Release Notes
- Certificate template checks now allow domain computers to trigger regardless of whether
msds-machineaccountquotais set, delivering more comprehensive coverage of certificate authentication configurations across varied domain setups - Enhanced P-AdminLogin check to include password reset logic, improving detection and reporting of admin accounts with outdated or concerning password patterns
- Added MFA status column to Entra ID reporting
- Restored honeypot exclusion functionality
- Corrected a typo in the LDAP filter affecting BuiltinDomain detection
- Updated documentation links to the external STIG viewer resource which were pointing to invalid URLs
- Fixed detection for MS17-010 (EternalBlue) vulnerability on domain controllers which was previously being reported incorrectly
- Enhanced the PWDNeverExpires check to properly evaluate accounts that have had their password changed recently, reducing false positives
- Clarified delegation reporting in computer analysis to reduce confusion around constrained and unconstrained delegation results
- Optimized knowledge base scanning performance during compute risks evaluation
- Fixed S-AesNotEnabled scoring issues
- Disabled accounts are now excluded from the risk count as they cannot be AS-REP Roasted
- Updated information and guidance based on the Microsoft RC4 phase-out
- Fixed configuration file parsing so that settings in
appsettings.console.jsonare correctly loaded at runtime - Fixed a string mismatch in the exclusion logic that was preventing
BUILTIN\Usersfrom being correctly excluded from the A-MembershipEveryone risk assessment - Rewrote the auto-updater mechanism after versions 3.5.0.37+ were found to corrupt configuration files on affected servers