Monitoring - A fix has been implemented and we are monitoring the results.
Nov 26, 2025 - 08:20 CST
Nov 26, 2025 - 08:20 CST
Update - We are continuing to work on a fix for this issue.
Nov 25, 2025 - 17:06 CST
Nov 25, 2025 - 17:06 CST
Identified - --Executive Summary
Liongard recently deployed an update to the Liongard Agent that unintentionally introduced instability in some partner environments. The update included a new Nmap-based enhancement for Network Discovery, but the way this capability was packaged and distributed resulted in several endpoint protection platforms—most notably SentinelOne—flagging legitimate components as malicious.
This issue was not due to a security compromise, but rather to how the Nmap integration was implemented in the agent. Some security solutions interpreted the bundled Nmap installer as a threat, leading to quarantines and—in more severe cases—temporary loss of network connectivity on protected endpoints.
Liongard takes full responsibility for the disruption this caused.
To immediately mitigate partner impact, we are releasing Agent version 5.1.1, which removes the Nmap integration entirely and clears existing Nmap files from the Liongard Agent directory. This rollback will temporarily pause Network Discovery functionality until it is reintroduced with a more compatible, rigorously validated design in version 5.1.2.
--Detailed Technical Analysis
--What Happened
Agent versions 5.0.4 through 5.1.0 introduced Nmap to expand Network Discovery capabilities. Although secure and intentional, the method of bundling this tool resulted in some EDR/AV vendors misidentifying it as a “Hacking Tool.”
Because of this misalignment between our packaging approach and security vendor expectations, certain policies responded aggressively, quarantining files or disabling network adapters entirely.
--Root Cause
The issue originated from how the Nmap installer was included and delivered within the Liongard Agent. While Nmap itself is widely used and trusted, our deployment approach triggered behavior- and signature-based detections in several protection platforms.
This was a preventable integration challenge on our part, and we are taking action to ensure it does not recur.
--Immediate Remediation: Agent 5.1.1
To stabilize partner environments, Agent 5.1.1 will:
· Fully remove the Nmap installer from the agent
· Remove any existing Nmap files from previously installed versions
· Prevent further EDR false positives related to this release
· Temporarily suspend Network Discovery Inspector functionality
Work is already underway on Agent 5.1.2, which will restore Network Discovery using an approach that aligns with modern EDR expectations and vendor security criteria.
--Moving Forward: Improvements & Preventive Measures
Liongard is committed to learning from this event and improving both our release processes and our diligence around security vendor compatibility.
1. Strengthened Pre-Release Testing With Security Vendors
We are expanding testing and validation across multiple EDR/AV vendors—including SentinelOne, CrowdStrike, and Microsoft Defender—to ensure future changes are recognized as safe before release.
2. Enhanced Packaging & Architecture Review
Before introducing utilities or scanning tools like Nmap, our engineering teams will now perform deeper compatibility reviews tailored to how EDRs evaluate installers, command-line utilities, and network-scanning behaviors.
3. Earlier & More Detailed Partner Communication
Future architectural updates will be accompanied by:
· Clear technical preparation steps
· Updated EDR allowlisting guidance
· Early communication for partners with strict security postures
4. Expanded Internal Validation
We are enhancing our release pipeline to include:
· Multi-vendor false-positive testing
· Behavior-based security scanning
These steps are designed to prevent similar disruptions and ensure future enhancements are introduced with the necessary rigor and validation.
--Closing Statement
We acknowledge the disruption this incident caused and take responsibility for the impact on your operations. Our team is fully committed to resolving the issue, restoring full functionality, and implementing the improvements needed to prevent this from happening again.
Thank you for your continued partnership and patience as we work through this with urgency and care. If you have any questions or need support with affected endpoints, please reach out to Liongard Support.
https://support.liongard.com/en/articles/12936905-incident-review-liongard-agent-update-sentinelone-false-positive
Nov 25, 2025 - 17:05 CST
Liongard recently deployed an update to the Liongard Agent that unintentionally introduced instability in some partner environments. The update included a new Nmap-based enhancement for Network Discovery, but the way this capability was packaged and distributed resulted in several endpoint protection platforms—most notably SentinelOne—flagging legitimate components as malicious.
