17-January-2023

Endpoint Protector – Product Update

CoSoSys is pleased to announce the availability of a new Endpoint Protector server, and agents.

About

The latest Functional Release introduces a significant number of new features and expands other capabilities., It provides substantial user interface improvements and several functionality enhancements, as well as corrections for important issues experienced by customers., It is available for all operating systems:

• 5.7.0.0 Endpoint Protector Server
• 5.8.2.5 Endpoint Protector Windows Agent
• 2.7.1.6 Endpoint Protector macOS Agent
• 2.0.0.5 Endpoint Protector Linux Agent
• 2.0.3.2 Enforced Encryption Agent (formerly known as EasyLock)

This Endpoint Protector Functional Release is only available if you have upgraded your Endpoint Protector Server to the previous 5.6.0.0 version.

The latest client releases, providing full compatibility with new features introduced in the Endpoint Protector 5.7.0.0 Functional Release, are now available in the Endpoint Protector 5.7.0.0 First Maintenance Release. Customers are recommended to apply both the 5.7.0.0 and 5.7.1.0 updates sequentially to complete the upgrade to the 5.7.0.0 release, and thereafter upgrade the clients.

For more information about the Endpoint Protector 5.7.1.0 First Maintenance Release, see here.

Requirements

Endpoint Protector 5.7.0.0 Server release requires partitioning to be enabled on the database. In earlier Endpoint Protector Server releases, database partitioning was not enabled by default.

Please refer to the FAQ article for the next steps to action if database partitioning is not enabled by default on your appliance.

New Features

• Use Context Detection, a new Premium feature, to incorporate multiple contextual factors into the tracking process and reduce false positive detections.
• Now available for Windows operating systems, users have the ability to block printing from supported browsers.
• The Client Software Upgrade section has been enhanced to significantly improve the Endpoint Protector Client upgrade process.
• A new Device Control alert, Unplanned Client Termination, is introduced for instances where users attempt to terminate Endpoint Protector processes.
• The Reporting V2 setting, that provides additional details on the Content Aware Protection reports page, is enabled by default for fresh 5.7.0.0 images and will not impact Endpoint Protector Server upgrades from version 5.6.0.0.
• An extended number of Endpoint Protector generated reports have been enhanced to display details on operating systems.
• Azure File Storage with Samba is now available as an option for the external File Shadow Repository.
• A new feature is introduced that enables you to manage the display of Request Offline Temporary Password and Authorize actions on the Endpoint Protector Client.
• The Transfer limit feature from Global settings has been improved to extend usage compatibility with Endpoint Protector Linux Clients.

Bug Fixes

• Endpoint Protector is now accessible on web after server DNS change.
• Fixed an issue regarding the Configuration Wizard.
• Fixed AzureAD issues that did not sync the onPremisesSamAccountName attribute and generated duplicate entities on the Endpoint Protector server.
• Fixed an issue that did not display error messages when using special characters in the session time-out field.
• Fixed transfer limit counter when files are copied.

Device Control

New Features

• Endpoint Protector extends its applicability to VM USB Device types, impacting VMWare and VirtualBox virtual environments. The option also allows the user to manage USB access through the virtual environment.
• The Device Control module benefits from a modernized Minifilter driver implemented to improve Windows version compatibility.
• Users have the ability to format or rename USB storage devices with TrustedDevice Level 1+ access permission.
• You can view all connected users associated with a specific terminal server from the Computers section.
• Enforce Device Control User rights when disconnected from the Endpoint Protector server.

Bug Fixes

• Groups are accurately assigned to departments other than the Default Department.
• The file tracing process has been adjusted to consistently record file transfers to and from NFS network shares.
• The header section description is accurately displayed from the Group Settings page.
• Device information is consistently displayed in the Endpoint Protector Client and the Offline Temporary Password mail requests.
• Resolved file traces generated when a USB storage device is connected to macOS Ventura.
• Improvements for Bluetooth device detection.
• Fixed standard notifications when User remediation messages are not used.
• Improvements for Network printer detection.
• Fixed credential validation for multiple local user accounts and User Remediation.

