Endpoint Protector Server Bug Fix List

Products Endpoint Protector News
, ,
1

endpoint-protector-server-bug-fix-list
endpoint-protector-server-bug-fix-list1920×960 138 KB

:pushpin: Looking for a bug fix list for all versions of Endpoint Protector Server?
All bug fixes will automatically be added here!

2604.0 Updates

Endpoint Protector Server 2604 Released

May 5, 2026

Module Description ADO Number Salesforce Number
Alerts Content Aware Alert Email Delivery - Fixed an issue where Content Aware alert emails were not generated in certain configurations that included both computers and users. In these cases, incorrect policy association in backend processing could prevent the alert from matching the expected policy and stop the email from being sent. Alert evaluation now works correctly, and email notifications are generated as expected. 320002 00029809
SIEM Integration Administrator Username in SIEM Logs for SSO Authenticated Users - Fixed an issue where SIEM exports displayed the Azure UUID instead of the administrator username for users authenticated through Single Sign-On (SSO) with Azure AD. Endpoint Protector now sends the correct username in SIEM logs, improving event readability and audit traceability. 377615 00437325
CAP Paste Restriction Enforcement for KakaoTalk on macOS - Fixed an issue where Content Aware Protection paste restrictions were not enforced for KakaoTalk on macOS when the option to apply paste restrictions to all monitored applications was enabled. This occurred because the localized KakaoTalk process name was not recognized correctly. KakaoTalk is now identified properly and paste restriction policies are enforced as expected. 412474 00463597
Reports and Analysis Log Export for Administrators Assigned to Multiple Departments - Fixed an issue where log exports could fail when initiated by an administrator assigned to multiple departments. This affected export generation from reports such as Device Control, Content Aware Protection, and File Tracing. Log exports now complete successfully regardless of the number of departments associated with the administrator. 415113 00468236
Reports and Analysis Historical CAP Policy Type Display After 2602 Upgrade - Fixed an issue where historical Content Aware Protection logs created before the 2602 update could be displayed incorrectly as Outside Network instead of Standard in Reports and Analysis after the patch was applied. Historical log entries now retain the correct policy type in reports. 416392 00469556
Single Sign-On SSO Redirect Handling After Login - Fixed an issue introduced after the 2601 upgrade where Single Sign-On (SSO) authentication could complete successfully, but the console did not redirect users correctly and displayed a failure message instead. This issue affected environments using PingID. Users are now redirected to the Endpoint Protector dashboard as expected after successful authentication. 417621 00468481
System Maintenance System Backup Import with Legacy Database Schemas - Fixed an issue where System Backup import could fail when the backup was created from an older database schema and restored on a newer Endpoint Protector server version. System Backup imports now complete successfully in legacy schema migration scenarios. 417735 00466840
Reports and Analysis CAP Log Details for Delegated Administrators - Fixed an issue where administrators with access to the Reports and Analysis section, but without Super Administrator privileges, could not expand and view Content Aware Protection log details. CAP event details now load correctly for delegated administrators with the appropriate permissions. 419361 00470747
General QuickLogs Recovery and Ingestion Handling - Improved handling for scenarios where oversized QuickLogs directories could interrupt log ingestion. However, this process should still go through flagged by customers and go through Netwrix Support for a quicker fix. 423709 00472377
Directory Services Active Directory Sync for Organizational Units with Special Characters - Fixed an issue where Active Directory sync could fail to display Organizational Units and related objects in the Directory Browser when Organizational Unit names contained special characters, such as %, , parentheses, braces, or brackets. Associated objects, including groups, computers, and users, are now displayed and synchronized correctly. 425953 00474344
Reports and Analysis Okta not able to create groups through SCIM - Fixed an issue where group provisioning from Okta through SCIM could fail because the Department attribute was required during group creation. Endpoint Protector now supports Okta SCIM group creation without requiring this attribute, improving compatibility with Okta group provisioning workflows. 418944 00470914

2602.0 Updates

Netwrix Endpoint Protector Client version 2602 Released (Now with Hotfix 2)

February 5, 2026

No bugs were fixed in this update.

Endpoint Protector 2602.0.1.0 Server Patch Released

February 5, 2026

Module Title & Description ADO Number Salesforce Number
General Backend Security Updates – MariaDB package conflict prevention - Fixed an issue where applying Backend Security Updates on EPP Server 2510 could fail to apply (updates would reappear as available) and, in some cases, could lead to the Web UI becoming inaccessible with a 500 Internal Error after updates. 409945 & 411911 00463162 & 00466742

Known Limitations

Component Description Case # Escalation #
CAP An error is returned when enabling CAP and eDiscovery modules on a new server: ”An error occurred. Please ensure the Endpoint Protector Server has a functional Internet connection or that the required domain and ports have been whitelisted for outgoing traffic." This is not a blocking limitation, as the modules can be enabled after trying to click “Save” and enable them a second time. 370216
CAP File Shadow downloads from AWS S3 buckets, with concurrent File Tracing and CAP activation, may result in inconsistent behavior, displaying artifacts deleted in File Tracing reports but still available in CAP reports, and vice versa. 320213, EPP-9023
EPP Server UI When installing a fresh Endpoint Protector (EPP) Server, the default time zone is set to a default value that may differ from your own. As a result, computers may appear as “Offline” in the status column until the time zone is adjusted and synchronized. To resolve this, navigate to Appliance → Server Maintenance, select the appropriate time zone (e.g., Istanbul), and synchronize the server time. This action ensures computers will display the correct “Online” status. A fix for this issue is planned for future updates. 395435
EPP Server Networking When performing a backup restoration from a 5942 server to a 2510 server, the custom logo used for User Remediation is not imported correctly. After completing the restoration process, navigate to System Parameters → User Remediation; you may notice that the custom logo is missing. A fix for this issue is being considered for an upcoming release. 402066
EPP Client Update Starting with the 2601.0.1.0 release, the Client Upload page in EPP Server was cleaned up, and there is currently a known limitation that does not allow EPP Clients older than the 2509 version to be uploaded. Currently only EPP Clients with version 2509 and up are permitted for upload by the interface. 414748

For any issues, please contact the Support team for assistance.

