Activity Monitor 9.0 enhances data collection for Netwrix Access Analyzer and Netwrix Threat Manager, delivering new data sources, stronger security, and enhanced performance.
Want the full details? Click the link below!
What’s New in Netwrix Activity Monitor 9.0
Azure Files Support
Monitor reads, writes, deletes, and permission changes across your Azure Files infrastructure for comprehensive audit and security monitoring.
Available for:
- Netwrix Threat Manager (available now)
- Netwrix Access Analyzer (coming in a future release)
Microsoft Office Activity Filtering (Qumulo, CTERA)
Reduce noise and improve signal quality when monitoring the latest Microsoft Office versions.
Available for:
- Netwrix Threat Manager (Qumulo & CTERA)
- Netwrix Access Analyzer (Qumulo only)
Windows Server 2025 Compatibility
Now certified to collect and forward activity from Windows Server 2025.
Available for all Netwrix Activity Monitor deployments.
Strengthen Security & Performance
Certificate Management with Certificate Authority (CA) Support
Secure agent connections using your own PKI infrastructure for enterprise-grade certificate management.
Available for all Netwrix Activity Monitor deployments.
TLS Connectivity to Netwrix Threat Manager
Encrypt event traffic between Activity Monitor and Threat Manager to protect data in transit.
Available for Netwrix Threat Manager deployments.
NAS Performance Optimizations
Experience faster data pipelines with reduced noise for smoother scaling across large NAS environments.
Available for all Netwrix Activity Monitor deployments.
Expanded Event Collection
Alternate Data Streams (ADS)
Activity Monitor now captures alternate data stream activity on Windows and CTERA environments, expanding the forensic data available for investigation.
Microsoft Entra ID Sign-In Events
Activity Monitor now collects non-interactive login events from service principals and managed identities, closing visibility gaps in identity monitoring. Analysis and alerting capabilities will be supported in Netwrix Threat Manager and Netwrix Access Analyzer in a future release.
Bug Fixes and Miscellaneous Updates
| Build | Component | Change / Fix Description |
|---|---|---|
| 8.0.307 | Linux | Resolved incorrect file paths for Samba activity when the Samba share was backed by NFS-mounted storage. |
| NetApp | Fixed The specified server <IP-address> is already connected error. (Cases 00458548, 00453733) |
|
| Active Directory | Fixed Kerberos activity reporting issues introduced by the 10-2025 Microsoft updates. | |
| 8.0.288 | NetApp | Fixed memory leak in the monitoring service introduced in 8.0.275. (Case 00445343) |
| Active Directory | Fixed disabled Install button after selecting a new package in Update Installer. (Case 00455095) | |
| SQL Server | Fixed Extended Events options not applied to the SQL Server session. (Case 00454694) | |
| 8.0.278 | Active Directory | Fixed Kerberos, NTLM, and AD Replication reporting issues from the 09-2025 Microsoft updates. |
| Windows | Fixed intermittent crash of Windows Monitoring Service during configuration change. | |
| REST API | Fixed log file enumeration issue via /api/v1/logs/{outputId} endpoint. |
|
| 8.0.275 | NetApp | Fixed failure recovery issue between NetApp Monitoring Service and Logging Service causing memory exhaustion. |
| 8.0.272 | Active Directory | Fixed Kerberos event reporting on Windows Server 2022 (08-2025 updates). |
| SharePoint Online | Fixed missing file info in FileRecycled events by system processes. | |
| Fixed missing access rights in CompanyLinkCreated sharing events. | ||
| Fixed parsing errors of access levels in Sharing events. | ||
| Added filtering by Client App in monitoring and search. | ||
| Search improvements: added target account display name, client app, clarified event descriptions, show list names instead of IDs. | ||