Content Aware Protection

General

• Considerable improvements have been implemented to display the scanned results. Using the latest Endpoint Protector Clients, the Content Aware Report section has been restructured and allows you to view detailed logs.
• Block sensitive content with Content Aware Protection policies from being saved on CDs or DVDs using the built-in Windows features or other third-party applications.
• Manage Content Aware Protection policies with new user interface improvements. Choose how policies are displayed, using the grid or widget view options, prioritize a policy with the top feature, and order policies by status, or priority. Additionally, you can create and enforce an increased number of policies.
• Additional PII categories added - Argentinian phone number, Brazilian passport number, Italian SSN, Spanish ID number, Colombian ID number, and Canadian passport number.
• Adding trailing delimiter detection to US SSN PII.
• Define Content Aware policies with the extended CAD files available from the Policy denylist, Visi (WKF), and Mastercam (MCAM).
• The Policy Denylist has been extended with a new WEBP file type, and the EPS file type now covers application/postscript and image/x-eps MIME types.
• E-mail applications include Tobit David Infocenter from Content Aware Protection.
• Manage the Optical Character Recognition notifications with the new setting that allows you to disable or enable notifications generated by the feature.
• Now you can manage downloads and uploads of files containing sensitive data from browsers when Deep Packet Inspection is disabled.
• Enforce Content Aware Protection policies to USB storage devices on macOS Ventura.

Bug Fixes

• Fixed an issue that could potentially allow data to be transferred to USB storage devices on Linux.
• Content Aware Protection policy priorities are properly enforced when Deep Packet Inspection is enabled.
• Removed password-protected file types from the Restrict Content Detection dropdown list.
• Reports display types accurately in the Destination field.
• Fixed an issue regarding the Adobe Creative Cloud application that generated many logs and impacted the macOS performance.
• Fixed an issue regarding the Amazon Web Service command-line application that generated many logs.
• The .dxf and .msi file types are accurately monitored when added to a Content Aware Protection policy.
• Fixed an issue allowing restricted files to be attached to Windows Mail using the drag and drop action whenever a second Content Aware Protection policy was in place.
• Password-protected file types .xls and .ppt are properly blocked when a Content Aware Protection policy is in place for Office 2003+/password.
• File type detection will not always work accurately for some very large password-protected Microsoft Office files.
• User Remediation functions as expected on Linux when a Content Aware Protection policy is set to Block and Remediate content using Clipboard as an exit point.
• The Content Aware Protection policy detects sensitive data containing Asian characters when uploading through a browser.
• Content Threat Remediation Session Active alert name is now visible in the email alert.
• Authorizing emails with User Remediation for email applications on macOS functions as expected.
• Content Aware Protection policies on Linux also monitor FTP commands.
• Custom Content Aware Protection notification functions as expected when Default Notifications are disabled.
• General fixes for User Remediation when confidential data is transferred on USB storage devices.
• Fixed an issue for bug reporting when all sensitive reported data is enabled.
• Detect RTF files under text file types.
• Text Inspection is working properly with third-party apps.
• File name detection for Skype app fix.
• Fixed an issue related to User Remediation allowing file transfers to USB storage devices after the file is remediated on Windows.

Deep Packet Inspection

General

• Use the newly implemented Debug Logging feature to collect logs for specific issues and aid Customer Support troubleshooting.
• Block webmail sent via Yahoo with the Deep Packet Inspection extended functionality to include email bodies, recipients, and email subjects. Yahoo email recipient whitelisting will work only if attachments are uploaded after the recipients are added. Known limitations on Linux, please contact CoSoSys Support for further details.
• You have the ability to create your self-signed certificate by selecting the specific region from the System Configuration section, System Settings.
• The number of Allowlist and Denylist dictionaries has been increased to 100, each comprising up to 50,000 web domains.
• For Windows and macOS operating systems, you have the option to view Deep Packet Inspection certificates added to the computer's Keychain or Certificate store from the Device Control module in the Computers section.
• Use the newly implemented Deep Packet Inspection driver that improves interoperability with independent software vendors.
• The User Remediation for Content Aware Protection feature expands to include more granular control over web domains.

