21-September-2023

Endpoint Protector – Product Update

Server Version: 5.9.0.0
Windows Client: 6.0.1.6
Mac Client: 2.8.4.2
Linux Client: 2.2.0.6
Enforced Encryption¹: 2.0.3.5

Infrastructure changes

Customers upgrading their EPP server from pre-5.8.x versions to post-5.8.1 with older agent versions (Win:5.9.1.7; macOS: 2.8.1.4; Linux 2.1.0.3) and File Shadowing should upgrade their agents first to avoid false positives in the web console.

General

New Features/Improvements

• Introduces a feature enabling users to configure source-specific tokens for SIEM solutions such as Sumo Logic, enhancing security and control over data.
• Introduces the ability to configure EPP server certificate validation on endpoints, improving communication security.
• Introduces the ability to validate EPP server certificates during EPP client installation on endpoints, enhancing communication security.
• Enhances EPP notifier security by guarding against 3rd Party DLL injection and terminal-sent command-line vulnerabilities.
• Introduces new Command-line switch in EPP client installation for suppressing specific file events on Removable devices and network shares, enhancing user customization.
• Introduces a Command-line switch (environment variable in Linux) during EPP client installation to deactivate the CAP driver, streamlining installation when CAP functionality is not needed.
• Introduces IPv6 Mapped IPv4 address options to EPP client installation, controllable via Command-line switch on macOS and Linux.
• Improves Linux package manager compatibility for smooth upgrades to the new monolithic epp-client package, ensuring accurate file ownership during the transition.

¹ Formerly known as Easylock.

Bug Fixes

• Fixes log partition conversion, ensuring accurate and reliable partitioning by addressing past inconsistencies.
• Enhances data privacy by fixing license expiration emails displaying details to Read-only admins, preventing unauthorized access.
• Fixes destination reporting in User Remediation Request actions, enhancing accuracy and consistency in server-side logs.
• Fixes the issue of encountering a BSOD (blue screen of death) when installing Endpoint Protector alongside Condusiv Technologies' product, Diskeeper.
• Fixes User Guide link on the Client Software page for easy documentation access.
• Fixes the issue where IP and DNS Configuration fields disappeared from the UI due to invalid data on Ubuntu 18, ensuring a stable user experience.
• Fixes the issue of incorrect marking of System Alerts, preventing false-positive "Alerts Not Sent" messages, ensuring accurate alert detection.
• Updates EULA in On-Prem and Hosted EPP servers to ensure compliance and reflect changes, allowing users to review and accept the updated agreement.
• Fixes the Active Directory (AD) admin users issue with incorrectly received password expiration alerts from Epp Server, ensuring no further unnecessary alerts.
• Fixes an Ubuntu 22.04 Firefox issue with DPI OFF and EPP client 2.2.0.10000, ensuring proper file blocking and reporting for enhanced security.
• Fixes a critical EPP agent issue caused by Windows version retrieval failure via a WQL query, ensuring improved PC protection and smoother operation.
• Fixes the issue where logs were not externalized to Splunk, ensuring that the log for Content Threat Blocked events is now present as expected.

Device Control (DC)

New Features/Improvements

• Introduces Windows USB audio device management for user-friendly audio control.
• Introduces Linux File Tracing Direction, allowing users to choose file copy event monitoring direction.
• Enhances device recognition for Apricorn-Secure Key 3Z and similar devices, granting Trusted Device status with level 3 security.
• Improves network printer management in Device Control by utilizing serial numbers for shared printers and Printer URLs for non-shared printers, simplifying identification and user experience.

Bug Fixes

• Fixes a USB Storage Device file renaming issue by ensuring the generation of File Rename logs for all file renaming activities, enhancing monitoring and security.
• Fixes a Device Control Bluetooth issue, enabling Bluetooth access while blocking specific sub-devices for enhanced device management and user flexibility.
• Fixes a re-registered device issue, ensuring proper alignment with report specifications and granting specific rights as intended despite correct global rights in the effective rights report.
• Fixes a filter error for designating a computer as a Terminal Server, ensuring accurate marking for proper identification and management in the system.
• Fixes a File Tracing and Shadowing events issue with microSD cards in USB-C hubs/adapters, ensuring comprehensive event capture to enhance security during usage.
• Fixes missing destination details in File Tracing events with Reporting V2, enhancing file activity monitoring by including destination information in logs.
• Fixes a network printer detection issue on devices set to Deny rights, ensuring accurate recognition of network printers regardless of device rights.
• Fixes incomplete action list transmission to EPP client after changing User Remediation setting, ensuring accurate reflection and consistent remediation actions.
• Fixes memory leak related to EPP Client memory management by ensuring proper handling when entries are present in the list, preventing memory leaks.
• Fixes a macOS upgrade block issue related to Webcam right configuration in Device Control.
• Fixes the issue of printer devices remaining disabled post EPP client uninstallation, only previously blocked devices are re-enabled, ensuring proper printer functionality.
• Fixes a macOS M1 camera access issue when “webcam” right was set to DENY, enhancing privacy and security.
• Fixes the Export List of Computers issue with redundant rows for logged-on users, now displaying only the last logged-in user for non-Terminal Server computers as expected.
• Fixes the issue causing UI access error 500 due to multiple devices with the same Serial Number registering as separate entries in the system.
• Fixes the Save button issue in EPP client settings, ensuring proper saving of user information after editing and functioning as expected.
• Fixes a User Remediation issue, ensuring correct device rights without overwriting when re-adding a device with different rights.