This issue was not due to a security compromise, but rather to how the Nmap integration was implemented in the agent. Some security solutions interpreted the bundled Nmap installer as a threat, leading to quarantines and—in more severe cases—temporary loss of network connectivity on protected endpoints.
Liongard takes full responsibility for the disruption this caused.
To immediately mitigate partner impact, we are releasing Agent version 5.1.1, which removes the Nmap integration entirely and clears existing Nmap files from the Liongard Agent directory. This rollback will temporarily pause Network Discovery functionality until it is reintroduced with a more compatible, rigorously validated design in version 5.1.2.
--Detailed Technical Analysis
--What Happened
Agent versions 5.0.4 through 5.1.0 introduced Nmap to expand Network Discovery capabilities. Although secure and intentional, the method of bundling this tool resulted in some EDR/AV vendors misidentifying it as a “Hacking Tool.”
Because of this misalignment between our packaging approach and security vendor expectations, certain policies responded aggressively, quarantining files or disabling network adapters entirely.
--Root Cause
The issue originated from how the Nmap installer was included and delivered within the Liongard Agent. While Nmap itself is widely used and trusted, our deployment approach triggered behavior- and signature-based detections in several protection platforms.
This was a preventable integration challenge on our part, and we are taking action to ensure it does not recur.
--Immediate Remediation: Agent 5.1.1
To stabilize partner environments, Agent 5.1.1 will:
· Fully remove the Nmap installer from the agent
· Remove any existing Nmap files from previously installed versions
· Prevent further EDR false positives related to this release
· Temporarily suspend Network Discovery Inspector functionality
Work is already underway on Agent 5.1.2, which will restore Network Discovery using an approach that aligns with modern EDR expectations and vendor security criteria.
--Moving Forward: Improvements & Preventive Measures
Liongard is committed to learning from this event and improving both our release processes and our diligence around security vendor compatibility.
1. Strengthened Pre-Release Testing With Security Vendors
We are expanding testing and validation across multiple EDR/AV vendors—including SentinelOne, CrowdStrike, and Microsoft Defender—to ensure future changes are recognized as safe before release.
2. Enhanced Packaging & Architecture Review
Before introducing utilities or scanning tools like Nmap, our engineering teams will now perform deeper compatibility reviews tailored to how EDRs evaluate installers, command-line utilities, and network-scanning behaviors.
3. Earlier & More Detailed Partner Communication
Future architectural updates will be accompanied by:
· Clear technical preparation steps
· Updated EDR allowlisting guidance
· Early communication for partners with strict security postures
4. Expanded Internal Validation
We are enhancing our release pipeline to include:
· Multi-vendor false-positive testing
· Behavior-based security scanning
These steps are designed to prevent similar disruptions and ensure future enhancements are introduced with the necessary rigor and validation.
--Closing Statement
We acknowledge the disruption this incident caused and take responsibility for the impact on your operations. Our team is fully committed to resolving the issue, restoring full functionality, and implementing the improvements needed to prevent this from happening again.
Thank you for your continued partnership and patience as we work through this with urgency and care. If you have any questions or need support with affected endpoints, please reach out to Liongard Support.
https://support.liongard.com/en/articles/12936905-incident-review-liongard-agent-update-sentinelone-false-positive
Nov 25, 2025 - 17:05 CST
About This Site
Welcome to the Liongard Status Page where you can find the most up-to-date status of our instances. We will use this page to track and communicate service outages if Liongard is down or otherwise not working.
If your instance is operational and you’re still experiencing issues, please contact Liongard Support via chat which can be initiated in app or by accessing https://www.liongard.com/
US Instances
Operational
US1 Instance
Operational
US2 Instance
Operational
US3 Instance
Operational
US4 Instance
Operational
US5 Instance
Operational
US6 Instance
Operational
US7 Instance
Operational
US8 Instance
Operational
US9 Instance
Operational
US10 Instance
Operational
US11 Instance
Operational
AUS Instances
Operational
AUS1 Instance
Operational
AUS2 Instance
Operational
EU Instances
Operational
EU1 Instance
Operational
UK Instances
Operational
UK1 Instance
Operational
UK2 Instance
Operational
CA Instances
Operational
CA1 Instances
Operational
CA2 Instance
Operational
Operational
Degraded Performance
Partial Outage
Major Outage
Maintenance