← Customer 33366476

#35953 Important Update: Blackpoint Agent Update

New Created Sep 30, 2025, 11:38 PM
System (internal) Sep 30, 2025, 11:38 PM 
Created from Lead: https://artichoke.shield.syncromsp.com/leads/35252370/convert
Check-in (internal) Sep 30, 2025, 11:38 PM 
Important Update: Blackpoint Agent Update
Rolling out shortly: enhanced performance, stronger security, and new features

[embedded image]

Dear valued partner,

We are thrilled to announce a new update to the Blackpoint agent that will start rolling out over the next three weeks starting September 30, 2025.

This update reflects our partner first commitment. We listened closely to your feedback and have worked hard to incorporate it to deliver meaningful enhancements. This update improves agent performance, enhances security, and provides a number of additional fixes and enhancements that not only improve the overall functionality and experience of the product, but also lays the foundation for features that will be included in the upcoming release of CompassOne.

Below you will find the details on what is specifically included in this update. As this update rolls out, you will be able to see the latest agent version on devices reflected in the portal. If you have any questions, please don’t hesitate to reach out to our Client Success team. We’re here to help!

Thank you for your continued partnership and for helping to shape the future of our product.

Blackpoint agent update details:

-  Windows Security policy management with Microsoft Intune detection This new capability helps customers see the status of Microsoft Antivirus and Windows Security policies and make configuration changes directly in the portal. For devices managed through Microsoft Intune, the agent automatically detects and reflects Intune’s configuration settings, enabling a more seamless experience.

-  Network scanning support for vulnerability management in CompassOne
We’ve added the ability to run network scans directly from the selected agent, enhancing vulnerability management capabilities in CompassOne. This provides deeper insight into vulnerabilities, open ports, misconfigurations, and unauthorized devices that could be exploited inside the environment.

-  Eliminated duplicates for renamed or re-imaged devices
We’ve resolved an issue that previously created duplicate devices when devices were renamed or reimaged. The agent now retains its ID locally so changes to host or domain names no longer trigger the generation of a new agent ID, improving the accuracy of the device inventory.

In addition, the Agent Installer now supports a --goldenimage flag. This ensures that each device created from a master image receives a unique agent ID, preventing duplication and simplifying rollouts.

-  Enhanced security for Active Directory
We’ve enhanced MDR protections for customers using Active Directory (AD) controllers, whether or not they use Microsoft Entra ID.

Our agent now communicates directly with AD controllers to ensure immediate and consistent enforcement of security actions.

We’ve closed enforcement gaps where now accounts disabled by the SOC in Entra ID that originate from on-premises AD controllers will remain disabled when AD controller to Entra ID replication occurs. In addition, organizations with AD controllers who are not using Entra ID can now be protected by Blackpoint’s industry leading MDR service.

-  Decommissioned agents improvements
Decommissioned agents now only query for reactivation, no longer sending heartbeat signals. In addition, application control is automatically uninstalled when an agent is decommissioned. These enhancements help prevent overbilling and reduce CPU usage.

-  Agent performance improvements
We’ve made improvements to reduce CPU usage and boost overall agent performance during surveys. Surveys now consume fewer resources, especially on server class systems and systems with higher process counts. We’ve also eliminated unnecessary survey data collection, improving agent efficiency.

-  Removal of non-beneficial FIMS events
Non-beneficial FIMS events from the WinSxS directory are no longer collected and processed, helping to optimize agent data collection. This directory stores shadow copies of Windows patches and updates, which generates a non-trivial volume of file updates signed by Microsoft.

-  Ransomware detection enhancements
Our agent’s ability to detect new ransomware attacks has been improved. Canary files, used to identify malicious activity, are no longer hidden, allowing detection of ransomware that bypasses hidden files. In addition, user shared directories are now protected with canary files, improving early detection across environments. For additional information regarding Canary files, please review our support [page](https://czdmH04.na1.hubspotlinks.com/Ctc/RG+113/czdmH04/MWvtclLxRDjVFPR4m6Kd7MPW8XrjSc5D4YlDMSn_pR5nXHCW95jVnq6lZ3kqW96D1FQ7pC9v8W2m1V0X7KMnGJW47BfGt8721jzW16CQZV8crgYQW8xPcvx7J3lh_W6FB13t353zkbW62cdCJ44CgVVW5YJ44R7w-x6ZW3wLztR921fq6N7XfrplL9ndSW3Pl7sw4SnLxpW2ktL0y1pbqyVW9csqCQ9d94QsW1jVnpr4HpcFfW4fryP64lVNZmW1Clcgl20BPzyW3fRhQ_8fKM8dW2b_VD_4K7R-3N4DM1CQgh7wHW5l3X_P8mxWW2N8CxKV2HKmDXW55T7jP7nwHc6W8wm8WX13xkHPW5q5ssg1zY2wqW5F05Fg4FnRH0N3LrT5NZ5DycW8WYcqq6zmBjcW3T3nlQ71548MW2LSXwH18pJpMW5B5Rbb3jf_cZW2myPRT8WHNf2W8ttfpV56MxKzW1q80Rq956NfrW6d81Vp4fPh-BW44jy6R38sJp7W5y0fmT98l6cmW4_PZpv2jHqNYW2wxr2D1v4gd9W4T2rqw2rc5p6VVP31B3_7ZFpW3DBgS57Hybx2W6RF3hC8Qf4MNW1WTSsB5G3V6pW8GpmdS3VD1RHVHZNRX3lL8dsW2RZrF14RdPqTf4PGhqs04).

-  Device type enhancements
We’ve enhanced the agent’s ability to accurately identify device types including laptops, desktops, servers, and domain controllers. This improves asset classification and visibility.

-  Common Event Format (CEF) support
The agent now supports syslog messages formatted in the newer Common Event Format (CEF), including those from Ubiquiti syslogs. This enables compatibility across a broader array of vendors which simplifies integration, enhances event correlation, and improves threat detection.

-  Updated signing of deployment packages
We’ve refreshed the signing certificate for expired deployment packages and updated our infrastructure to support deploying the latest agent release directly to new devices, rather than the previous N-1 deployment and upgrade model. This ensures faster deployment and reduces potential delays in enabling devices with the latest features and protections.

-  Persistent Device Configuration Option
We’ve added support for a new local configuration file that persists across upgrades. This ensures that device specific settings remain without requiring reconfiguration, helping to save time and maintain consistency.

If you have any questions or concerns, we’re here to help. Please reach out to your dedicated Client Success Architect, or, [email protected].

Stay tuned for more exciting product updates over the next several weeks!

Best,

Blackpoint Client Success

[embedded image](https://czdmH04.na1.hubspotlinks.com/Ctc/RG+113/czdmH04/MWvtclLxRDjVFPR4m6Kd7MPW8XrjSc5D4YlDMSn_pR3qn9qW95jsWP6lZ3kqW24pXvQ7wzZ14W7xBldP8X5WCPW45B_Lc2m9CMdN5D7L6YJX_dDW32QcHs5L8-qhW6CC0M15Z5dW7W6VV_563lsdfwW6ZW03L13zX-9W4H8wyB1Wg-KYW8dP0qx3nBpW7W1jzqKh8Wht8PN4KmZtqCGBL_W37Wj341NjnDvW87sKxk3LnJJKVxKXx68VJ82dW4rG8BP1mvhyyW1Dbnj77C0cPRW4TFDGn2XzmdWW3d-hrJ78tr3DW2WMTzC7Wq8BdW8fm6mB1gZ8dFVzVFzh6C1j3fN5V0TfhHBkVwW3d7zXK6R91SNW4C9z_T7-shvFW9j-jFk5Y2MPvW7ghnxr12XB4SW3LsMcr2fhQzpW4gnXCK2Q17C1W4rqccX4v6jBWf889w-H04)	[Check us out on LinkedIn](https://czdmH04.na1.hubspotlinks.com/Ctc/RG+113/czdmH04/MWvtclLxRDjVFPR4m6Kd7MPW8XrjSc5D4YlDMSn_pR3qn9qW95jsWP6lZ3pCW4Lt5JH939H2CW8ygJ0V1Mld0hW6Z3ZK31N2731W4cW2Nv2CN7f8VPLSTJ66LCqqW8j2m8c74jXjGW5SlCfT1w92C-W60kmtp9jBjJ0N3hHh1hJtGfgN56TXryqxRzzW7fDqr28qbX1-N1l9wrKX7MfCW6nJVFW6-kZ_BW23XZq65M8Wp8W74TTj04P0NXlN4DhzSdbL_2tW4W2xvM27RgYBW8vsqzv4dxCGTW74LB6Y12b6LMN5XQxxHjR7X3VX_p5n882ZgxVCyfDm8P1gCLW412mVX7qfz_LW6DYVVx61KrdXN14V-hV3tcbyW5NWldF185vRRW1X2zq76T-zcdW19HLQf2SGB_rW4NGTPQ7hhCV9W3Bwnx14dnLnLf4G52s004)

Blackpoint Cyber, 1099 18th Street, Suite 3050, Denver, Colorado 80202, United States

[Unsubscribe](https://hs-4759974.s.hubspotemail.net/hs/preferences-center/en/direct?data=W2nXS-N30h-GQW3XXTXZ3b2wYRW34nyNZ3bkWRfW2TJGX-3yW9v9W3yL3km4cGmzSW2MMLxN2RkvKgW43PQPk43Xw7DW3SBybf4cqTDrW3QM-d12RhRbCW2KyFDW3zk1L0W47ljS33ZXHzRW3BPc5v4fJBGHW38x3Pv4fK2YfW43NDgs2MmXLdW3SYLGl36GphHW49wgbb3_YGMSW3Zt9QH3ZYXmyW3H3DdF3bkrJDW3_GkQb3yNYVfW4hmz1R3JZ5msW3ZM8-w2-HBw2W3SMLd54kDy27W4kl1MZ251f0kW49CHDy3ST9XQW3dfznS3GKTcsW4ppnC03j88zDW1_32jN3VRdSpW3VJDP938jp9RW2YgPdD1Zs8RnW2qWpjx2x-qjFW3487Gj41DtZ5W3BXgF11LgzcvW3DKdrD3T1dkdW4hKF5w3gxlXZW47mz473ZwFQWW3y-M8_45xrxpW3dqFym2TqghjW32cbsb2-q2vvW2388v72CFvmsW2CXpZK3_HDMcW3bhQp53bdTpfW2-myDV3_Lx0SW3G_sM_3M9nK1W4frtsR45XfrdW3Xyyh53Y2-7tW3Kd4QV2Wg-xyW36F_PW3jmQpHW4k8wGM1BmxchW1Sr5-81LCR1HW1W_qG53XNxzzW3BXdVh2RNC2mW45WtLr3QFfKJ0&utm_campaign=5642270-2025_Partner_Communications&utm_source=hs_email&utm_medium=email&utm_content=383073120&_hsenc=p2ANqtz-8VvqOioU-V_BSPwPpUe6rWl6I1BBpc9fH3Z0lqS88gyddSZFVO1GSXPYOe2CLfROrx8f-zSWefY5JBKB6_o-FO2KUs6O4DIUa7RYVrSKyvRnCROaA&_hsmi=383073120) [Manage preferences](https://hs-4759974.s.hubspotemail.net/hs/preferences-center/en/page?data=W2nXS-N30h-GQW3XXTXZ3b2wYRW34nyNZ3bkWRfW2TJGX-3yW9v9W3yL3km4cGmzSW2MMLxN2RkvKgW43PQPk43Xw7DW3SBybf4cqTDrW3QM-d12RhRbCW2KyFDW3zk1L0W47ljS33ZXHzRW3BPc5v4fJBGHW38x3Pv4fK2YfW43NDgs2MmXLdW3SYLGl36GphHW49wgbb3_YGMSW3Zt9QH3ZYXmyW3H3DdF3bkrJDW3_GkQb3yNYVfW4hmz1R3JZ5msW3ZM8-w2-HBw2W3SMLd54kDy27W4kl1MZ251f0kW49CHDy3ST9XQW3dfznS3GKTcsW4ppnC03j88zDW1_32jN3VRdSpW3VJDP938jp9RW2YgPdD1Zs8RnW2qWpjx2x-qjFW3487Gj41DtZ5W3BXgF11LgzcvW3DKdrD3T1dkdW4hKF5w3gxlXZW47mz473ZwFQWW3y-M8_45xrxpW3dqFym2TqghjW32cbsb2-q2vvW2388v72CFvmsW2CXpZK3_HDMcW3bhQp53bdTpfW2-myDV3_Lx0SW3G_sM_3M9nK1W4frtsR45XfrdW3Xyyh53Y2-7tW3Kd4QV2Wg-xyW36F_PW3jmQpHW4k8wGM1BmxchW1Sr5-81LCR1HW1W_qG53XNxzzW3BXdVh2RNC2mW45WtLr3QFfKJ0&utm_campaign=5642270-2025_Partner_Communications&utm_source=hs_email&utm_medium=email&utm_content=383073120&_hsenc=p2ANqtz-8VvqOioU-V_BSPwPpUe6rWl6I1BBpc9fH3Z0lqS88gyddSZFVO1GSXPYOe2CLfROrx8f-zSWefY5JBKB6_o-FO2KUs6O4DIUa7RYVrSKyvRnCROaA&_hsmi=383073120)
[embedded image]