Content Aware Protection (CAP)

New Features/Improvements

• Expands CAP's PII categories by adding phone numbers, driving license, passport, and SSN details for various countries, as well as addresses for Italy and Spain, enhancing data protection.
• Introduces the capability to exclude specific paths in Google Drive when the configuration folder is in a designated disk folder, enhancing control over file management.
• Introduces support for MobaXterm on all OS, enabling CAP policy triggers for potential file egress from MobaXterm when accessing sensitive data source files.
  Note: DPI does not inspect network traffic from MobaXterm, and specific destination and protocol-based use cases are unsupported.
  Limitations: here
• Introduces Apple's faster and more accurate OCR engine for macOS agents, enhancing OCR functionality compared to the previous engine.
• Introduces command line and terminal application blocking in CAP, enabling administrators to create denylists for specific commands and arguments with precise configuration.
• Introduces a predefined GDPR policy for Ukraine in CAP, enhancing compliance by offering a ready-to-use policy aligned with local regulations.
• Introduces S3 bucket support for storing File Shadows in the Linux client, offering a robust solution for file backups and versioning.
• Introduces customizable file size configuration in the EPP server, empowering users to tailor the system to their unique requirements and reducing reliance on custom clients.
• Introduces an option to exclude virtual printing events from reports, reducing log volume for improved report management.
• Introduces a new FINRA (Financial Industry Regulatory Authority) Predefined Policy focused on safeguarding Personally Identifiable Information (PII), strengthening data protection and compliance measures.
• Introduces SOX (Sarbanes-Oxley Act of 2002) compliance Predefined Policy, strengthening PII safeguarding and regulatory compliance.
• Introduces a Predefined Policy for FERPA compliance, prioritizing the safeguarding of Personally Identifiable Information (PII) in line with educational data protection requirements.
• Introduces a Predefined Policy for New York Shield Act compliance, enhancing PII protection and overall security in line with the act's requirements.
• Introduces a Predefined Policy for the U.S. PHI, strengthening PII protection and compliance while enhancing security for sensitive personal data in accordance with regulations.
• Enhances Google Drive (GDrive) data uploads by preventing premature user remediation pop-ups when DPI is disabled, ensuring more accurate detection without false positives.
• Improves web browser stability during drag-n-drop injections, ensuring improved application stability and uninterrupted functionality
• Enhances Brazil's ID (PII) handling by introducing a new delimiter (dash), improving detection accuracy and information readability.
• Enhances macOS copy detection by maintaining recent files and clearing only non-recent ones, improving accuracy and reliability.
• Enhances MPIP/AIP/MIP label ID detection in Microsoft docx files.
• Improves detection of large .psd files during uploads to cloud services via web browsers, ensuring accurate handling and preventing false positives or unnecessary blocking.
• Improves CAP's Webex Teams detection on MacOS by adding 'Webex' to enhance coverage.
• Expands CAP with .mpp file detection on all OS platforms, enhancing data security.
• Enables Advanced Printer and MTP Scanning settings for new applications without a system reboot, improving user experience.