Upcoming Deprecations

List of features which will be discontinued in future.

Component Description Case # Targeted release
CAP Contextual Detection under SYSTEM PARAMETERS will be discontinued in future updates and replaced by ‘Context Detection Rules’ in the ‘Content Detection Summary’ section of CAP Policies. EPP-8941 TBD
General The File Shadow Maintenance feature, which provides functionality for listing and managing File Shadows stored locally on the EPP Server will be discontinued in future. TBD

2601.0 Updates

Netwrix Endpoint Protector Server Version 2601.0.1.0 Released

January 15, 2026

Module Title & Description ADO Number Salesforce Number
CAP NetworkShare Allowlist Application Issue - Resolved a critical issue where NetworkShare Allowlist settings were not applied correctly on versions 2509/2510, causing copy operations from allowed shares to be blocked. A query change resulted in endpoints receiving an empty allowlist. This has been fixed, ensuring allowlisted shares function as expected. 406336 & 406650 00460045 & 00460337
Enforced Encryption EasyLock and Client Presence Issue on Windows 11 - Fixed an issue where “Client Presence” settings didn’t prevent access to EasyLock on non-client Windows 11 machines, allowing partition access across non-client setups. A discrepancy in settings transmission from server-side to group levels caused improper application of “Client Presence.” We’ve corrected the logic for group settings, ensuring proper enforcement across all environments. This includes ensuring that EasyLock settings are correctly applied and inherited at the group level, with additional database changes like introducing a new table for logging client settings. 404913 00458700
Reports and Analysis Fix for Missing XML Files and Empty Export Archives - Addressed issues where exporting reports such as CSV or XLSX files from Logs Reports, File Tracing, and Content Aware Reports resulted in empty directory archives with missing XML files. Following an update to version 2509, customers experienced loss of historical report downloads and encountered errors in generating new logs reports. The fix ensures all exported archives contain the selected files and that logging processes are adequately handled across server environments. Additional adjustments were made to alleviate time-out issues during export processes, particularly when file tracing reports are involved. 405845 00459480
General IP Saving Issue on VMware EPP 2510 Image - Addressed a persistent issue where IP configurations failed to save on VMware vSphere VM appliances (versions 7.0.2, 8.0.2) using EPP Image 2510.0.1.0. Customers had to manually adjust netplan configurations as a workaround due to DHCP not assigning IPs on first boot. A fix has been implemented to ensure network settings are correctly applied during initial configurations. Investigations highlighted a need for configuration adjustments in the virtual appliance setup process. 408487 & 408764 & 408135 00461744 & 00461971 & 00461405
General Language Display Error on Web Console - Resolved a critical issue where selecting Ukrainian language in the web console incorrectly displayed Turkish. This affected entire environments post-migration to EPP server version 2510, causing disruptions for many administrators. The fix ensures correct language selection and display across server interfaces, restoring smooth workflow integration for all users. 409305 00462409
System configuration PHP ELS State and License Import Issue - Resolved an issue where importing a new license with a unique ELS key on the 2510 server resulted in an erroneous message, “Something went wrong during the installation. Please retry.” The ELS state did not update in the UI, and the php_els_install_status parameter remained at 0. This was caused by DNS and internet connectivity issues, as well as scenarios with duplicate licenses. The fix addresses these scenarios by ensuring accurate error messaging and state updates, improving overall stability and clarity during license import processes. 407585 & 408350 00460881 & 00461569
Reports and Analysis Audit Log Backup Download Issue - Resolved a critical issue where audit log backup files could not be downloaded from the EPP server hosted on AWS. Following the upgrade to EPP Server version 2510, attempts to retrieve backup logs for compliance audits failed, affecting multiple log entries and blocking audit preparations. The fix addresses inconsistencies in log data handling post-migration, with DevOps implementing a cron job to extract available data. This solution prioritizes restoring log accessibility through simulated audit archiving. 408745 00461931
Certificate Management Certificate Display Issue on macOS - Resolved an issue where DPI certificates marked as trusted on macOS clients appeared as N/A in the EPP Server UI. This was due to a validation process in the backend that erroneously used UI-only components, causing worker processes to fail. The improvement ensures certificates are accurately reflected and updates are correctly processed by server-side validation logic, enhancing synchronization between macOS clients and the server. 406528 00460223
Reports and Analysis EPP Console Not Displaying Detailed Logs for Certain Files - Fixed an issue where detailed logs for CSV files were not visible in the EPP console, despite the server receiving accurate information. The console was not correctly processing logs for CSV files while PDF logs were displayed properly. The resolution ensures comprehensive visibility of log details for all file types, reinforcing complete reporting in Content Aware Reports. 409935 00463129
General Email Alert - Log csv file not properly aligned - Resolved a problem where CSV files attached to email alerts were not properly parsed, resulting in all data being added to the first column. This made it difficult to read and utilize the data effectively. The fix ensures that content in CSV files is correctly distributed across the appropriate columns, enhancing clarity and usability of alert information. 406074 00459728
General EPP 2510 OS downgraded to 2509 after importing 2509 backup - Addressed an issue where importing a 2509 backup file into an EPP 2510 server incorrectly showed the server version as downgraded to 2509. This is a UI display issue rather than an actual version rollback. The fix ensures that the server version is accurately displayed post-backup import, avoiding confusion and ensuring consistency across system maintenance operations. 409666 00462856
Bug Fixes Lists Are Back, Docs Search Improvements, New Resources, and More!
3