| CTERA | Fixed only Permission Change logged when file attributes and permissions changed simultaneously. | |
| 8.0.253 | Nasuni | Removed DNS dependency from AMQP setup to prevent agent disconnections under slow DNS responses. |
| 8.0.250 | Active Directory | SUVP 25-07 support; added support for Netwrix Threat Prevention 7.5 agents; fixed TGT events during gold ticket attack. |
| CTERA | Improved duplicate suppression; fixed Portal Filter bulk editing. | |
| NetApp | Fixed FPolicy auto-configuration error “events.name is a required field”. | |
| 8.0.243 | Nasuni | Fixed compatibility with Nasuni 9.5 and added support for Nasuni 10. |
| Search | Improved archive search performance by excluding files outside specified time interval. | |
| 8.0.237 | Nasuni | Fixed certificate trust problem blocking event collection in Nasuni 10. |
| Active Directory | SUVP 25-06 support. | |
| 8.0.236 | Nasuni | Fixed certificate trust issue for Nasuni 10 (breaks Nasuni 9.5 support; see internal notice). |
| 8.0.224 | NetApp | Fixed “Suppress duplicate operations” not applying to Read events; optimized FPolicy Scope updates. |
| Syslog | Corrected misapplied STEALTHAUDIT=ON attribute affecting Access Analyzer. |
|
| Nasuni | Corrected ‘500 Internal Error’ reporting for Edge Appliance 10.0 API calls. | |
| CTERA | Fixed empty attribute changes and “Failed to parse message” errors; restored %ORIGINATING_SERVER% macro. |
|
| Windows | Fixed extra ‘Read’ event immediately after file deletion. | |
| Entra ID | Fixed UPN display errors in Sign-In events. | |
| Console | Added Netwrix Community subscription prompt. | |
| 8.0.212 | NetApp | Added extra logging of ONTAPI calls; reduced unnecessary FPolicy Scope updates causing reconnections. |
| 8.0.208 | Active Directory | Addressed May 13 Microsoft KB conflicts that broke Kerberos / NTLM event capture. |
| Linux (RHEL 9) | Fixed file system event collection failure due to monitor registration issue. | |
| 8.0.197 | Linux Agents | Added agent certificate management capability. |
| 8.0.190 | Entra / SPO / Exchange | Fixed saving and display of configuration settings when adding new services. |
| Dell CEE | Automatically detects and corrects invalid CEE 9.0.1+ settings preventing event collection. | |
| 8.0.171 | Dell CEE | Fixed issue where CEE failed to duplicate events to secondary agents due to EndPoint modification. |
| 8.0.162 | Active Directory | SUVP-25-09 support and restored event collection for affected KBs. |
| NetApp | Fixed “An item with the same key has already been added” error on Connect button for multi-output hosts. | |
| 8.0.156 | SharePoint Online | Fixed “Cannot get information about root site” error when using HTTP proxy. |
| REST API | Fixed PATCH 404 failures for scale-out NetApp hosts monitored by multiple agents. | |
| 8.0.142 | Qumulo | Fixed Monitoring Service memory exhaustion under heavy workload. |
| Active Directory | SUVP 25-03 support; restored Kerberos and LDAP Bind events for affected Windows KBs. | |
| 8.0.126 | Nasuni | Suppressed transient auditing errors during share configuration. |
| Entra ID | Fixed missing display of PIM activation events in Search. | |
| Linux | Fixed missing Samba / SMB activity reporting. | |
| 8.0.124 | NAM | Fixed incorrect SID resolution during search. |
| NetApp | Suppressed transient FPolicy conflicts for multi-agent SVM monitoring. | |
| Active Directory | SUVP 25-02 support; restored event collection for affected Windows KBs. |
Plan your upgrade
Netwrix Activity Monitor 7.1 will reach its end of support life on May 13, 2026. To learn more, please read the Netwrix End-of-Support Policy.
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Activity Monitor > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Activity Monitor > Ideas |
| If you have something cool to show… | Show everyone what you built: Activity Monitor > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!