30-March-2023

Endpoint Protector – Product Update

Server Version: 5.8.0.0
Windows Client: 5.9.1.7
Mac Client: 2.8.1.4
Linux Client: 2.1.0.3
Enforced Encryption: 2.0.3.3

General

New Features

• Endpoint Protector Linux agent can now be installed via DEB package installer
• Endpoint Protector FAT Linux agent can now be installed with a single DEB package
• A safety-belt functionality has been implemented to prevent running out of disk space and prompt the administrator to take necessary actions
• Extended the Endpoint Protector System Alert for Server Disk Space to monitor epp, root, and boot partitions
• Optimized the Endpoint Protector Client installation experience with a new Endpoint Protector tool that allows you to run installation-related actions, identify your Linux distributions, and view Endpoint Protector Release Notes.
• Further improvements include reduced DEB/RPM files in the Endpoint Protection installation package.
• Added a new feature to the File Shadows Repositories that enables the use of AWS S3 Buckets for Windows and macOS
• Bypass proxy settings directly during the installation phase using the Endpoint Protector Client Wizard installer available for Windows, Linux, and macOS
• New DPI bypass functionality allows non-inspectable traffic to go through, but will still be logged as an event
• Use the newly implemented Update Statistics alert from the Reports and Analysis module to notify the administrator when the Statistics page is updated
• You can apply security updates directly from the LiveUpdate section in the Endpoint Protector Server UI
• Endpoint Protector Server now uses the OS version as a parameter to identify a computer
• A new feature is introduced that enables you to manage data obfuscation in log files
• TLS 1.3 support on new 5.8.0.0 OS images and later

Improvements

• Endpoint Protector can now link events containing the same File Shadow artifacts
• The View History Alerts section has been enhanced to align with Content Aware Protection Report introduced in v5.7.0.0
• To prevent the user from terminating the Endpoint Protector Client on macOS Ventura, the CoSoSys setting was implemented, available from General Settings, Login Items
• Strengthened system administrator default password security with increased complexity
• Updated the threats threshold of the Ignore Thresholds setting in the System Configuration, System Settings section to permit the reporting of up to 100,000 threats
• Made file shadowing more reliable on macOS and Linux by first relying on OS features to transfer the files
• Improved the alert notification logic to avoid deadlocks of the Endpoint Protector Server when functioning at full capacity
• Added new log to the Reports and Analysis, Admin Actions section for accessing the Get More Licenses option
• Revised all search and filter instances on the Endpoint Protector Server to display items in alphabetical and ascending order
• Disabled the Back button from System Configuration, the System Administrators page to enforce password change
• Renamed Self Signing Certificate to Server Certificate from the Appliance section, the Server Maintenance page
• Implemented a backup solution for locating the endpoint within the database in the event that the server cache has expired
• You can configure the OKTA/Azure SSO Administrators previously set only as Super Administrators to other specific administrator roles (Read Only or Reports and Analysis)
• Improved the System Security password complexity workflow
• Updated message text for the Global Contextual Detection pop-up message in the System Parameter section of the Endpoint Protector Server UI

Bug Fixes

• Fixed an issue allowing the end-user to forcibly delete the Endpoint Protector Client
• Enhance the behavior of the Endpoint Protector Server to disregard audio requests from outdated agents
• Improve process name detection on Windows 11
• File Hash is automatically enabled, and can only be disabled if an External Storage or File Shadow Repository type is configured on the Endpoint Protector server
• Fixed an issue on the Azure Active Directory section that checked groups by default after selecting an API Consumer
• Fixed an issue that enabled by default the Require password change at the next login setting when the user signed in for the first time
• Admin Actions are accurately logged on the Global Settings section when the Server is on 100% Disk Space
• Fixed an issue where uploaded file shadows were not correctly reported to external repositories in some cases
• Fixed instances where Content Aware Protection "Domain and URL" Denylist was not blocking
• Fixed an issue regarding File Shadows uploads when artifacts could not be sent immediately
• Fixed an issue regarding the Block time machine feature triggering kernel panics on macOS Ventura
• Fixed an issue that made it possible for third-party applications like Geek Uninstaller to terminate the Endpoint Protector Client even with an uninstall password defined, and Tamper mode enabled

Device Control

New Features

• Starting with Endpoint Protector Server version 5.8.0.0, the Endpoint Protector Agent benefits from an additional security measure, the Tamper Mode setting that safeguards unauthorized Agent alteration or termination, available from Device Control, the Global Settings page
• Enhanced the Endpoint Protector Server procedure for handling multiple connected device requests
• Optimized the Endpoint Protector process for connected devices to reduce event occurrences
• Extended the Debug Logging functionality with new remote capabilities to retrieve logs, terminate the Endpoint Protector Client, force restart the user computer, collect specific log types, and obfuscate the retrieved sensitive data.
  Essential: Customers with custom Nginx port separation configuration (custom ports) must contact Customer Support for further assistance prior applying the patch

Bug Fixes

• Fixed an issue impacting Endpoint Protector rights set for NTFS-formatted USB storage devices on macOS

