16-June-2022

Endpoint Protector – Product Update

Server Version 5.6.0.0
Windows Client: 5.7.5.6
Mac Client: 2.6.4.1
Linux Client: 1.9.0.6

General

New Features

• The new Reporting v2 setting enables a Content Aware Report log structure that includes new Destination details, Email sender, and Email subject columns.
• Use the Exclude headers setting to disable Log headers and export only data to SIEM.
• Encrypt the communication from Endpoint Protector to the SIEM server by managing the Enable Encryption setting. If you are upgrading from a pre-5.6 Endpoint Protector Server version, additional packages need to be installed. Please contact CoSoSys Support for assistance.
• For security purposes, now you can enforce a password change whenever a new user logs in for the first time.
• The setting Import users as super administrators allows you to grant specific permission to administrators configured with Azure Single Sign On.
• Implemented the Client Registration Certificate, an additional security measure that enables certificate-based authentication available for Windows and macOS. If you want to benefit from this feature on a hosted CoSoSys server instance, please contact CoSoSys Support for assistance.
• The username is accurately displayed in Endpoint Protector for imported users via Azure AD Sync when the local AD has been previously synced to Azure AD.

Bug fixes

• Discrepancies between devices listed in the Notifier UI and Endpoint Protector Server were resolved.
• Endpoint Protector notifications and reports are no longer duplicated for a single email event during syncing of new Outlook for Mac drafts.
• The VPN adapter previously maintained in Network Preferences is deleted once the Endpoint Protector agent is removed from the system.
• Identified and fixed several security vulnerabilities.

Device Control

New Features

• Based on the Content Aware Protection User Remediation usage by date, Endpoint Protector is enhancing the User Remediation applicability to include the Device Control module.
• The list of device types supported by Endpoint Protector has been extended and now includes Network printers also for Windows.

Bug fixes

• Groups with names like < GroupName > synced from Active Directory are now displayed on the Device Control Groups page.
• The device status is now synchronized between the Endpoint Protector Client and Server, on the Status column.
• USBs are no longer detected as separate USB and Android devices on macOS.

Content Aware Protection

General

• FQDN can now be used for FS Repository configuration.
• Use granular thresholds for PIIs when defining operations in Content Detection Rules.
• Microsoft Edge browser has now been added for Linux.
• New PIIs are detected: ABA Routing Number, Argentina SSN, Argentina Tax ID, Mexico passport, Turkey Tax ID, UK Electoral Roll Number, UK Tax ID Number, UK VAT ID, Ukraine Address, US national provider ID, US ZIP+4 Postal Codes, Venezuela ID number, Venezuela VAT number, US passport number, Mexico address, VIN (Vehicle ID Number) international.
• The list of detected file types has been extended with .webm and DICOM file types.
• The E-mail Domain Denylist functionally within Endpoint Protector can now prevent sending confidential information to specific e-mail addresses and domains.
• Use Wildcard characters in the File location Allowlists, File location Denylists, and in the Network share Allowlist to specify wildcard matching.
• Sensitive files are now blocked on Google Drive for desktop.
• Content Aware Protection can now block the FTP command line on macOS.

Bug fixes

• Fixed issues that were preventing Endpoint Protector from blocking certain CSV files.
• File uploads are now blocked for Google Drive and Gmail on Linux.
• Fixed instances where Content Aware Protection and Device Control were not working for encrypted USB drives on Linux.
• The computer performance is no longer reduced in certain cases when Content Aware Protection policies are loading.
• Fixed recurrent User Remediation dialog pop-up when attaching a .msg file on Outlook.
• Prevented creating an empty file when trying to copy a blocked file to a USB storage device.
• Fixed false positives for File Copy events generated while browsing on the Network Share.

Deep Packet Inspection

General

• Implemented general improvements for Deep Packet Inspection and VPN traffic interception (prevent starting transparent proxy multiple times, general improvements regarding enable/disable intercept VPN traffic).
• Allow users to only access specific Google domains for professional usage when Deep Packet Inspection is enabled by managing the new feature Allowed domains for the Google provider.

Bug fixes

• The ReSharper Visual Studio add-on is now working with Deep Packet Inspection enabled.
• An issue has been fixed regarding the Filenames scan for several Deep Packet Inspection-related scenarios.
• The number of false positives has been reduced for LinkedIn and Microsoft when Deep Packet Inspection is enabled.
• Solved an issue that was blocking the file downloads when Deep Packet Inspection was enabled.
• The process that manages attachments sent with Facebook Messenger has been improved and now blocks uploaded content when Deep Packet Inspection is enabled.
• On macOS, when Deep Packet Inspection is enabled, emails sent from new Outlook accounts that use the Microsoft Sync Technology are only reported regardless of the policy action (report only, block and report, block and remediate). For emails sent from new Outlook accounts with Microsoft Sync Technology disabled, Deep Packet Inspection performs accurately according to the selected policy action.
• The access to certain websites that use IPv6 with Deep Packet Inspection enabled has been optimized.
• You can now scan email subject and body when using Outlook in a browser.
• The emails sent from Microsoft365 accounts previously blocked are now moved directly to the Draft folder.
• Endpoint Protector can now monitor traffic when Deep Packet Inspection is enabled and Clash VPN proxy is installed.
• The interoperability conflict between Deep Packet Inspection with Intercept VPN traffic enabled with Kaspersky Internet Security and Sophos solutions on macOS was solved.

Improvements

General

• Increased digits for the device codes in order to avoid duplicated codes for companies that use many devices.

macOS

• Endpoint Protector notifications and reports are no longer duplicated for a single email event during syncing of new Outlook for Mac drafts.

Usability improvements

General

• The Endpoint Protector Client window is resizable.
• This release may be installed on Apple's macOS Ventura beta preview.
• The Content Aware Protection User Remediation pop-up is now optimized for Dark mode on macOS.