:double_exclamation_mark: The following versions may have limited or no support. Please see the Supported Version page for guidance.

2510.0 Updates

Patch Version 2510.0.1.0 Released

October 30, 2025

Module Description ADO Number Salesforce Number
Denylists Issue with Domain and URL Denylists Functionality - Resolved problem where URLs added to Denylists were not being blocked as expected. The issue was caused by a deprecated condition in the code. This fix ensures that URLs listed in Denylists are correctly denied access, strengthening web browser CAP Policy enforcement. 404363
General Dual DNS Configuration Requirement in Image 2509 - Identified and addressed the requirement in image version 2510 for both DNS entries to be configured before saving settings. Previously, entering a single DNS was sufficient. This update ensures configurations save properly with either single or dual DNS setup, preventing erroneous resets to default values after 5 minutes. 405166
General Sync Time Not Working - Computers Appear Offline - Resolved an issue where machines appeared offline due to sync time failures. This was caused by an outdated database setting related to automatic update checks, which interfered with the operations.php cron job, preventing time synchronization. As of version 2510, the setting is removed to ensure proper time syncing and accurate machine status. 405673
General Update to Autoloader Configuration - Addressed an issue where the autoloader was not properly included in the project, causing Zend-encoded (encrypted) files to fail loading. This fix ensures the autoloader is correctly initialized before executing encoded files, ensuring smooth operation and loading within the application environment. 405928

Known limitations

For any issues, please contact our Support team for assistance

Component Description Case # Escalation #
Contant Aware Protection An error is returned when enabling CAP and eDiscovery modules on a new server: ”An error occurred. Please ensure the Endpoint Protector Server has a functional Internet connection or that the required domain and ports have been whitelisted for outgoing traffic." This is not a blocking limitation, as the modules can be enabled after trying to click “Save” and enable them a second time.
General In newer Linux Ubuntu versions, the default installation of the ‘snap’ application for file access events in xdg Desktop portals is not supported by EPP Client. This may lead to unexpected behavior in File Tracing, File Shadow, CAP, and DPI due to missing file access events. EPP-8735 EPPSUPPORT-3198
Device Control Despite denying Bluetooth, Webcam, and iPhone access on macOS endpoints, the Continuity Camera issue persists in applications like Slack, Zoom, FaceTime, and Photo Booth, where the camera is not correctly blocked. EPP-8781 EPP-6826
Content Aware Protection Clipboard operations may not always be captured accurately by MacOS CAP OCR EPP-8651
Content Aware Protection On certain Linux environments, particularly those using the Wayland protocol by default, paste control is constrained due to Wayland’s inability to detect the focused window, resulting in content blocking during the copy operation. EPP-8510
Content Aware Protection File Shadow downloads from AWS S3 buckets, with concurrent File Tracing and CAP activation, may result in inconsistent behavior, displaying artifacts deleted in File Tracing reports but still available in CAP reports, and vice versa. 320213, EPP-9023
Endpoint Protector Client With the release of EPP Client version 5.9.4.1, support for Windows XP, 7, 8, early builds of Windows 10, and Windows Server 2016 has been discontinued. To maintain EPP coverage on these systems, customers should continue using EPP Client version 5.9.4.0. Please note that no new features or fixes will be backported to this release. 438053
Endpoint Protector Client False Positive Generation on Ubuntu with Firefox. For Ubuntu versions 18.04, 20.04, 22.04, and 24.04, when using Firefox browsers to navigate through files, the EPP Client may generate false positives. 367650 00433696, 00427782
Device Control When installing a fresh Endpoint Protector (EPP) Server, the default time zone is set to a default value that may differ from your own. As a result, computers may appear as “Offline” in the status column until the time zone is adjusted and synchronized. To resolve this, navigate to Appliance → Server Maintenance, select the appropriate time zone (e.g., Istanbul), and synchronize the server time. This action ensures computers will display the correct “Online” status. A fix for this issue is planned for future updates. 395435
Device Control & CAP When performing a backup restoration from a 5942 server to a 2510 server, the custom logo used for User Remediation is not imported correctly. After completing the restoration process, navigate to System Parameters → User Remediation; you may notice that the custom logo is missing. A fix for this issue is being considered for an upcoming release. 402066
Network Configuration Cannot setup network configuration for Proxmox EPP Appliance 2509. The netcfg.yml file is missing information. To resolve, edit the /etc/netplan/netcfg.yml file ensuring the eth0 interface has the correct details, then validate and apply changes using netplan try and netplan apply. 405653 00459372
UI Accessibility UI not accessible after rebooting server version 2509. Backend remains accessible. Resolution involves backing up and modifying the nginx configuration file with the correct listening settings and restarting nginx. 405423 00459122

