Version 4.1.0 includes many new security, auditing, and universal compatibility features

May 29, 2013

4 Min Read


Littleton, CO – May 28, 2013 The SNARE Enterprise Agent for Windows, version 4.1.0, includes many new security, auditing and universal compatibility features, positioning SNARE as the event logging agent for all SIEM's and MSSP's, including the SNARE Server 6.0. With the launch of 4.1.0, prices on all SNARE Servers and Agents are discounted by 25% through June 28, 2013.

The following new capabilities are included in the SNARE Enterprise Agent for Windows release 4.1.0:

Support for Windows 8 and Windows 2012: Version 4.1.0 of the SNARE Enterprise Agent for Windows supports Windows 8 and Windows 2012 operating systems.

TLS Encryption: SNARE Enterprise Agent for Windows supports TLS encryption, allowing the agent to securely and confidentially send event logs to any TLS capable collection device.

Monitoring of Registry Auditing Events: The SNARE Enterprise Agent version 4.1.0 now has the ability to apply auditing to sections of the registry.

Configuration Change Notification: The SNARE agent monitors activity in the operating system, but, "Who is watching the watcher?" This feature adds another layer of security to SNARE Enterprise Agents, by allowing administrators to remotely monitor changes to the configuration of the SNARE Enterprise Agents.

Agent Heartbeat: A heartbeat capability has been added to version 4.1.0 of the SNARE Enterprise Windows Agent. The agent can now send out regular heartbeats, letting the collecting device know that the agent is working without having to make contact. Agent Logs are also available which allow the agent to send status messages to the collection device, such as memory usage, service start and stop messages, and any errors or warnings triggered during operations.

Policy Change and Service Tracking Capabilities: A series of Policy Change and Service tracking capabilities were added to the SNARE Enterprise Agent version 4.1.0. This setting tells the agent to send an audit event any time it attempts to make a change to the local security policy.

Source Name Filtering: This feature becomes very relevant for Windows Vista/2008 and above, where most of the key information is buried in the Applications and Services logs.

TCP_NODELAY: Version 4.1.0 of the SNARE Enterprise Agent includes a setting to enable the TCP_NODELAY feature and thus prevent TCP buffering by the OS. This option reduces the lag when the agent is sending events via TCP. This feature also helps prevent fragmented packets and stops the OS from buffering small packets which could delay delivery, and also unnecessary log fragmentation.

Local Date Information [Vista/08/Win7]: In locations where the default language for the computers is something other than English, the date stamp on outgoing audit records can be truncated due to language differences. The SNARE Enterprise version 4.1.0 uses a fixed date and time locale of US English to ensure the integrity of the log record. In addition, the SNARE Windows Enterprise Agent ensures the correct sequencing of events by standardizing across geographies and time zones to an optional UTC format.

Last Logon and Last Logon Timestamp: One of the new features of version 4.1.0 of the SNARE Enterprise Agent includes an upgrade to DomainUsers to search all DCs for the most recent LastLogon. The DomainUsers update means that you no longer need to get the SNARE Server to contact all DCs to resolve the LastLogon time. The agent handles this for you and it includes the LastLogonTimestamp as well when evaluating the most recent time.

Group Policy Support: The SNARE Enterprise Agent version 4.1.0 checks the MS Policy location as the primary source for configuration settings. This means that Group Policy Objects (e.g. ADM files) can be used to configure the agent in an easy and widely supported way without the need for setting "Preferences", a.k.a. tattooing.

Updated Micro Web Server Authentication (DIGEST): This new feature allows for a more secure form of authentication for the web service. Also, all sensitive information in the web interface is now hashed before being sent from the user's browser.

Single MSI: The new version 4.1.0 of the SNARE Enterprise Agent includes a single smart MSI for all Windows platforms and releases, ensuring simplified and error free distribution.

Local Event Cache, that activates when the network connection to your collection server is interrupted. Ideal for portable devices that are intermittently connected to your network.

Access to the Windows Custom Event Logs to ensure you are getting all events, particularly important on 2008 and 2012 servers.

Multicast Events to multiple destinations to guard against single points of failure.

Dynamic DNS for uninterrupted 24x7 operation and SIEM server changes in the event of a server failure.

Advanced Remote Control, Administration and Mass Configuration, with the addition of the SNARE Agent Administration Console.

For more information, a free trial or a price quote go to:, call 720-209-3780 or email [email protected].

About SNARE Alliance, LLC

SNARE Alliance is a security software value added sales and service organization and an authorized supplier of SNARE Servers and Enterprise Agents in the United States. SNARE Alliance offers fast and cost effective ways to learn about and purchase SNARE software and support, including an online shopping cart. SNARE software purchased through SNARE Alliance includes an annual maintenance agreement and customer service support. SNARE Alliance is backed by product licensing, software maintenance and second level technical support from Intersect Alliance, the author and architect of SNARE. To learn more, visit:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights