Looking for a bug fix list for all versions of Threat Prevention?
All bug fixes will automatically be added here!
Looking for Microsoft KB Updates? Skip to the Agent Updates section with the table of contents on the right
8.0 Updates
Version 8.0 Released
January 8, 2026
| Build | Fixed issue |
|---|---|
| 7.5.0.267 | 403256: AD events were filtered when attributes were accessed but not changed; new Event Filtering Configuration option added |
| 408453: High CPU utilization due to slow DirRead-based objectClass resolution; resolution moved to the agent | |
| 410279: LSASS crash on Windows Server 2025 with LSA Protection during agent stop; multi-signature approach implemented with a dedicated Server 2025 signature | |
| 410528: Exchange SE SU4 was not supported; Exchange signatures extended to support SU4 | |
| 411172: Installers checked for .NET Framework 4.7.0; NTP console and agent installers now require .NET Framework 4.7.2 | |
| 7.5.0.256 | 407684: Get-SIAgent and other PowerShell commands not working |
| 408756: NTP agent caused server reboot | |
| 408841: Exchange SE support added to 7.5 | |
| 7.5.0.252 | 407212: SUVP 25-11 support |
| 406920: Replication conflict events had NotMapped properties in NTM | |
| 406450: Permission Changed events sent with incorrect attributes to NTM | |
| 7.5.0.247 | 405820: Exchange 25-10 updates support |
| 406602: Expired code signing certificate | |
| 406427: Update Agent Installer error message [PERN] | |
| 7.5.0.245 | 405959: Incorrect ADMonitor version number reported |
| 7.5.0.244 | 400587: Upgrade BouncyCastle |
| 405320: Added utcTimeLogged index to NvEvent table | |
| 7.5.0.242 | 400587: Upgrade BouncyCastle |
| 402819: Preserve localPwnedDB key during agent upgrade | |
| 403356: SUVP 25-10 support | |
| 7.5.0.236 | 401764: AD replication issues after September patch and DLL update |
| 401934: AD replication shared memory IPC overflow alerts | |
| 7.5.0.234 | 391153: SBTService repeatedly stopped on multiple DCs |
| 398094: Missing Start, End, Auth, and Renew dates in rejected TGS tickets | |
| 398101: Host information missing in dcsync events | |
| 398537: Expand Groups setting not saved | |
| 398797: Exchange 25-08 updates support | |
| 400007: SUVP 25-09 support | |
| 7.5.0.227 | 397188: SUVP 25-08 support |
| 398055: DSM post-upgrade showed incorrect oldest database date | |
| 7.5.0.224 | 394634: File system permission change events sent formatted value instead of SDDL |
| 395156: Exchange 25-07 .NET updates support | |
| 396765: No events sent to NAM after enabling TLS for AMQP output | |
| 7.5.0.218 | 393085: Windows Server 2025 – LSASS crash during agent startup with EPE enabled |
| 7.5.0.216 | 393162: SUVP 25-07 support |
| 394105: NTP–NAM CheckControlChannelConnection not implemented error | |
| 391515: TGT events not sent during golden ticket attack | |
| 7.5.0.212 | 391328: EX Mailbox Non-Owner Logons filter did not produce expected results |
| 7.5.0.205 | 389319: Exchange 2025-05 updates support (Microsoft Patch Tuesday) |
| 389320: SUVP 25-06 support | |
| 7.5.0.201 | 342078: SI policy exclusions for NTDS.dit not honored |
| 383698: SI computer permission change | |
| 383913: Updated LDAP filters for service account discovery | |
| 384413: EPE test results showed DCs failing password qualification | |
| 388933: Group membership change events had incorrect sub-operation | |
| 389099: Password enforcement policy issues | |
| 389104: Password enforcement incorrectly blocked accounts | |
| 389698: Incorrect archive database size displayed | |
| 389699: Archive DB maintenance configuration not saved | |
| 7.5.0.188 | 381912: TGS events for custom SPN with RC4_hmac not sent |
| 381900: Agent service could not stop and LSASS consumed CPU | |
| 384877: Exchange 2025-04 updates support | |
| 386437: Investigation node exception when switching to Archive DB | |
| 384868: SUVP 25-05 support |
7.5 Updates
Patch Version 7.5.0.267 Released
January 6, 2026
-
403256 – AD events missing from Netwrix Threat Prevention
Before: AD monitor filtered AD events when attributes were accessed but not changed.
After: A new setting in Event Filtering Configuration allows inclusion or exclusion of this type of AD event. -
408453 – High CPU utilization caused by Netwrix Threat Prevention agent
Before: AD Monitor resolvedobjectClassusing slow DirRead LDAP queries, causing elevated CPU usage.
After:objectClassresolution has been moved to the agent, reducing CPU utilization. -
410279 – LSASS crash on Windows Server 2025
Before: A single signature was used forPspApplyMitigationOptionscandidate resolution, which could cause LSASS crashes with LSA Protection enabled during agent stop.
After: A multi-signature approach has been implemented, including a dedicated signature for Windows Server 2025. -
410528 – Exchange SE SU4 support
Before: Netwrix Threat Prevention agents did not support Exchange SE SU4.
After: Exchange signatures have been extended to support Exchange SE SU4. -
411172 – .NET Framework requirement
Before: Netwrix Threat Prevention console and agent installers checked for .NET Framework 4.7.0.
After: Netwrix Threat Prevention console and agent installers now require .NET Framework 4.7.2.
Patch Version 7.5.0.256 Released
November 25, 2025
PowerShell
- Fixed an issue where
Get-SIAgentand other PowerShell commands failed due to incorrect handling ofDateTimevalues during gRPC serialization.
Windows Agent
- Resolved a potential LSASS crash on Windows Server 2025 systems with the KB5068861 (2025-11) update installed.
Exchange SE
- Added Microsoft Exchange SE support.
Patch Version 7.5.0.245 Released
October 30, 2025
- Fixed an issue where the ADMonitor version number was displayed incorrectly.
Patch Versions 7.5.0.244 / 7.4.0.273 Released
October 23, 2025
Issues Resolved
- 400587: Upgraded the BouncyCastle cryptography library to the latest supported version to enhance security and maintain compliance with current encryption standards.
- 405320: Added an index on the
utcTimeLoggedcolumn in theNvEventtable to improve database query performance and event logging efficiency.
Patch Version 7.5.0.236 / 7.4.0.250 for Threat Prevention Agents Released
September 19, 2025
New builds of the Netwrix Threat Prevention agent (7.5.0.236 and 7.4.0.250) have been released to address an issue affecting DCSync blocking policies.
Summary
A bug affecting host filtering in DCSync blocking policies was introduced in agent builds released on or after August 13 (part of the August SUVP update). This issue could potentially interfere with Active Directory replication, especially in environments with blocking policies enabled. As a result, environments relying on these policies to prevent unauthorized replication attempts may experience Active Directory replication issues.
Recommended Action
- Update agents to version 7.5.0.236 or 7.4.0.250 as soon as possible.
- If updates cannot be applied immediately, we recommend disabling DCSync blocking policies temporarily to avoid replication disruption.
- DCSync monitoring policies are not impacted and can remain enabled.
Issues Resolved
- 401764: Multiple domain controllers experiencing replication issues after installing the September patch and latest DLL
- 401934: Active Directory replication shared memory IPC overflow alerts
Patch Version 7.5.0.224 Released
July 31, 2025
∙ 394634: NTM | File System permission change events are sending the formatted value instead of the SDDL value
Resolved an issue where file system permission changes reported formatted values in event data, rather than SDDL format.
∙ 395156: Exchange: 25-07 .NET updates support
Threat Prevention now supports the July 25 .NET Framework updates for Exchange environments, ensuring compatibility and continued monitoring.
∙ 396765: NTP → NAM: No events after implementing TLS for AMQP output
Resolved an issue where no events were sent from Netwrix Threat Prevention to Netwrix Activity Monitor after enabling TLS for AMQP output.
Patch Version 7.5.0.218
July 17, 2025
Netwrix Threat Prevention Agent
Fixed issue 393085
On Windows Server 2025 only, LSASS may crash during the startup of Netwrix Threat Prevention Agent 7.5.0 when the Enterprise Password Enforcer (EPE) policy is enabled.
To address this issue, upgrade the Netwrix Threat Prevention Agent to version 7.5.0.218. No changes are required for other components.
Patch Version 7.5.0.212 and 7.4.0.221 Released
July 3, 2025
Exchange Monitoring
- Fixed issue: 391328 — Filter configuration for “EX: Mailbox Non Owner Logons” did not produce the expected results [NBP].
Note: This issue affects only customers using the Exchange Monitoring module.