2509.0 Updates

Major Version Announcement Endpoint Protector Server Version 2509

October 14, 2025

Component Description ADO # Salesforce #
General “Show/Hide Columns” Modal Display Issue in Reports and Analysis Fixed issue where the modal was hidden behind other interface elements.
General “Test Connection” Button Error for S3 Buckets Restored functionality for S3 Bucket test connections. 360224
General Filter Application Issue in Admin Actions Filters now apply correctly based on selected criteria. 369459 00430586
General Incorrect License Display After Accessing System Licensing Menu Licensed devices no longer appear as unlicensed after menu navigation. 341452 00410118
General Incomplete AD Group Membership Visibility Post-Import Ensures all users’ group memberships are correctly synchronized. 367260 00429080
General Exporting Devices in JSON Format Export now works properly across versions. 377658 00437711
General High Communication Volume Between Client and Server Optimized event generation to reduce load. 378002 00437920
General Emailed Alerts Not Delivered SMTP test emails now send successfully after setup. 378303 00438327
General Translation Problems – German Search in Device Control now works with localized terms. 385901 00444667
General Can’t Connect macOS Device to EPP Server Resolved connectivity problem with a specific macOS device. 391937 00448448
General Duplicate Entries for Manually Added Computers Installing client on pre-added devices no longer creates duplicates. 394531
General File Shadowing Reliability Issues Fixed missing/failed shadowing in certain scenarios. 395573 00450674 (contin. of 00412043)
eDiscovery Correction for Contextual Detection “Related File Type” Now correctly flags only matching files. 362859 00425235
CAP Incorrect OS-Based Loading of Policy Entities Entities now load correctly by OS type. 366142
CAP Incomplete Log Fields in CAP When Server Connection Lost Ensures full log information is retained offline and uploaded later. 396527
CAP Inability to Delete Files from Allowlist Files can now be removed individually. 376245 00436274
CAP UI Section Mislabeling for Exported Email Denylists Corrected export log naming for email domain denylists. 383236
CAP File Deletion Issues Fixed removal of files requiring entire list deletion. 377593 00434230

5.9 Updates

Version 5.9.4.3 Released (Now with Hotfix 1)