Bug Fixes

• Fixes Contextual Detection in CAP for Indian and Swedish Social Security Numbers (SSN), ensuring accurate identification and handling of SSN data for enhanced CAP performance.
• Fixes the 'Global Threshold' switch in CAP Policy to prevent accidental toggling when clicked outside its designated area, ensuring smooth user experience.
• Fixes detection issue of Canadian Real Health insurance numbers, ensuring accurate identification for improved data security and compliance.
• Fixes excessive log generation issues on macOS Ventura with enabled "Block Unsecured Connections," reducing false positives and enhancing log management for better unsecured connection detection.
• Fixes inconsistent detection in Yahoo webmail's TO/CC/BCC fields, body, and subject when accessed through Chrome, ensuring consistent and reliable detection for a seamless user experience.
• Fixes a file location denylist issue on VPN-connected machines, enhancing security by ensuring enforcement and preventing unauthorized access to restricted file locations.
• Fixes CAP policy trigger for file deletions or movements from USB devices to computers, ensuring accurate action identification and precise policy enforcement for enhanced data security.
• Fixes CAP policy inconsistency with print-screen settings, ensuring correct policy behavior and allowing users to take screenshots as needed.
• Fixes an EPP client's issue with Ukrainian character scanning and blocking in .rtf files, ensuring accurate handling and blocking of Cyrillic characters in Ukrainian .rtf files for enhanced security.
• Fixes a CAP interface issue with overlapping validation check marks in list boxes under Context Detection Rules, enhancing visual presentation and usability.
• Fixes a CAP issue of incorrectly classifying network printers as "credit-card" destinations in reports, ensuring precise identification and reporting of sensitive data handling within CAP.
• Fixes the issue where CAP reports would endlessly load for Read-only admins, granting them access to the details table and making the report visible.
• Fixes the Windows CAP issue where deleting files from CAP-enforced drives triggered unnecessary scans; files are now no longer scanned upon deletion from such drives.
• Enhances policy enforcement by prioritizing block messages for clear user notifications and improved policy effectiveness.
• Improves HIPAA-sensitive data detection accuracy in Context Detection rules by correctly recalculating HIPAA dictionary hashes, enhancing sensitive data identification in compliance with HIPAA standards.
• Fixes a CAP issue on Mac where 'Save as' events to USB storage devices weren't scanned, enhancing visibility and control for proper scanning and protection on Mac.
• Improves CAP blocking for AWS CLI data transfers, enhancing detection and prevention of unauthorized data transfers, strengthening security and compliance.
• ​​Fixes a CAP issue with improved WhatsApp detection, ensuring proper identification and protection of sensitive data when using WhatsApp Desktop for enhanced security and compliance.
• Fixes Windows app PID issue for accurate process identification in apps like WhatsApp Desktop, ensuring precise tracking and secure file transfer handling for compliance and security.
• Fixes infinite loading icon on Content-Aware Policy page, ensuring users can access and manage policies without interruptions.
• Fixes the issue of files with Chinese characters in filenames not being detected during printing, ensuring proper blocking of sensitive content in print previews.
• Fixes inaccurate parsing of US/CA account numbers in Predefined Content due to separator mismatch (new line), ensuring accurate detection in the specified format.
• Fixes the Detect Images display issue in CAP - Clipboard, ensuring correct visibility and functionality for handling sensitive images in the clipboard.
• Fixes a CAP issue with Clipboard settings, ensuring the correct value of 0 is maintained when the switch is turned off for accurate configuration and behavior.
• Fixes CAP's file shadowing on removable devices, ensuring proper handling of blocked file copies and preserving their integrity for analysis.
• Fixes CAP policy inconsistency in blocking threat files, now consistently blocking both image and document type files as intended, enhancing comprehensive threat protection.
  Limitation: here
• Fixes the issue where CAP policies failed to block files in macOS Messages app, ensuring proper policy enforcement.
• Fixes a system freeze issue which occurred when copying multiple files from a computer to USB in Terminal with an active CAP policy, ensuring smooth file copying without system freezes.
• Fixes an email domain allowlist issue in Gmail browser-based access for DPI Settings updates by correcting Json formatting (replacing newlines with ";").
• Fixes an issue where the parser for Outlook web application was broken in the browser, causing emails to be blocked; emails will now be allowed as expected.

Deep Packet Inspection (DPI)

New Features/Improvements

• Introduces Google Chat message monitoring and control capability to CAP, requiring DPI and Text Inspection to be enabled.
• Introduces log throttling (Smart DPI logging) for URL Denylists, allowing users to filter out non-relevant information and reduce excessive false positives in logs for a more accurate record.
• Introduces a new DPI bypass reason for enhanced user understanding within DPI.

Bug Fixes

• Fixes a browser hang issue with "stealthy" DPI, ensuring websites display correctly.
• Enhances DPI bypass accuracy by correctly whitelisting sites when the web server closes connections due to certificate pinning, including known sites in Allowlists for DPI by default.

Enforced Encryption (EE)

New Features/Improvements

• Introduces Properties in Enforced Encryption (EE) for detailed file and folder info, akin to Windows Explorer, enhancing user experience with comprehensive data insights within EE.

Bug Fixes

• Fixes a typographical error in the EE reset message to provide accurate and clear communication during the reset process.
• Fixes an EE issue where Complex Password setting incorrectly displayed a value of 1 when disabled; now correctly shows 0 for accurate configuration.
• Fixes EE's inability to encrypt files on network shares, ensuring it now correctly encrypts files in these locations, strengthening the protection of sensitive data in network environments.
• Fixes the issue where authenticating with the Master Password on EE was not functioning, ensuring it now works as expected.