Minor Version 7.5 Released
April 15, 2025
| Build | Fixed Issue |
|---|---|
| 7.4.0.176 | 377758: SUVP (MS Patch Tuesday) 25-03 support 378015: Don’t keep Adtrace log by default 378689: ADWS log level is “DEBUG” by default |
| 7.4.0.164 | 374941: Exchange 2019 CU15 support |
| 7.4.0.163 | 374172: SUVP (MS Patch Tuesday) 25-02 support |
| 7.4.0.159 | 369357: Upgrade from StealthINTERCEPT Server 7.3.9 to (NTP 7.4) Netwrix Threat Prevention Server 7.4.0 |
| 7.4.0.157 | 369897: Update to 7.4 preventing PowerShell scripts from referencing groups with special characters in name 371447: Exchange: 25-01 .NET updates support 372415: NTP is missing computer deletion events 373486: LDAP trace log grows even with disabled trace when LDAP Bind policy is Enabled |
| 7.4.0.149 | 342815: PWNED Database is not downloading automatically (via Schedule) works manually 365125: Brute force attack not ignoring failed logins with expired password 370069: SUVP (MS Patch Tuesday) 25-01 support |
| 7.4.0.127 | 367335: SUVP (MS Patch Tuesday) 24-12 support 365219: Exchange: 24-11 .NET updates support 364959: Exchange: KB5044062 for 2016 CU23 and 2019 CU13-14 support 366313: Exchange: KB5049233 for 2016CU23 and 2019 CU13-14 support |
| 7.4.0.102 | 364047: NTP - Install package is not signed properly with the certificate: Content type: Cert. |
| 7.4.0.95 | 342078: NTP Policy - Not adhering to exclusions for NTDS.dit BLOCKING- Ignore SYSTEM Account set but Events still coming in |
| 7.4.0.94 | 360662: Agent is enabling LDAP Interface Diagnostic Logging |
| 7.4.0.90 | 359550: SUVP (MS Patch Tuesday) 24-10 support 354845: CSR Requests getting Denied due to Missing Fields |
| 7.4.0.77 | 354789: NTP - AD Attributes Filter - User Account Modifications monitoring |
| 7.4.0.71 | 342078: NTP Policy - Not adhering to exclusions for NTDS.dit BLOCKING- Ignore SYSTEM Account set but Events still coming in 351057: NTP - DC win 2012 R2 continues reboot after agent upgrade from 7.3 356344: SUVP (MS Patch Tuesday) 24-09 support 356486: Issue – Some events are being captured and some are not – All users are being added to the group 356581: Authentication lockdown policy does not save ‘allow’ filters settings in some cases |
7.4 Updates
Patch Version 7.4.0.282 Released
November 25, 2025
PowerShell
- Fixed an issue where
Get-SIAgentand other PowerShell commands failed due to incorrect handling ofDateTimevalues during gRPC serialization.
Windows Agent
- Resolved a potential LSASS crash on Windows Server 2025 systems with the KB5068861 (2025-11) update installed.
Patch Version 7.4.0.229 Released
July 31, 2025
∙ 394634: NTM | File System permission change events are sending the formatted value instead of the SDDL value
Resolved an issue where file system permission changes reported formatted values in event data, rather than SDDL format.
∙ 395156: Exchange: 25-07 .NET updates support
Threat Prevention now supports the July 25 .NET Framework updates for Exchange environments, ensuring compatibility and continued monitoring.
∙ 396765: NTP → NAM: No events after implementing TLS for AMQP output
396765: Resolved an issue where no events were sent from Netwrix Threat Prevention to Netwrix Activity Monitor after enabling TLS for AMQP output.
Version 7.4 - Release Notes & Bug Fixes
September 4, 2024
See the Netwrix Threat Prevention v7.4 - Bug Fix List for a list of bugs fixed in this version.
Agent Updates
Agent Packages for Microsoft KB Update (March 10, 2026) Released
March 12, 2026
Bug Fixes and Miscellaneous Updates
On March 10, 2026 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
Updated agent builds:
- 8.0.0.42
- 7.5.0.287
- 7.4.0.293
Additional Fixes Included in This Release
This update also includes the following fixes and improvements:
403245: The alert for automatic host list refresh is now suppressed. “Policy updated” alerts are only raised when an administrator explicitly modifies and saves a policy.
414091: The collection revision number is now synchronized between the collection and the expanded collection. Identical configurations deployed to test and production now produce consistent results.
417987: All Kerberos principal name fields are now decoded with UTF-8 (CP_UTF8). Accented characters in account names are preserved correctly across all captured event data.
417370: Agents are fully functional with Exchange SE SU5. Agent parsing has been updated to accommodate the February 2026 Exchange Security Update, restoring full Exchange monitoring coverage.