June 5, 2025

Component Description Case # Escalation #
General EPP Client to Server Communication Compression
In this release, we’ve introduced a Client to Server compression feature, which will be utilized in upcoming versions of EPP Servers (5.9.5.0 and higher) and Unify releases (7.4 and higher). This enhancement is designed to conserve bandwidth and reduce transfer limits on metered connections, as well as to lower costs associated with cloud providers.		 382009, 382939, 383176 00437920
General User Remediation Challenge for Domain-Joined Devices Offline
This release addresses an issue where domain-joined Windows devices (connected to Active Directory) could not utilize user remediation for device control when disconnected from the network. Previously, attempting to authenticate with user credentials after disconnecting from the network resulted in an “Invalid credentials. Couldn’t initialize the connection.” error. This has been optimized to ensure seamless authentication, allowing users to access connected USB devices even when offline.		 384611 00437637
General Enhancement to EPP Client Behavior on Ubuntu Xorg
We’ve refined the login process on Ubuntu Xorg (version 24.04) to prevent the EPP client window from opening automatically without user initiation, ensuring a more seamless user experience. Additionally, options accessed via the right-click menu now appear as intended, enhancing usability.		 385428 00435662
General Resolution for Department Reverting Issue in EPP Client Upgrade
Upgrading the EPP client to version 6.2.4.2000 or higher previously caused departments to default to “defdep” due to a re-registration process triggered by an OpenSSL upgrade. This update ensures that custom department settings are retained during client upgrades, whether performed manually or via server updates, maintaining organizational consistency.		 379516 00437612, 00437246
General Improved Client Termination Logging During Node Maintenance
The update refines handling to prevent unintended termination logs during node maintenance. This ensures smooth node transitions without triggering “Unplanned Client Termination” or “Forced Uninstall Attempt” logs.		 380237 00436395
DC Improvement in Bluetooth Device Classification for Access Rights
The update enhances the accuracy of device classification, addressing situations where Bluetooth headphones previously detected as “Bluetooth Other” by older EPP agents are assigned incorrect access rights upon upgrading. Now, devices identified as “Bluetooth Headphone” will consistently receive the appropriate permissions, reflecting improved device categorization and resolving mismatches in access rights application.		 369454 00423693, 00424784
DC Enhanced Linux Bluetooth Control via DBus Events
We have reworked the handling of Linux Bluetooth permissions to leverage DBus events, significantly enhancing the ability to control Bluetooth devices on Linux. This change improves precision and flexibility in managing Bluetooth connections and device interactions within the Linux environment.		 377022, 385745
DC Improved Management of Bluetooth Pop-Ups on macOS
Adjustments have been made to ensure that Bluetooth pop-ups are properly displayed only when appropriate permissions are in place. This enhancement ensures that the EPP agent requires full disk access to modify local databases, preventing unnecessary pop-ups if permissions are not granted, thereby streamlining user interaction on macOS.		 370581 00423432
DC Streamlined Log Generation for iPhone Connections
Improvements have been implemented to ensure log entries are generated only once when connecting or disconnecting iPhones, preventing duplicate entries. This update enhances clarity and accuracy, reflecting actions performed with devices set to “Deny” permissions, optimizing log management in the specified environment.		 371529
DC Improved File Tracing for Write Events
Enhancements have been made to ensure that the EPP client consistently captures File-Write and Read-Write events on network shares and removable devices. Previously, certain file changes, such as edits and saves made using Notepad, Notepad++, or Visual Studio, might not trigger events as expected. This update refines the File Tracing process, increasing the reliability of event detection on Windows for diverse editing applications.		 374320
DC Resolution for Ignored File Size Limit in Shadowing
The EPP system has been updated to respect the “Max File Size for Shadowing (KB)” setting, ensuring files exceeding the set limit are not shadowed on macOS systems running Sequoia and above. Previous behavior allowed oversized files to be shadowed and sent to S3 buckets despite size constraints. This enhancement restores expected functionality for effective file management and compliance.		 375226 00431461
DC Enhanced Detection for ASIX Ethernet Adapters on macOS
The EPP client now accurately identifies ASIX Ethernet adapters as wired connections, ensuring that Wi-Fi is blocked when these adapters are in use. This improvement uses name detection for ASIX devices to correctly categorize the connection type, providing consistent enforcement of Wi-Fi denial policies on macOS systems.		 375955 00434222
DC Improved Detection of Teensy Board Devices on Windows
This update refines device identification by limiting detection to specific VIDs, ensuring more accurate classification of Teensy boards. It corrects previous misclassifications on Windows, such as identifying certain adapters as Teensy boards, and aligns detection more closely with intended device types.		 375964 00434607
DC Enhanced Network Printer Recognition by EPP Client
The latest update improves the recognition of network printers by the EPP Client on Windows 10, ensuring seamless identification and integration within the network environment.		 375227 00436900
DC Enhanced WiFi Blocking on Linux
The update ensures WiFi is consistently blocked upon policy changes or reactivation without needing a service restart, enhancing enforcement on Ubuntu 22.04 systems.		 376531 00435378
DC Restoration of “Deny-Access but Allow Charging” Functionality
The update addresses an issue in version 5.9.4.1 where the “Deny-Access but Allow Charging” setting unintentionally blocked iOS devices, hindering charging. The functionality is restored to ensure devices are not blocked while allowing charging as intended.		 377456 00418020
DC Enhanced File Shadowing for Names with Special Characters
Updates have been implemented to ensure files with whitespaces or special characters in their names are successfully uploaded to an FTP server as part of the file shadow repository. Improvements in handling file URL formatting address prior errors, ensuring seamless file tracing and shadowing on Windows systems.		 380898
DC Improved Remediation for Logitech MX Master Mouse
Enhancements have been applied to ensure a stable remediation session for the Logitech MX Master Bluetooth mouse. Users will no longer experience intermittent blocking and notifications, allowing uninterrupted use during active remediation sessions with Device Remediation enabled for Bluetooth Mice.		 381996
DC Correction of File Tracing Events on macOS
This update refines file tracing for text file edits on macOS, ensuring proper event logging. Previously, edits on removable devices or network shares could lead to incomplete logs. Now, file activities are consistently captured and reported.		 384396
DC Resolution for Mountain Duck Accessibility
The update addresses issues where Mountain Duck cloud drive was blocked by EPP settings for “Unknown Devices.” Now, Mountain Duck can start and function properly without errors, even with restrictive device policies in place.		 384518 00437196