Bug Fixes

• The Deep Packet Inspection field from the List of Computers properly reflects the status.
• BCC recipients are scanned accurately when sending emails on Mozilla Thunderbird.
• Fixed an issue allowing files to be uploaded via HTTP/3.
• Added fixes to reduce false positives for Gmail.
• Fixed Java-based applications connections IPV6.
• The Monitor webmail for Gmail feature functions correctly when using special characters or emojis.
• Enforce Content Aware Protection policies for Yahoo Webmail when using an emoji alongside confidential data in the email body.
• Support new Gmail format, extract body, subject, and recipients from new Gmail.
• Quoted messages on Skype no longer generate false positives.
• Fixed an internet outage occurring in certain situations, usually after running Deep Packet Inspection for a long time (endpoint proxy server).
• Web email requests are scanned again if recipients are modified.

Enforced Encryption

General

• Use the option to silence the notifications generated by Enforced Encryption.

Bug Fixes

• Open Enforced Encryption only from connected USB devices.
• Enforced Encryption prompt messages are now visible on macOS when the dark mode theme is enabled.
• Fixed an issue impacting the application's resolution and scalability.
• Enforced Encryption can be opened and deployed on macOS Ventura.
• Enforced Encryption communicates with the server when the Endpoint Protector Client is configured with proxy settings.
• Fixed an issue displaying Failed Status after completing the Enforced Encryption installation or changing the Execution and User Password settings.
• Enforced Encryption alerts are now sent when the computer's name contains an apostrophe.
• Detect the Enforced Encryption application and set a trusted device on every USB device rights.

Usability Improvements

General

• Several user experience improvements have been implemented to the Endpoint Protector notifier. Enhancements include upgraded icons to help visibility, resizable window and columns for better display of information.
• Improved the System Security password for Sensitive data protection with the option to define complex passwords.

Known Limitations

Content Aware Protection

• Universal Windows Platform applications, including the Windows 10 Mail application, run in an isolated environment, restraining the use of add-ons. This will prevent Content Aware policies with Windows Mail set as Exit Point to block restricted file transfers.
• File type detection may not work properly in case of very large (>10MB) password-protected Microsoft Office files.
• Starting with Endpoint Protector server version 5.7.0.0, Italian SSN is added to the PII list. Similar to Italian ID, if selected from the list of PIIs, the SSN will detect the same entity.
• When using Italian SSN and ID, we recommend you upgrade to the latest Endpoint Protector agent version.
• To maintain compatibility with older agent versions after the server upgrade, Italian ID will remain under section ID, and the server upgrade will retain previous settings, including Italian ID.
  
  • Use Italian SSN when deploying to agent versions 5.8.2.0 Windows, 2.7.1.3 macOS, 2.0.0.1 Linux and later
  • Use Italian ID when deploying to agent versions 5.8.2.0 Windows, 2.7.1.3 macOS, 2.0.0.1 Linux and earlier
  • Use both Italian SSN and ID for a mixed environment of new and older agent versions
  Because the Italian SSN and ID detect the same entity, do not select the Italian ID to avoid multiple reporting results.
  The new Endpoint Protector agent versions will report on both Italian ID and SSN.

Device Control

Prompt messages do not reappear after the User Remediation for Device Control time interval expires.

• On Windows, the prompt message will be removed after the remediation time interval expires to discourage extended remediation
• On macOS, Endpoint Protector will try to automatically mount the drive once remediated, and if not possible, the user will be notified:
  
  • "Your device cannot be mounted. Please plug in your device again" when the drive got ejected and not unmounted, and Endpoint Protector is unable to mount the drive automatically
  • To re-insert removable device after User Remediation

Deep Packet Inspection

• New Deep Packet Inspection Beta driver for Windows based on Windows Filtering Platform technology.
• Connection issue when using Zscaler.