Learn about the current and previous Endpoint Protector updates. Information regarding changes and enhancements is detailed in chronological order below.
01-November-2023
Endpoint Protector – Product Update
Server Version: 5.9.1.0
Windows Client: 6.1.0.6000
Mac Client: 2.9.0.7000
Linux Client: 2.3.0.3000
General
New Features/Improvements
- Introduces obfuscation in the Client log file to enhance security for External File Shadow repository credentials.
Limitation: here - Enhances SIEM export functionality by extending log character limit to 10,000 characters per message, enabling comprehensive data transmission.
- Introduces a new macOS Installer page enabling users to permit Bluetooth during Endpoint Protector Client installation on macOS version 14 (Sonoma), enhancing user control over Bluetooth privileges.
Bug Fixes
- Fixes incorrect destination path display in File Tracing reports.
- Fixes the issue that allows disabling of the eDiscovery module prior to activation.
- Addresses font size inconsistency in the End User License Agreement (EULA) message displayed on macOS machines.
- Fixes a permission issue in the End User License Agreement (EULA) encountered while using Firefox web browser on Ubuntu Linux machines.
- Fixes a permission issue in the End User License Agreement (EULA) experienced while using Safari web browser on macOS version 14 (Sonoma).
Device Control (DC)
Bug Fixes
- Fixes an issue where Global Rights statuses were not correctly applied to devices on Linux machines.
- Fixes OTP password computation errors caused by mismatched device codes, ensuring accurate password generation.
- Fixes an issue where WiFi blocking was not functioning correctly on MacBook Air machines with macOS version 14 (Sonoma) when the 'Block WiFi if wired network connection is present' option was enabled.
- Fixes an issue where Bluetooth device policies were not correctly applied on macOS version 14 (Sonoma) machines.
Limitations: here - Fixes an issue where Bluetooth sub-categories incorrectly displayed as ‘denied’ despite the main category being set to allow.
- Fixes a File Tracing report issue, where the page entered an infinite loop post-upgrade from EPP server version 5.8.1.0 to 5.9.0.0.
Content Aware Protection (CAP)
New Features/Improvements
- Introduces RingCentral support on Windows and macOS, enabling CAP policy triggers for potential file egress from RingCentral when accessing sensitive data source files. Note: DPI does not inspect network traffic from RingCentral, and it does not support specific destination and protocol-based use cases.
- Introduces Microsoft Edge browser extension for content scanning during web document printing on Windows, enhancing overall protection.
- Implements an ICD-11 catalog update for HIPAA-related use cases and enhances UI labeling and descriptions in the HIPAA section for improved user experience.
- Introduces filtering capability for File Shadow artifacts in File Tracing and CAP reports, enhancing data analysis and reporting options.
Limitations: here - Adds Multibyte support for file names and comments in ZIP and RAR files, improving compatibility and handling of diverse character sets.
- Adds TNFTP support on Linux, enabling CAP policy triggers for file egress from sensitive data sources, enhancing security.
Note: DPI does not inspect network traffic from TNFTP and specific destination and protocol-based use cases are unsupported. - Enables scanning and control of embedded Office documents in Excel Spreadsheets using the 'Embed' method.
- Improves File Tracing event handling for Print jobs by sending a single event for an entire scanned document, rather than one event per page.
Bug Fixes
- Fixes an issue where selected policies failed to shift correctly when using Right-click, ensuring seamless policy management.
- Fixes the Scroll bar issue for Include/Exclude entities in CAP policies, ensuring smooth navigation and selection.
- Fixes the File Shadowing issue preventing artifact downloads from the internal repository, ensuring seamless access to stored files.
- Fixes a policy triggering issue for Contextual threshold values greater than '1', ensuring accurate policy execution.
- Fixes a PII identifier 'ISBN' issue when combined with other identifiers using Content Detection rule operator 'AND', ensuring proper detection.
Deep Packet Inspection (DPI)
New Features/Improvements
- Enhances 'stealthy DPI' functionality to seamlessly reintegrate unmonitored application traffic, ensuring unmodified network flow after pre-analysis by the SSLsplit process.
Bug Fixes
- Fixes a macOS Ventura-specific issue where DPI occasionally failed to scan content in GMail through Chrome web browsers.
- Fixes an issue in multi-file uploads where source-code detection generated false positives, now ensuring accurate identification.
- Fixes an issue with multipart base64 encoded requests where part keys were calculated inaccurately, ensuring correct computation.