Agent Packages for Microsoft KB Update (March 10, 2026) Released
March 12, 2026
Bug Fixes and Miscellaneous Updates
On March 10, 2026 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
Updated agent builds:
- 8.0.0.42
- 7.5.0.287
- 7.4.0.293
Additional Fixes Included in This Release
This update also includes the following fixes and improvements:
403245: The alert for automatic host list refresh is now suppressed. “Policy updated” alerts are only raised when an administrator explicitly modifies and saves a policy.
414091: The collection revision number is now synchronized between the collection and the expanded collection. Identical configurations deployed to test and production now produce consistent results.
417987: All Kerberos principal name fields are now decoded with UTF-8 (CP_UTF8). Accented characters in account names are preserved correctly across all captured event data.
417370: Agents are fully functional with Exchange SE SU5. Agent parsing has been updated to accommodate the February 2026 Exchange Security Update, restoring full Exchange monitoring coverage.
Agent Packages for Microsoft KB Update (February 10, 2026) Released
February 12, 2026
On November 11, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
Updated agent builds:
- 8.0.0.36
- 7.5.0.274
- 7.4.0.291
Additional Fixes Included in This Release
This update also includes the following fixes and improvements:
- 412098: Rebranded the description of the NTP GPO service.
- 412485: Disabled the Apply update button in the Agent update dialog after uploading a new agent to Enterprise Manager to prevent unintended actions.
- 413434: Resolved an issue where Hardening mode did not resume after an Agent upgrade.
- 413465: Ensured the ADMonitor module is updated only within the current product version.
- 413803: Fixed an issue where hosts used for filtering could be empty for certain policies after import.
- 413927: Addressed cases where Agents could lose connection after an Enterprise Manager restart.
Agent Packages for Microsoft KB Update (January 13, 2026) Released
January 15, 2026
On November 11, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
Updated agent builds:
- 8.0.0.29
- 7.5.0.272
- 7.4.0.289
Agent Packages for Microsoft KB Update (November 11, 2025) Released
November 13, 2025
On November 11, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
Updated agent builds:
- 7.5.0.252
- 7.4.0.280
- 7.3.9.332
If you are using Threat Prevention agents to provide AD event data to Netwrix Threat Manager, you may need to update your agents to maintain compatibility. No updates are required to the Threat Manager installation itself.
Updated Threat Prevention Agents released
October 31, 2025
- 405820: Exchange 25-10 updates support
- 406602: Expired code-signing certificate
- 406427: Update Agent Installer error message [PERN]
Agent Packages for Microsoft KB Update (October 14, 2025) Released
October 17, 2025
On October 14, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
Updated agent builds:
- 7.5.0.242
- 7.4.0.269
Agent Packages for Microsoft KB Update (September 9, 2025) Released
September 11, 2025
On September 9th 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
- 7.5.0.234
- 7.4.0.246
- 7.3.9.317
Agent Packages for Microsoft KB Update (August 12, 2025) Released
August 14, 2025
On August 12, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
• 7.5.0.227
• 7.4.0.233
• 7.3.9.309
Agent Packages for Microsoft KB Update (July 8, 2025) Released
July 10, 2025
On July 8, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
- 7.5.0.216
- 7.4.0.227
- 7.3.9.303
- 7.3.7.473
Agent Packages for Microsoft KB Update (June 10, 2025) Released
June 13, 2025
On June 10, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
- 7.3.7.469
- 7.3.9.297
- 7.4.0.219
- 7.5.0.205
Agent Packages for Microsoft KB Update (May 13, 2025) Released
May 15, 2025
On May 13, 2025 Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will conflict with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
- 7.3.9.286
- 7.4.0.201
- 7.5.0.188
Agent Packages for Microsoft KB Update (April 8,2025) Released
April 10, 2025
On April 8, 2025, Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will cause compatibility issues with current agents, as described in this announcement.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
- 7.3.7.449
- 7.3.9.266
- 7.4.0.180
- 7.5.0.176
Threat Prevention Agent 7.3.6.481, 7.3.7.441, 7.3.9.258, 7.4.0.164
February 25, 2025
On February 23, 2025, Microsoft distributed KBs that conflict with existing Netwrix Threat Prevention agents. If these KBs are applied to your systems, they will cause compatibility issues with current agents.
Netwrix has issued updated agent packages that have support for new Microsoft KBs.
The updated builds are:
- 7.3.6.481
- 7.3.7.441
- 7.3.9.258
- 7.4.0.164
The following versions may have limited or no support. Please see the