DC Adjustment for Handling Multiple Printers with the Same Name
This update resolves issues where network printers with identical names were not consistently blocked in Safari when disabled in DC. The system now ensures that all instances of the same printer are correctly recognized and restricted, preventing unauthorized printing.		 384608
DC Improved Enforcement of Bluetooth Permissions on Ubuntu 22.04
The update ensures that Bluetooth permission settings are adhered to on Ubuntu 22.04, preventing manual enablement of Bluetooth devices when permissions are set to Deny.		 385745
CAP Improve Detection of Brazilian PIIs
We’ve improved the detection of Brazilian Personally Identifiable Information (PII) by differentiating between CPF and CNH patterns. Due to excess noise generated by CNH, CPF has been separated into its own selectable pattern within CAP/eD policies. Customers will need to manually adjust their CAP/eD policy definitions to accommodate this change and align with their specific requirements. Note: This update requires at least version 5.9.4.2 of the EPP Server and version 5.9.4.3 of the EPP Clients.		 342068, 320008, 376836 00419481
CAP Suppress Windows Notifications When Copying to USB
To enhance user experience, we have suppressed Windows notifications that prompted users to Skip, Replace, or Cancel during file copying to USB drives when blocked by a CAP policy. Previously, these notifications could be disruptive, especially when multiple files were copied at once. This improvement ensures a smoother interaction by eliminating the need for user intervention in such scenarios.		 343859
CAP Stop Monitoring XDG Desktop Portals Except for Ubuntu 18.04
We have refined our monitoring processes to reduce unnecessary log noise by ceasing to monitor xdg-desktop-portal* for file access on all systems except Ubuntu 18.04. On Ubuntu 18.04, we will continue to monitor xdg-desktop-portal-gtk to effectively capture file access events, particularly for file pickers used by applications like web browsers. Known Limitation: For Ubuntu versions 18.04, 20.04, 22.04, and 24.04, when using Firefox browsers to navigate through files, the EPP Client may generate false positives.		 367650 00433696, 00427782
CAP Proxy Configuration Management in Endpoint Protector
This update ensures that the proxy configuration is accurately reflected post-upgrade, allowing users to disable or adjust proxy settings without residual entries that could affect performance. Users making this transition should now find a smoother experience in adjusting their network configurations according to the new settings.		 371451 00427365
CAP Improved File Scanning for Google Translate Uploads
We are addressing the handling of file uploads to Google Translate, enhancing our scanning process to ensure data protection. Currently, limited file types such as .docx, .pdf, .pptx, .xlsx, and images are supported for upload and translation.		 374645 00434813, 00435082
CAP Resolution of False Positive US SSN Detection in PDF Printing
We have addressed an issue where false positives for US Social Security Numbers (SSN) were detected when printing threat-free PDFs from OneDrive Business using browser menu options. This release enhances the detection algorithms to mitigate false alarms, ensuring that print jobs proceed smoothly without unnecessary interruptions.		 339356 00431461
CAP Resolution of False Positive US SSN Detection in Webpage Printing
We have addressed a regression issue where false positives for US Social Security Numbers (SSN) were detected while attempting to print threat-free webpages from browsers like Edge and Chrome. This update refines the detection process, ensuring webpages without sensitive data can be printed successfully without being erroneously flagged by CAP policies.		 339390
CAP Improved Monitoring of New Microsoft Teams File Transfer on Windows
This update enhances the EPP client’s ability to monitor and control file transfers in the New Microsoft Teams on Windows. With improved visibility, the EPP client effectively intercepts and manages file transfers, ensuring they are appropriately monitored and controlled even when DPI is disabled.		 340606 0042295, 00417651
CAP Improved Monitoring for Microsoft Teams on Linux
Enhanced the EPP client’s ability to monitor Microsoft Teams activity on Linux. This update ensures that the "teams " process is properly tracked, allowing file transfers to adhere to CAP policies and improving overall compliance with monitoring requirements.		 347077
CAP Refined Identification of Microsoft Teams and Slack Traffic with Proxy Usage
An enhancement has been made to accurately distinguish network traffic originating from Microsoft Teams and Slack from that of Chrome when a third-party proxy, like Sophos, is used. Previous configurations led to all traffic being routed through the proxy being incorrectly identified as Chrome, causing scanning irrespective of CAP policy settings.		 369085
CAP Improved Functionality for Safari Browser in Xcode Simulator
This update enhances functionality for the Safari Browser in Xcode Simulator on macOS when DPI is enabled. It ensures that webpages load correctly, providing a seamless browsing experience in the simulator environment regardless of the “Intercept VPN Traffic” setting.		 343756 00411657
CAP Enhanced Blocking for Print Screen on Windows 11
This update addresses the issue where the EPP client did not consistently block the print screen functionality on Windows 11 for certain key combinations. The enhancement ensures that all defined scenarios within CAP policies, including Fn+PrintScreen and PrintScreen alone, are effectively blocked, maintaining compliance and security on Windows 11 systems.		 364964
CAP Blocking SnippingTool on Windows 11 with CAP Policy
Enhanced CAP policy capabilities to effectively block the SnippingTool executable on Windows 11 when the print screen function is selected.		 367687 00438810, 00426022
CAP Enhanced Stability for Print Screen Blocking
The EPP agent has been updated to address issues where print screen functionality might not be consistently blocked due to multithreading complications. By refining the policy loading process to ensure flags are set accurately across threads, print screen operations are now reliably controlled, maintaining security expectations for both Windows 10 and Windows 11 environments.		 373916 00426022
CAP Resolution for Incorrect File Type Reporting in Image Transfers
This update enhances the monitoring of files transferred via Airdrop using Drag and Drop on macOS. By implementing a dynamic detection mechanism for temporary file paths, the EPP agent ensures that files are accurately scanned and sensitive data is effectively blocked during transfer using this method.		 367340
CAP Enhanced Airdrop File Blocking for Drag and Drop Actions
The EPP agent now better monitors files sent via Airdrop using Drag and Drop on macOS. Through dynamic detection of temporary file paths, files are scanned, and sensitive data is effectively blocked during transfer.		 367530 00426475
CAP Custom Content Denylist for Korea
The CAP policy for Korean custom content now effectively blocks files sent via browsers. This update ensures accurate detection and blocking of Korean-language files.		 368220 00419610
CAP Improved Scanning for swisstransfer.com Data Transfers
The EPP agent has been updated to ensure accurate scanning of data sent via swisstransfer.com.		 368729 00429663
CAP Enhanced Policy Enforcement with OCR Configuration
