Patch 3.1.1_P3_GA

  • Updated on Dec 9, 2025
  • 2 minute(s) read
Prev Next

🚀VSP 3.1.1-P3 Customer Release Notes

These release notes outline the key features, fixes, and improvements included in the VSP 3.1.1-P3 patch release. This is a targeted priority release to address certain issues. Most customers currently on VSP 3.1.1-P2 are recommended to remain on that version unless a specific need for these fixes exists.

📅 Release Details

  • Release Date: Dec 8th, 2025

  • Last Updated: Nov 18th, 2025

✨ Key Features and Improvements

1. Enhanced Closed Loop ACP (CLACP) Functionality

Closed Loop ACP (CLACP) is an autonomous application control solution that automatically generates protection patterns from security incidents, creating a "closed loop" feedback mechanism.

  • Per-Host Profile Management: This enhancement provides per-host-profile control of CLACP functionality, enabling administrators to selectively enable autonomous protection on individual host profiles.

  • Improved Detection Accuracy: Enhanced the database used for command-line pattern detection (LOLBIN database) to improve regex accuracy.

2. Improved Linux Compatibility and Data Quality

  • Linux Kernel Driver Fix: Replaced manual driver updates with a kernel-level exclusion mechanism to improve compatibility with third-party Endpoint Detection and Response (EDR) tools. The driver can now read a configuration file to exclude specific protected processes from injection, ensuring continued compatibility.

  • FSR Output Data Quality Fix: Fixed an issue where File System Reconciliation (FSR) scans on Linux U22 workloads produced empty entries in package lists. Package lists now only contain valid package details, improving data quality for downstream consumers.

3. Expanded OS and Package Visibility

  • Extended Windows Package Scan: Enhanced Windows package scanning to include operating system-managed packages by leveraging installed Knowledge Base (KB) updates. This improves visibility into patched CVEs and achieves better parity with Linux package scanning.

  • Expanded OS Support: Added support for Ubuntu 24.04 (LTS). Partial support for Server 2025 is included (HMM/ACP Only).

⚠️ Known Issues

  • 32-bit Executables: If MEP is enabled (Detect or Protect) and a 32-bit application that has been obfuscated via packers is executed, this will trigger a known "null pointer" bug, which will cause a Blue Screen of Death (BSOD).

📝 Operational Guidance

  • CLACP Efficacy: For full efficacy and contextual parent process telemetry, all engines, including MEP, are recommended to be enabled for Application Control Policy (ACP).

    Note: See MEP Known Issue above; if impacted, do not use MEP until the next release.

  • Protect Mode: After the audit, use the bulk rule generator to validate and push ACP rules.

  • VSYSI Driver Exclusion Limit: The driver exclusion mechanism is limited to 20 exclusions and only supports prefix matching (no regex).