Content Aware Protection

General

• Implemented new capabilities for the block print from browsers feature to scan content from documents sent to printers from the Google Chrome web browser
• Additional PII categories added - Mexico Phone Number, Passport/India
• Use the new Detect Images setting to prevent copying and pasting images into Content Aware Protection monitored exit points
• Introducing the option to exclude policy entities from the list of Content Aware Protection and eDiscovery policy assignments
• Expanded the Policy Exit Points in the Content Aware Protection module to include the WinSCP/SCP/SFTP/SSH processes
• Added a new Predefined Policy for the International Traffic in Arms Regulations (ITAR) that blocks the transfer of personally identifiable information to all destinations
• Filter reports more easily from the Content Aware Report section with the dropdown list available for Destination Type
• Use the new "Select all" option to select multiple File Types from the Policy Denylists section in Content Aware Protection Policies
• Credit Cards, Personally identifiable information, and other identifiers will be checked for trailing delimiters
• Extended the Content Aware Protection policies usage to block Slack data with Text Inspection selected
• Enhanced Extend Source Code Detection capabilities when used with Monitor Webmail to detect source code in email subject and body on web browsers

Bug Fixes

• Fixed an issue that did not detect 7Z password protected files properly
• Added fixes to reduce false positives for Gmail in Chrome
• Content Aware Protection Policies function as expected when using Tax Numbers
• Fixed an issue regarding the Content Aware Protection that did not report and block sensitive files being printed from native applications correctly
• Fixed an issue with Adobe Creative Cloud impacting performance and log generation
• Improved Content Aware Protection process name detection on Windows 11
• Improved Microsoft Detouring increases process execution

Deep Packet Inspection

General

• Added a new Deep Packet Inspection option that allows changes to JSON patterns for parsing Webmail domain-related details
• Use the newly implemented Deep Package Inspection auto-refresh feature that allows automatic certificate regeneration
• Use the Deep Packet Inspection newly implemented Detailed Slack Reporting setting to view more information on Slack usage on the Content Aware Report page from the Reports and Analysis section
• Improvements for new "stealthy" Deep Packet Inspection driver

Bug Fixes

• Fixed a Deep Packet Inspection issue that generated false positives when using Microsoft Edge
• Fixed an issue for Java-based application when connections were closed by the Remote host during the handshake

Enforced Encryption

General

• The Enforced Encryption settings from the Enforced Encryption module have been moved to Global settings allowing more flexibility on Groups, Computers and Users
• Apply the Enforced Encryption Installation and Execution/Endpoint Protector Client presence required setting granularly on a Group, Computer, and User level from the Global Settings section of the Device Control module

Bug Fixes

• Enforced Encryption is now decrypting files with long file names correctly

Usability Improvements

General

• The latest Endpoint Protector Server now includes user experience enhancements for the eDiscovery module, which has been restructured to enable the viewing of detailed logs and quick loading of large reports
• Removed outdated features from the Endpoint Protector Server user interface
• Modified the user interface of the Endpoint Protector Notifier to ensure that the reference to the Offline Temporary Password is consistent with the Endpoint Protector Client
• Usability improvements across the Endpoint Protector Server Ui with new Select all options available for all tables and for defining file types from the File Denylists section in the Content Aware Protection section.
• Consolidated the Endpoint Protector Server UI reports by removing linked file shadows from the File tracing and Content Aware Protection sections
• Updated names for the File Shadow Repository Types in the System Maintenance section of the Endpoint Protector Server UI
• Added specific webpage error messages to the Endpoint Protector Server UI
• UI improvements were implemented to the Endpoint Protector Server on the Reports and Analysis section, the Statistics page, and the Alerts section on the Content Aware Alerts page.
• The Endpoint Protector Server UI now reflects that Disable Bluetooth File transfer setting available from Device Control, Global Settings page can only be used on Windows. More information is also available for Content Aware Protection, Policy Denylists on the Autocad File types supported

Known Limitations

Device Control

• In rare cases, existing files (predominantly image files) on Removable drives may be shadowed along with files being egressed to Removable devices

Content Aware Protection

• On macOS and Linux, no File Shadows are sent to the Endpoint Protector Server if the Content Aware Protection File Shadowing option is checked. The paste functionality only works for Linux when the default gnome session is Xorg. On other gnome sessions, the paste functionality is disabled (ex: Wayland)
• Due to recent changes in Google Suite Docs, sensitive information may be leaked when using unsaved docs.To prevent such edge cases, CoSoSys recommends using a clipboard policy for web browsers with a higher priority
• Due to the nature of dynamic web pages from Chrome web browsers on Windows, User Remediation for Printing will be unavailable. User Remediation continues to work for supported browsers on macOS when Printing
• On client versions lower than macOS 2.8.1.4, Windows 5.9.1.7, and Linux 2.1.0.3, if File Shadowing is enabled and maximum file size is configured, the ‘Download’ icon for the respective artifacts may be visible, and may display a “File not found” message in the report section. To prevent such edge cases, we recommend you upgrade your endpoints with above listed agent versions resolving the issue