01-March-2024

Endpoint Protector – Product Update

Server Version: 5.9.3.0
Windows Client: 6.2.2.1006
Mac Client: 3.0.2.1007
Linux Client: 2.4.2.1006
EasyLock: 2.0.3.8

Infrastructure changes

For customers upgrading to EPP Server version 5.9.3.0 and using Contextual Detection Rules, notable workflow changes have been implemented. Specifically, when Contextual Detection Rules are configured within one or more CAP Policies, the Global Contextual Detection Rules under 'SYSTEM PARAMETERS - Contextual Detection' will no longer be enforced for those policies. However, in scenarios where no CAP Policy includes Contextual Detection Rules, the Global Contextual Detection Rules under 'SYSTEM PARAMETERS - Contextual Detection' will persist, maintaining the previous behavior observed in earlier EPP Server versions. Please take note of these changes to ensure optimal configuration alignment during the upgrade process

General

New Features/Improvements

• Improves stored procedure functionality to proactively address duplicate network printer issues.

Device Control (DC)

New Features/Improvements

• Improves the Exported Entities report for Device Control, ensuring the inclusion of the last 3 columns (Status, Friendly Name, Friendly Description) during export.

Content Aware Protection (CAP)

New Features/Improvements

• Improves OCR detection, ensuring file uploads through DPI are correctly detected and extracted on all OS platforms.
• Enhances content detection in the new version of Microsoft Teams (New Teams), addressing the visibility of subjects in posts and headings/subheads in announcements for improved detection.
• Enhances Chrome extension for better CAP event correlation in Excel Web App's Print Preview.
• Allows direct opening of PDFs in Google Chrome and Microsoft Edge, removing the previous restriction due to browser extension limitations in scanning PDF content.
• Improves the Chrome extension's robustness by preventing user deletion or disabling, ensuring uninterrupted functionality.
• Streamlines Chrome extension text extraction from HTML pages, eliminating false positives for sensitive data like US SSNs.
• Improves browser extension versioning to facilitate communication of version information between extensions and EPP Client, enabling the Client to proactively detect and manage potential incompatibilities.

Deep Packet Inspection (DPI)

New Features/Improvements

• Enhances SSLsplit DPI proxy to automatically restart if terminated, ensuring persistent protection.
• Introduces an enhanced DPI Bypass component, allowing a more granular Bypass behavior, different end-user notifications for DPI interception and connection blocking, enhancing transparency and user awareness.
• Enhances registry security for DPI-related keys/values on Windows endpoints, preventing them from being tampered.
• Enhances Stealthy DPI to prevent further packet injection after sending a FIN (disconnect) packet, ensuring no packets are injected into a disconnected channel.

Usability Improvements

New Features/Improvements

• Adds a "Serial Number" field to Admin Actions, providing additional information for device identification in Uninstall Client details and other relevant sections.​​​​
• Enhances system licensing on the server by allowing filtering computers based on their serial numbers, providing a more reliable unique identifier compared to names.
• Introduces a "Test Connection" button for verifying File Shadow Repository connectivity during setup.
• Adds a "Reset" button on the OTP generation page for quick data entry without needing to navigate away or refresh the browser.
• Introduces an information tooltip to option ‘Apply Paste restrictions to all monitored applications’, notifying administrators about the below limitation. Limitation: here
• Introduces visual differentiation in Endpoint Protector Server UI, enabling custom text and logos for personalized identification and reducing the risk of unintentional modifications in the wrong environment.
• Removes 'Stealthy DPI' BETA tag and adds info tooltip for enhanced compatibility with third-party software vendors.
• Adds an info tooltip for Linux users: On Wayland, paste restrictions are unavailable; content blocking occurs during copy operations.
• Adopts MachineUUID as the unique identifier for endpoint machines in the absence of a Serial Number, ensuring endpoint machine reliability; this now also appears in the license page column across all OS platforms.

Known Limitations

General

• Credential obfuscation in the Client log file does not cover AWS S3 repositories at present but will be addressed in a future release.
• Test emails sent using the 'Use TLS 1.3' option under 'SYSTEM CONFIGURATION - System Settings - E-mail Server Settings' do not include test strings.
• System Settings - E-mail Server Settings' do not include test strings. In newer Linux Ubuntu versions, the default installation of the 'snap' application for file access events in xdg Desktop portals is not supported by EPP Client. This may lead to unexpected behavior in File Tracing, File Shadow, CAP, and DPI due to missing file access events.