Usability Improvements

New Features/Improvements

• Introduces new translated terms from EPP server and client into the product.
• Enhances File Tracing reports to display both source and destination file names, improving visibility and traceability of file copy events on Linux in the logs under the File Name section.
• Improves user experience by displaying a dedicated page for selected file tracing entries in Logs reports, rather than showing all entries on a single page as before.

Bug Fixes

• Fixes low contrast display for eDiscovery activation emails in web browsers, enhancing readability and visibility for a better user experience when accessing eDiscovery functionality.
• Fixes distorted EPP dashboards on 2560x1440 resolution monitors, ensuring correct rendering at the specified resolution for an optimal user viewing experience.
• Fixes the issue of the 'Loading more results...' message in the Filters section of the Effective Rights List, ensuring it no longer displays after the dropdown list has finished loading for a consistent user experience.
• Fixes the delayed appearance of the EPP client icon in the tray bar after OS startup, ensuring it now appears promptly.
• Fixes the misalignment of fields in Administrator Information Details on screens less than 1200px wide, ensuring proper display during admin creation and initial sign-in with password change requirement.
• Fixes irregular session timeout counter behavior, ensuring it accurately counts down and logs out users as expected upon reaching 0 seconds.
• Fixes an EPP client issue with the 'User edited information' feature, ensuring dialog box alignment with available tabs for an intuitive user experience.
• Corrects labeling in Admin Actions -> Global Settings log, accurately displaying 'Policy Refresh interval (sec).
• Implements a fix for EPP to accurately report the genuine version number of Windows 8.0 in the ‘Computer details’ view, resolving visibility issues and ensuring accurate representation in the log.
• Fixes a Save button unavailability in System Alerts - Alerts Not Sent section, allowing users to save alerts without limitations for improved configuration and management.
  Limitation: here
• Fixes the incorrect storage location of DPI Diagnostic log files, ensuring accurate access to these logs for analysis and troubleshooting by updating the EPP server to collect information from the correct source.
• Fixes a misleading dialog box issue when enabling Computer settings, improving clarity and usability.
• Fixes the behavior of the Automatic and Default Language options in EPP Notifier, ensuring they function as intended for accurate language selection and a seamless user experience.
• Fixes the issue preventing users from downloading diagnostic artifacts from the EPP client; now, users can initiate downloads from the web console for a smoother experience.
• Fixes an EPP Notifier User Remediation case sensitivity, ensuring a seamless and user-friendly authentication experience with any username variation to avoid errors.
• Fixes an EPP Notifier User Remediation authentication issue, ensuring it correctly displays the logged-in user for an improved user experience.
• Fixes an EPP Notifier language parity issue by adding "Automatic" and "Default" options on the server for consistent language settings, enhancing the user experience and feature parity.
• Fixes an EPP Client time interval update issue for user remediation settings, ensuring precise client-side updates, empowering users to manage settings confidently and effectively.
• Implements a fix to enforce the FileHash setting in the presence of External Storage and File Shadow, safeguarding data integrity.
• Fixes the issue where attempting to delete 10 or more computers with filters applied on the Computers page was unsuccessful.
• Fixes the issue of the Server ID not being displayed when receiving a 'Not Seen Online' Alert from cloud servers (Azure, GCP, or AWS AMI); now, the email includes the Server ID for improved alert context.

Known Limitations

Content Aware Protection

• Several limitations are applicable with MobaXterm.
  Browser sessions:
  • Limitation: Occasional application freezing occurs after the first transfer is blocked by EPP.
  • Solution: Restart the app or close the current session and create a new one to resolve this issue.
  SFTP session:
  • Limitation: In some instances, the application may become unresponsive after the first blocked transfer.
  • Solution: To resolve this issue, restart the app or initiate a new SFTP session.
• Admins may occasionally get a false "Alert not sent" message after adjusting settings; this does not impact alert sending; disregard and follow standard procedures.
• Currently, when multiple files are sent for OCR scanning through DPI, only the first file is processed. This limitation will be addressed in future updates.
• MailAPP issue: Base64 files split into chunks, not all scanned; cautious approach needed due to potential use-case impact; Mac testing revealed this limitation.
• Limitations with low-quality images, including handwriting, can lead to false positives; note this is due to Apple OCR engine, not EPP Client.
• CAP had difficulty blocking threat files due to initial limitations with the first file in each folder, which could not undergo OCR scanning, potentially leaving newly created files unchecked.
• Clipboard operations may not always be captured accurately by MacOS CAP OCR.

Discontinued

General

• In this release, we have deprecated and removed all instances of the Appetizer License, including text messages.

Upcoming Depreciations

• Reporting V1 will be discontinued in future updates, and users should migrate to Reporting V2 beginning with EPP version 5.7 and beyond.
• Backup V1 will be discontinued in future updates, and users should transition to Backup V2 starting from EPP version 5.9.0.0 and above.
• DHCP support in EPP server to be phased out in upcoming updates; transition to static IP for stability recommended.