Endpoint Protector 2602.0.1.0 Server Patch Released

Products Endpoint Protector News
,
1

announcement-2026-02-04T03-16-21-696Z
announcement-2026-02-04T03-16-21-696Z1000×600 99.1 KB

Want the full details? Click the link below!

Download Netwrix Endpoint Protector Server Patch 2602.0.1.0 here!

Release Overview

The latest release of Endpoint Protector, version 2602.0.1.0, focuses on enterprise identity lifecycle automation and a complete product rebranding, delivering improved integration with modern identity platforms and a refreshed, unified user experience aligned with the Netwrix brand.

This release introduces:

  • New Features: A SCIM connector enabling automated user and group provisioning from enterprise Identity Providers (IdPs).
  • Enhancements: A full visual and branding refresh across the Endpoint Protector Server interface, including updated fonts, logos, colors, and imagery.

No changes have been introduced to existing policy enforcement, authentication behavior, or endpoint protection logic.

What’s New in Endpoint Protector

Updated Components

  • EPP Server 2602.0.1.0

IMPORTANT:
This release is available as a patch to be applied over the previous supported server version. Please refer to the user manual for detailed upgrade instructions. All SaaS customers will receive this update automatically.

SCIM Connector for Automated User & Group Provisioning

This release introduces support for SCIM (System for Cross-domain Identity Management), enabling automated synchronization of users and groups from enterprise Identity Providers into Endpoint Protector.

With the SCIM connector, organizations can:

  • Automatically provision users when they are assigned in the IdP
  • Update user attributes and group memberships based on IdP changes
  • Deactivate users automatically when they are disabled or removed in the IdP

The SCIM integration allows the Identity Provider to act as the single source of truth for user lifecycle management, reducing manual administrative effort and improving security by ensuring timely access revocation.

SCIM provisioning is secured via a tenant-specific bearer token and operates independently from authentication mechanisms such as SSO.

SCIM FAQ

  • Is SCIM mandatory?

No, but it’s strongly recommended for enterprise environments.

  • Does this replace SSO?

No — SCIM manages users, SSO manages login. They complement each other.

  • What happens if SCIM is misconfigured?

Nothing breaks — users just won’t sync until fixed.

  • What happens if the SCIM endpoint is down?

The SCIM endpoint is on the same server as the main EPP application server so that means the whole application is down returning 5.x.x error message

  • Can users still be managed manually as well?

Yes, of course. This was introduced because many enterprises use it.

  • What happens if the token is compromised?

The token can be rotated instantly from the admin console, which invalidates the old token immediately. Tokens are tenant-scoped and do not grant UI or login access. This is similar to rotating an API key.

  • Is SCIM traffic encrypted?

Yes. All SCIM calls are over HTTPS using TLS 1.2/1.3.

  • Does it support soft-delete or hard-delete?

Soft delete. Hard delete is rarely recommended because of audit and historical data.

  • How are users matched? What’s the unique identifier?

The system primarily relies on the SCIM userName attribute, and it also supports externalId to correlate users with the IdP. The mapping can be found in the online documentation

  • What happens if a user already exists?

If the user exists, the system updates it. If not, it creates it. The IdP remains the source of truth.

  • Can SCIM grant admin privileges?

No. SCIM is intentionally limited to user and group provisioning and does not grant administrative access.

  • Is the SCIM communication rate limited?

Yes, SCIM traffic is controlled to protect system stability for bulk operations

• Maximum 250 operations per request

• Maximum 2MB payload size

  • Is this SOC2 / ISO friendly?

Yes. Automated provisioning and deprovisioning via SCIM are considered best practices for access governance and compliance.

Product Rebranding and Visual Refresh

Rebranding - Login
Rebranding - Login1643×992 27.3 KB

Rebranding - Dashboard
Rebranding - Dashboard1643×992 59.3 KB

Endpoint Protector 2602.0.1.0 introduces a comprehensive product rebranding, aligning the server interface with the updated Netwrix brand identity.

This update includes:

  • Updated fonts and typography
  • New logos and brand assets
  • Refreshed color palette
  • Updated UI imagery and visual elements

The rebranding delivers a modernized and consistent look and feel across the Endpoint Protector Server interface, without impacting functionality, configuration workflows, or enforcement behavior.

Bug Fixes and Miscellaneous Updates

Module Title & Description ADO Number Salesforce Number
General Backend Security Updates – MariaDB package conflict prevention - Fixed an issue where applying Backend Security Updates on EPP Server 2510 could fail to apply (updates would reappear as available) and, in some cases, could lead to the Web UI becoming inaccessible with a 500 Internal Error after updates. 409945 & 411911 00463162 & 00466742

Known Limitations

Component Description Case # Escalation #
CAP An error is returned when enabling CAP and eDiscovery modules on a new server: ”An error occurred. Please ensure the Endpoint Protector Server has a functional Internet connection or that the required domain and ports have been whitelisted for outgoing traffic." This is not a blocking limitation, as the modules can be enabled after trying to click “Save” and enable them a second time. 370216
CAP File Shadow downloads from AWS S3 buckets, with concurrent File Tracing and CAP activation, may result in inconsistent behavior, displaying artifacts deleted in File Tracing reports but still available in CAP reports, and vice versa. 320213, EPP-9023
EPP Server UI When installing a fresh Endpoint Protector (EPP) Server, the default time zone is set to a default value that may differ from your own. As a result, computers may appear as “Offline” in the status column until the time zone is adjusted and synchronized. To resolve this, navigate to Appliance → Server Maintenance, select the appropriate time zone (e.g., Istanbul), and synchronize the server time. This action ensures computers will display the correct “Online” status. A fix for this issue is planned for future updates. 395435
EPP Server Networking When performing a backup restoration from a 5942 server to a 2510 server, the custom logo used for User Remediation is not imported correctly. After completing the restoration process, navigate to System Parameters → User Remediation; you may notice that the custom logo is missing. A fix for this issue is being considered for an upcoming release. 402066
EPP Client Update Starting with the 2601.0.1.0 release, the Client Upload page in EPP Server was cleaned up, and there is currently a known limitation that does not allow EPP Clients older than the 2509 version to be uploaded. Currently only EPP Clients with version 2509 and up are permitted for upload by the interface. 414748

For any issues, please contact the Support team for assistance.

Upcoming Deprecations

List of features which will be discontinued in future.

Component Description Case # Targeted release
CAP Contextual Detection under SYSTEM PARAMETERS will be discontinued in future updates and replaced by ‘Context Detection Rules’ in the ‘Content Detection Summary’ section of CAP Policies. EPP-8941 TBD
General The File Shadow Maintenance feature, which provides functionality for listing and managing File Shadows stored locally on the EPP Server will be discontinued in future. TBD

Need help with this update?

There are many different ways to get help with our products!

Situation Action
If you feel the product is broken and not working as intended… Contact Support
If you have a question you’d like to ask other experts… Create a discussion in the community: Endpoint Protector > Discussions & Questions
If you have a feature request… Let our product team know directly: Endpoint Protector > Ideas
If you have something cool to show… Show everyone what you built: Endpoint Protector > Show & Tell

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!

1 Like