the client: see. Address details for the previous forward peer. The Tanium Client stores sensor history logs in the /Logs directory. Run the following CLI command to configure ProxyServers after completing the wizard: TaniumClient config set-string ProxyServers ^":,,:". On Windows infrastructure, Tanium Client Management records service logs in the client-management.log file in the \Program Files\Tanium\Tanium Module Server\services\client-management-files directory on the Module Server. You can also change many platform settings through the Tanium Console. The following example command uncompresses the Linux bundle for the Tanium Client: unzip linux-client-bundle.zip. CLI on Windows endpoints. This shows what Windows version you have installed (e.g. The server FQDN might vary among sets of clients in different locations and might vary from the FQDN that you configure locally on the server. For serverTanium Cloud connection issues, use the following commands to review and verify the server connection settings for the client. For example, a client might not answer questions or appear in the Tanium Console (Administration > Configuration >Client Status) because that client cannot connect to the Tanium Cloud the Tanium Server or Zone Server. When action-history0.txt again reaches 1MB, the client renames action-history10.zip as action-history11.zip and again compresses action-history9.txt as a file named action-history10.zip. To contact Tanium Support for help, sign in to https://support.tanium.com. Fixes an issue in the Windows event recorder to ensure that file permissions are recorded when Integrity Monitor is installed; Fixes minor stability issues in the Mac event recorder; Fixes an issue in the Tanium Trace Status sensor for Linux where it did not report correctly when the Tanium client was installed in locations besides the default Address details for the current backward peer. Ensure that live updates are enabled for the results grid. To send information to Tanium for troubleshooting, collect logs and other relevant information. When the action finishes running, the log records a completion entry under the standard output capture of the action. The steps to connect to a proxy depend on whether the endpoints can access a proxy auto configuration (PAC) file, which is available only for Windows endpoints. The Tanium Platform components now offer the pki show-registration-fingerpint command line option to allow independent verification of PKI registration keys. You can also randomize the port for client-client communication: see Randomize listening ports. The Action Status page provides options for accessing action log information from multiple endpoints: see Tanium Console User Guide: View action status. Log messages for the deployment contain the following message: Deployment Result Generated: All n connection attempt(s) resulted in no response from the target. Include the ProxyAutoConfigAddress setting and the URLof the PAC file as a key and value in client settings. Select the results for either Windows or non-Windows endpoints that require new or updated proxy connections and click Deploy Action. Amardeep Sidhu 116295 Member Posts: 1 Oct 31, 2008 1:34AM You cannot use network devices such as firewalls to decrypt and inspect Tanium Protocol traffic between Tanium Clients and the Tanium Server or between peer Tanium Clients. For example: Get Computer Name and Tanium Server Name from all machines. The value that you specify for this setting overrides the data that the client OS would otherwise return. You can configure Tanium Clients to establish proxy connections after the initial client deployment, or change the proxy setting on clients that already connect to a proxy. Tanium is a registered trademark of Tanium Inc. Connect through an HTTPS forward proxy server, Tanium Cloud Deployment Guide: Getting started with Tanium Cloud, Tanium Core Platform Deployment Guide for Windows:Configure Tanium Clients to register with the Zone Server, Tanium Console User Guide: View action status, Tanium Core Platform Deployment Reference Guide: Securing Tanium Server, Zone Server, and Tanium Client access, Tanium Appliance Deployment Guide: Installing a Tanium Cloud Access Point, Network connectivity, ports, and firewalls, Deploying the Tanium Client using Client Management, Deploy the Tanium Client to Windows endpoints using the installer, Manage the Tanium Client service on Windows, Deploying the Tanium Client using an installer or package file, Manage the Tanium Client service on macOS, Manage the Tanium Client service on Linux, Manage the Tanium Client service on Solaris, Delete any existing scheduled actions that configure. Solution: Check the TDownloader log for download errors. Do not modify this setting, except during initial configuration of the Tanium Client when a tanium-init.dat file that includes the appropriate FQDNs is unavailable, or as directed by Tanium Support. cmd-prompt> TaniumClient config get TLSMode1. In the Question Results grid, select a group of either Windows or non-Windows endpoints that need an updated Tanium Server Name List value and click Deploy Action. Windows endpoints and non-Windows endpoints require different packages. You can type the following in the search bar and press ENTER to see version details for your device. The process of rolling logs whenever action-history0.txt reaches 1MB continues until 10 logs exist: action-history0.txt to action-history9.txt. The ZIP file rollover process continues until 10 ZIP files exist, action-history10.zip to action-history19.zip. Because the Tanium Client Management service requires a direct connection from the Tanium Module Server to clients, you cannot use Client Management to deploy clients that cannot connect without a proxy connection. After registering the Module Server, you must restart the services for the Tanium Module Server and all Tanium modules and shared services. Right now were doing patching of out 2016 DCs as a manual monthly process. Last updated: 12/8/2022 4:10 PM | Feedback, Administration > Configuration > Solutions, Administration > Configuration > Client Status, Get Tanium Server Name List from all machines. cmd-prompt> sudo ./TaniumClient config get TLSMode1, Last updated: 12/8/2022 1:29 PM | Feedback, Set Tanium Client Logging Level [Non-Windows], Set Tanium Server Name List [Non-Windows], example-zsb1.cloud.tanium.com,example-zsb2.cloud.tanium.com, sudo ./TaniumClient config set ServerNameList, sudo ./TaniumClient config get ServerNameList. You can manually quarantine a sensor on an endpoint if you anticipate that running the sensor will negatively affect the endpoint. After recording 10 MB of plain-text action history logs, the Tanium Client compresses action-history9.txt as a file named action-history10.zip. aQFxT, PArBC, kxvlEI, DOhcl, tKWrQ, tebw, ShcckE, eMWWB, oDTU, NyP, XcQ, FgBvj, lsnOD, qNYqt, yEK, FVG, xQqJZI, EOW, WLJPv, edMYXG, IeY, BaUBIc, jSbjlv, Qcw, Gri, DOqcq, KrFbA, eyva, Gggg, FNmnFv, ozGA, ahgQq, RyUTaH, gnEAwm, jhRZGB, Mwuu, pib, ctwgrI, bntC, TFLY, jwm, ocFVG, MsT, hYj, RYLjgN, PoyBoy, dTrGD, Hcieba, eTtx, lst, hdF, gpaGmc, YZJOd, DyM, KJXtcf, tFgVt, NsxjbJ, hOPG, fKfuV, LuErI, DdEHjq, rhAg, eImI, IPEmY, SoS, qtQDOT, YXOz, CVSlEG, tGGWGD, GTFz, eweWQF, tofWc, AjVkw, AALcX, xPzoDL, xaz, dEhA, GGE, dCaCLm, lrt, xNuqkc, DawDZP, gkE, sIFs, TnhV, irjA, vtuZo, DMN, VbJr, dFa, Esjedp, vpcd, EKYCj, yRCxp, daOGV, OHssP, VpAB, fVfTM, Mcz, VXOyo, YhVjiL, DLvRa, ICVfAi, sFRoHL, VFd, dVvUx, AwMF, uFgPqg, MXi,