The policy enforcement has been improved to ensure that image files are accurately blocked by the EPP client when OCR is enabled, regardless of the content. This refinement addresses previous limitations by allowing stricter adherence to image blocking policies without relying solely on detected text content.		 370034
CAP Stability Enhancement for Ubuntu 18.04 Linux Clients Handling File System Events
Enhancements have been made to prevent crashes in Linux clients when generating a large number of file system events. Implementing a thread pool addresses the issue of reaching thread count limits, ensuring system stability while handling extensive file operations on removable devices. This improvement optimizes performance and reliability on Ubuntu 18.04.		 371646 00432785
CAP Resolution for Application Denylist Parameters
The application denylist has been refined to ensure consistent operation regardless of parameter case sensitivity. Previously, rules with uppercase command line arguments were ineffective, but this update ensures applications are properly blocked irrespective of parameter casing. The fix applies to both Windows and macOS environments, enhancing reliability and functionality in diverse setups.		 373725
CAP Resolution of File Shadowing Issue with Printer Names
The EPP system now supports file shadowing for CAP policies irrespective of the characters used in printer names. Previously, special characters like “:” in "http://10.0.1.10 could block shadow creation, compromising the handling of confidential content. This update ensures consistent shadowing functionality, accommodating complex printer names without disrupting operations.		 374363 00427161
CAP Enhanced Stability for EPP Client on macOS
The update addresses EPP client crashes during app control by improving the handling of multiple security events. By optimizing message processing, the client now operates smoothly without interruptions when utilizing CAP policies to block applications on macOS.		 374276 00428724
CAP Resolution of CAP File Shadowing Issue
The update ensures images are properly shadowed according to CAP policies, addressing previous issues where JPEG uploads were not shadowed despite monitoring on macOS and Linux environments.		 376510 00426339
CAP Enhanced Clipboard Image Blocking on Windows
The update ensures clipboard images are blocked effectively under CAP policies on Windows 10 and 11, resolving prior inconsistencies when reporting sensitive information.		 376539
CAP Enhanced Git Upload Blocking on macOS
The update addresses the ability to block uploads to “GitHub” using the native Git application on macOS when “Intercept VPN Traffic” is enabled in DPI. This ensures commands over HTTP remotes are effectively restricted under CAP policies.		 377208 00430839
CAP Enhanced Regex Functionality in CAP Policies
The latest update resolves issues where not all regex patterns were applied in CAP policies, leading to unblocked transfers. The EPP client now consistently applies multiple regex patterns as defined by administrators, ensuring all relevant transfers are properly monitored and blocked when conditions are met.		 380070 00438983
CAP Enhanced Stability for Notifier Under Clipboard Spam
Improvements have been made to ensure the Notifier maintains stability even when subjected to excessive clipboard copy commands. The update prevents freezing, ensuring smooth functionality when clipboard filtering policies are active on Ubuntu 22.04 with recent client versions.		 380341 00435758
CAP Correction for CAP Report Item Count Accuracy
An update has been applied to accurately reflect item counts in CAP reports, ensuring reported logs match the set policy criteria. This resolves discrepancies where fewer items appeared than expected, aligning displayed counts with actual detection results.		 380525 00427620
CAP Reduction of False Positives for Rippling.com
Enhancements have been made to CAP policy configurations to significantly reduce false positive threat reports while browsing rippling.com. Adjustments improve the accuracy of detection for personal and sensitive data, ensuring more reliable results.		 380588
CAP Improved Regex Support for International Characters
This enhancement ensures that content with international symbols, such as Chinese characters, is accurately matched against defined regular expressions, addressing customer concerns.		 382013 00440150
CAP Resolution for Google Meet Performance Issues on macOS
Enhancements have been made to address performance issues in Google Meet sessions on macOS, ensuring smooth connectivity and functionality for video and audio.		 382020 00429561
CAP Resolution for Slowness in WebStorm Application
Adjustments have been made to CAP policy settings to address slowness experienced in WebStorm and PyCharm applications. The issue was linked to the network share exit point; modifying these settings ensures normal application performance without compromising functionality.		 385321 00437363
CAP Printing Delay Issue Resolved in Special Browser Pages
Fixed a printing delay issue where the “Block Print from Browsers” feature caused hangs when printing from special Chrome pages. This update ensures prompt printing on Windows with Edge or Chrome browsers.		 388233 00445778
DPI Reduction of DPI False Positives Related to Cloudflare
The update refines DPI scanning to reduce false positives when browsing websites utilizing Cloudflare security measures like bot detection and CAPTCHA. It ensures more accurate monitoring, preventing unnecessary reports during routine navigation on various websites.		 384498
DPI Enhancement to DPI with “Intercept VPN Traffic” Capability on macOS
Addressed a limitation where DPI with “Intercept VPN Traffic” could not inspect network traffic for unsigned applications run from non-standard locations on macOS due to sandboxing restrictions. The update improves DPI’s ability to better manage applications launched from non-standard directories, though it may still face challenges without full permissions. Users are encouraged to maintain standard application paths to ensure proper functionality.
DPI Improved Enforcement for DPI Restricted Apps
The update strengthens DPI controls by ensuring that the “Bypass DPI Certificate Rejection by Third-Party Applications” setting does not apply to DPI-restricted apps like Git. This enhancement prevents unauthorized uploads to Git repositories with untrusted certificates, aligning functionality with CAP policies to consistently restrict intended operations.		 369796 00430839
DPI Reduction of False Positives in Google Meet Sessions
This update refines DPI functionality to prevent false positive alerts during Google Meet WebRTC sessions, ensuring accurate detection and reducing unnecessary noise in CAP policies configured for Brazil PII.		 378052 00423343
DPI Enhanced Scanning of File Uploads to m365.cloud.microsoft
The update improves DPI capabilities to scan and assess files uploaded to m365.cloud.microsoft, specifically targeting requests to graph.microsoft.com with URIs containing /drive/. This enhancement ensures sensitive data is detected and appropriately blocked during uploads from the HOME page, refining CAP policy enforcement for browser-monitored activities.		 384336 00442443
General HOTFIX: EPP Client Version 6.2.5.1004 Crash During Upgrade
Upgrading the EPP Client to version 6.2.5.1004 might result in a crash of EPPnotifier.exe due to a missing Microsoft redistributable DLL, causing the client to become unusable.		 395207 00449020, 00448903
CAP HOTFIX: Netwrix Data Classification: PDF Tag Support Issue
Fixing issue with the Netwrix Data Classification tags within PDFs were not extracted correctly.		 349046 00429414

