Want the full details? Click the link below!

What’s Changed in Netwrix Threat Manager 3.2

Upgrade Requirements
Before upgrading, we recommend reviewing the complete upgrade guide for both Netwrix Threat Manager and PostgreSQL. Following the documented procedures helps ensure a smooth transition and reduces the risk of data loss or system disruption.
Upgrade Threat Manager from 3.1 to 3.2
Upgrade PostgreSQL 14 to 18

Active Directory Certificate Services (AD CS) Attacks Detection

Threat Manager 3.2 now adds AD CS detection, surfacing AD CS exploitation patterns so your team can investigate, respond, and close gaps across the full attack lifecycle.

New detections include:

• ESC1 – Misconfigured Certificate Templates: Detects enrollment requests using templates that allow arbitrary Subject Alternative Names, enabling attackers to impersonate any domain principal including Domain Admins.

image (6)2557×972 221 KB

• ESC3 – Certificate Request Agent Abuse: Identifies unauthorized on-behalf-of enrollments that allow attackers to obtain certificates for privileged accounts.

• ESC4 – Vulnerable Certificate Template ACLs: Flags overly permissive template ACLs that allow unprivileged users to introduce exploitable misconfigurations.

• ESC7 – Vulnerable Certificate Authority ACLs: Detects when non-privileged accounts gain dangerous CA-level permissions such as ManageCA or ManageCertificates.

Note: Update Netwrix Threat Prevention to the latest version to enable the new AD CS templates for Netwrix Threat Manager.

Improved Service Accounts Dashboard

The redesigned dashboard gives you instant visibility into your service account risk posture, with summary charts showing your vulnerable account ratio, account type breakdown, and password age distribution at a glance. Inline risk indicators and a dedicated Vulnerable status column let you prioritize remediation in seconds, without exporting data or cross-referencing other tools.

image (6)1920×942 208 KB

PostgreSQL 18 Support

Netwrix Threat Manager now supports PostgreSQL 18, delivering faster load times and
improved performance. Existing PG14 deployments continue to be supported until end of life
in November 2026, so you can plan your migration and schedule downtime at your convenience.

Other Enhancements

• Upgraded the application to .NET 10.
• Improved overall page rendering performance across the application.
• Migrated the frontend build tooling, significantly improving page load times.
• Removed the TimescaleDB dependency, simplifying the database tier and reducing overhead.
• Custom values are now supported in attribute value filters when configuring threat exclusions.
• Added warning banners to alert users when credential profiles become corrupted or the database goes offline.
• Added an error message in the installer when the PowerShell execution policy prevents installation.
• Dashboard charts now show loading placeholders while data is being fetched, eliminating blank areas.
• Improved the database migration experience in the setup wizard to reduce friction for upgrade scenarios.

Bug Fixes and Miscellaneous Updates

• Fixed inconsistent domain names and data appearing for the same host across threat and investigation views. (Escalation 432252)
• Fixed a false positive Pass-the-Ticket threat alert. (Escalation 432705)
• Fixed Okta OIDC integration sometimes preventing web console from loading. (Escalation 432708)
• Fixed the installer warning message colors not matching the updated design.
• Fixed an infinite request loop and gray screen occurring after a successful SAML/OpenID Connect login.
• Fixed Active Directory moved objects being logged as renamed instead of moved.
• Fixed the error recovery screen not allowing navigation to configuration pages.
• Fixed a user-friendly error message not appearing when NTM starts with PostgreSQL stopped.
• Fixed incorrect SID-to-object mapping in AdminSDHolder ACL Tampering threat evidence.
• Fixed empty playbook log details appearing for all executions after viewing an empty entry.
• Fixed the “About Threat Manager” system settings page displaying an error screen.
• Fixed AD/EntraID synchronization history showing no results.
• Fixed the backend service monitor not functioning correctly after service startup.
• Fixed certain “Resolve PIM alert” Azure events failing to insert into the database.
• Fixed certain custom threat exclusions not displaying autocomplete.
• Fixed upgrade failures caused by custom workflow steps whose names conflicted with built-in steps.
• Fixed an installer version detection issue that blocked installation when the same or newer version was already installed.
• Fixed incorrect threat activity icon color on the threat details page.
• Fixed the missing loading indicator when searching on the threats timeline.
• Fixed the authentication provider settings displaying the wrong value after switching providers.
• Fixed incorrect evidence displayed for the Potential BadSuccessor Abuse threat.
• Fixed the Potential BadSuccessor Abuse threat details page failing to load when rollup data included more than 10 affected objects.
• Fixed Favorites investigations remaining visible after user permissions were removed.
• Fixed excessive duplicate logout requests being sent during sign-out.
• Fixed incorrect target and client column data for file system events from Isilon data sources.
• Fixed various UI components displaying outdated visual styles and misaligned checkbox elements.
• Fixed long names in the Threat Activity panel causing unintended horizontal page scrolling.
• Fixed the workflow confirmation dialog displaying inconsistent styling across different steps.
• Fixed the Automated Account Detection job incorrectly appearing in the custom threats list.
• Fixed an empty error notification appearing for invalid integration URLs.
• Fixed the database availability API endpoint returning incorrect responses.

Need help with this update?

There are many different ways to get help with our products!

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please share your thoughts below!