- Fixes an issue where DPI failed to detect threats in GMail sent from the Drafts folder using Chrome web browsers.
- Fixes an issue where DPI inconsistently blocked sensitive documents in GMail sent via Chrome web browsers after multiple retry attempts.
Usability Improvements
New Features/Improvements
- Introduces real-time status updates for the Save button in EPP Notifier, ensuring users receive immediate feedback on their actions.
- Enhances web console visualization for “Security Password for Uninstall Protection” under SYSTEM CONFIGURATION - System Security, ensuring effortless user setup.
- Adds an informative tooltip under DEVICE CONTROL - Global Settings for ‘Policy Refresh interval (sec)’ setting, enhancing user guidance and understanding.
- Introduces Microsoft Edge support in the Notes section under DEVICE CONTROL - Global Settings, expanding compatibility for users' convenience.
Bug Fixes
- Corrects multiple translated terms in German across the EPP web console, ensuring a seamless and accurate user experience.
- Fixes constant Admin action events due to unsuccessful Security Updates on EPP backend, ensuring accurate event reporting.
Known Limitations
General
- Credential obfuscation in the Client log file does not cover AWS S3 repositories at present but will be addressed in a future release.
Device Control
- Currently, when multiple files are sent for OCR scanning through DPI, only the first file is processed. This limitation will be addressed in future updates.
- Clipboard operations may not always be captured accurately by MacOS CAP OCR.
- Despite denying Bluetooth, Webcam, and iPhone access on macOS endpoints, the Continuity Camera issue persists in applications like Slack, Zoom, FaceTime, and Photo Booth, where the camera is not correctly blocked.
- macOS endpoints may not detect Dell Bluetooth Keyboards/Mice, as an issue has been identified where these devices are not recognized.
- Bluetooth headphones may appear as ‘Disconnected’ instead of ‘Denied’ in EPP Notifier, indicating an issue where these devices are not correctly recognized.
- In macOS version 14 (Sonoma), users must manually grant Bluetooth access for the Endpoint Protector Client during installation. Efforts are underway to suppress these prompts for both manual/automated installations and upgrades or JAMF profiles.
- In DEVICE CONTROL - Global Rights, administrators must set both the main Bluetooth category and Bluetooth Radio to 'Allow access.' If different settings are needed for other Bluetooth subcategories, they must be configured separately. Setting Bluetooth Radio to 'Deny Access' will automatically apply 'Deny access' to all other Bluetooth subcategories, regardless of their individual settings.
- Users on macOS versions before version 14 (Sonoma) might encounter high CPU usage by the 'EPPClient' process when Bluetooth devices are set to 'Deny Access,' attributed to a bug in Apple's macOS software with BLE devices. Upgrading to macOS version 14 (Sonoma) is advised for a fix. Alternatively, setting 'Bluetooth-Others' to 'Allow Access' on older macOS versions can address the issue.
Content Aware Protection
- File Shadow downloads are affected by incorrect MD5 hashes in Endpoint Protector Clients' event logs, causing artifacts to fail downloading with a "File Not Found" error. Upgrade EPP clients to 5.9.1.0+ (Windows: 5.9.1.7+; macOS: 2.8.1.4+; Linux: 2.1.0.3+) before updating the EPP server to versions 5.7.1.0 or 5.9.1.0+. Note that File Shadow Filter supports EPP Server versions below 5.7.1.0 or 5.9.1.0+ and EPP Clients from 5.8.0.0+.
- Print Preview in Microsoft Office 365 Apps (e.g., Word Web, Excel Web) impacts the Chrome browser extension due to an issue in the Office 365 suite. Microsoft Edge browser extension, utilizing the same Chromium-based engine, remains unaffected. Both Chrome and Microsoft Edge browser extensions cannot content-inspect documents sent to printers from Office 365 Web Apps, defaulting to blocking any document (content-unaware) sent to printers, aligning with other selected exit point browsers on Windows machines.
Discontinued
General
- Scan time-out option under DEVICE CONTROL - Global Settings - Max File Size will be removed from the web console. EPP server will send a default value of 10sec, which will overwrite previously set values.
Upcoming Depreciations
- Reporting V1 will be discontinued in future updates, and users should migrate to Reporting V2 beginning with EPP version 5.7 and beyond.
- Backup V1 will be discontinued in future updates, and users should transition to Backup V2 starting from EPP version 5.9.0.0 and above.
- DHCP support in EPP server to be phased out in upcoming updates; transition to static IP for stability recommended.