Device Control

• Clipboard operations may not always be captured accurately by MacOS CAP OCR.
• Despite denying Bluetooth, Webcam, and iPhone access on macOS endpoints, the Continuity Camera issue persists in applications like Slack, Zoom, FaceTime, and Photo Booth, where the camera is not correctly blocked.
• Bluetooth headphones may appear as 'Disconnected' instead of 'Denied' in EPP Notifier, indicating an issue where these devices are not correctly recognized.
• In DEVICE CONTROL - Global Rights, administrators must set both the main Bluetooth category and Bluetooth Radio to 'Allow access.' If different settings are needed for other Bluetooth subcategories, they must be configured separately. Setting Bluetooth Radio to 'Deny Access' will automatically apply 'Deny access' to all other Bluetooth subcategories, regardless of their individual settings.
• Users on macOS versions before version 14 (Sonoma) might encounter high CPU usage by the 'EPPClient' process when Bluetooth devices are set to 'Deny Access,' attributed to a bug in Apple's macOS software with BLE devices. Upgrading to macOS version 14 (Sonoma) is advised for a fix. Alternatively, setting 'Bluetooth-Others' to 'Allow Access' on older macOS versions can address the issue.

Deep Packet Inspection (DPI)

• In some cases, network issues (websites not loading) can be observed on macOS version 14.2 (23C5030f) when DPI and 'Intercept VPN Traffic' are enabled. Upgrading to macOS version 14.2 Beta (23C5047e) from November 14th is advised for a fix.
• When using the DPI Bypass 2.0 notification, some web browsers may display a 'connection dropped' message when 'stealthy DPI' is employed. This happens because the connection is initially dropped before being bypassed for subsequent requests. The browser then retries the connection and succeeds, creating a situation where the message indicates the connection was dropped, yet the website is accessible. The EPP server registers the bypassed connection.
• When the Client proxy is configured on macOS, DPI Bypass 2.0 may not bypass websites using Websockets, rendering them inaccessible.

Content Aware Protection

• File Shadow downloads are affected by incorrect MD5 hashes in Endpoint Protector Clients' event logs, causing artifacts to fail downloading with a "File Not Found" error. Upgrade EPP Clients to 5.9.1.0+ (Windows: 5.9.1.7+; macOS: 2.8.1.4+; Linux: 2.1.0.3+) before updating the EPP server to versions 5.7.1.0 or 5.9.1.0+. Note that File Shadow Filter supports EPP Server versions below 5.7.1.0 or 5.9.1.0+ and EPP Clients from 5.8.0.0+.
• On certain Linux environments, particularly those using the Wayland protocol by default, paste control is constrained due to Wayland's inability to detect the focused window, resulting in content blocking during the copy operation.
• In rare cases, EPP Windows Client may trigger CAP Policies incorrectly when the source file path of Microsoft Office documents cannot be detected and Print jobs do not reflect the name of the document.
• File Shadow downloads from AWS S3 buckets, with concurrent File Tracing and CAP activation, may result in inconsistent behavior, displaying artifacts deleted in File Tracing reports but still available in CAP reports, and vice versa.
• In cases where the custom dictionary contains more than 100 items, content policies' encryption may cause the CAP policy to discard the last entries from the custom content list. A temporary workaround is to duplicate the last entry several times at the end of the dictionary, with a fix scheduled for the next release.

Discontinued

General

• The Scan time-out option under DEVICE CONTROL - Global Settings - Max File Size will be removed from the web console. EPP server will send a default value of 10sec, which will overwrite previously set values.

Upcoming Depreciations

• Reporting V1 will be discontinued in future updates, and users should migrate to Reporting V2 beginning with EPP version 5.7 and beyond.
• Backup V1 will be discontinued in future updates, and users should transition to Backup V2 starting from EPP version 5.9.0.0 and above.
• DHCP support in EPP server will be phased out in upcoming updates; transition to static IP for stability is recommended.
• Contextual Detection under SYSTEM PARAMETERS will be discontinued in future updates and replaced by 'Context Detection Rules' in the 'Content Detection Summary' section of CAP Policies.