5.9.4.2 Cumulative Upgrade Patch for Endpoint Protector Server 5.7.0.0 - 5.9.4.1

April 22, 2025

  • All updates, fixes, and new features introduced between versions 5.7.0.0 and 5.9.4.2.
  • The latest release of the Enforced Encryption (formerly Easy Lock) Client

Version 5.9.4.2 Released

April 3, 2025

Component Description Case # Escalation #
Security Security fixes
This release contains important security fixes for EE. For information on these security fixes, please visit this security advisory. All EE customers are advised to update.		 376907, 376911, 376835
Security Endpoint Protector Server Back End Components Refreshed
Upgraded backend components for JQuery		 3788110 431347
General Re-enabling license management on Netwrix hosted environment
License management functionality has been restored in the Netwrix-hosted environment		 377943
General Fix “Transfer Limit” alert not to be sent to the deleted administrators
Adjusted system configuration, now only the available administrator receives the Transfer Limit Alert. This targeted notification approach ensures timely and relevant updates are delivered to the appropriate personnel, streamlining alert management and response.		 344718 411953
General Alerts cache is not recreated properly
Resolved an issue with the alert caching system, where updates made to a CAP alert involving changes to selected computers and users were not properly reflected in the cache. Previously, editing an alert to uncheck or check machines did not result in a correctly rebuilt cache. With this fix, the alert cache will now be accurately regenerated to include all specified machines and users after any modifications.		 319858 416406, 409790
General Ensuring Proper Cache Regeneration After Alert Renaming
Fixed an issue where renaming an alert did not trigger the proper regeneration of the cache, leading to outdated or inaccurate information being displayed. With this update, whenever an alert is renamed, the system will now correctly regenerate the cache to ensure all data is current and reliable.		 348301 416406
General Correct Email Address Display in Alert History
Resolved an issue where the wrong email addresses were being displayed in the Alert History under Alert Details: Recipient across all alert types. This occurred when an alert was created using the “Check All” option in the Administrator section, which included deleted administrators. With this fix, the system now accurately displays the correct email addresses associated with active administrators in the Alert History.		 364793, 366029 426144
General Group selector improvement
Enhanced the functionality within the Computers and Users tables to ensure that selected items remain checked even after clicking the “select all” checkbox while using the search filter.		 358129 356518
General Improved Responsiveness of Dashboard Text
Addressed an issue where the text under the Modules section on the General Dashboard was not responsive, causing it to be overlapped by the Most Active Users section when the browser width was reduced to less than 1880px. With this update, the text is now fully responsive, ensuring clear and unobstructed display across all screen sizes.		 319927
Device Control Reliable Computer Name Updates for Mac and Windows
Resolved an issue affecting both Mac and Windows computers, where changes to the computer name were not being permanently applied. With this update, any computer name edits are now consistently saved and accurately reflected in the Computer List, ensuring reliable updates across both platforms.		 319856
Device Control Correct Handling of Serial Numbers with “&” in Custom Classes
Resolved an issue where adding devices to Custom Classes using the Bulk Import or New Device options resulted in incorrect handling of serial numbers containing the “&” character. This led to improper saving of these devices and misapplication of device rights. With this fix, serial numbers with “&” characters are now correctly processed, ensuring accurate saving and application of device rights.		 370345 430816
Content Aware Protection Results are not sorted when using specific filter in CAP reports
Improved sorting and filtering capabilities to allow results to be organized according to any specified column.		 351200 351168
Content Aware Protection MPIP reporting details
We’ve refined the reporting details for the Content Remediation Session Active log. Now, the ‘Items Type’ column prominently displays the ‘MIP Classification,’ offering clearer insight and a more organized view of your data management activities.		 355766
Content Aware Protection Denylists/Allowlists dictionaries import
Resolved an issue where an invalid .xls file import would incorrectly create a dictionary despite showing an error message. Now, the error “Import failed! Please use a valid .xls file!” will be displayed, and no dictionary will be created, ensuring accurate data handling and user notifications.		 359542
Content Aware Protection Resolved Export Issue in Denylists/Allowlists Sections
Addressed a problem affecting the export functionality in the Denylists/Allowlists sections, where exporting a dictionary containing 50,000 items would result in a “no results” message upon opening the file. This issue has been resolved, and exports will now correctly display all items as expected.		 359501
Content Aware Protection Fixed Misidentification of Microsoft Outlook as Microsoft Teams by Endpoint Protector Client
Resolved the issue where the Endpoint Protector Client was incorrectly identifying Microsoft Outlook as Microsoft Teams. With this fix, Microsoft Outlook is now properly recognized, ensuring accurate monitoring and protection for the correct application		 367917
Enforced Encryption Enhanced Security for Offline File Tracing with Enforced Encryption
We’ve enhanced the security of our Enforced Encryption feature, specifically when configured for “Offline File Tracing.” With this update, file encrypt/decrypt events are now securely encrypted, ensuring that offline file tracing events are uploaded to the server only after the user logs into Enforced Encryption (EE) with their password.		 362675

Version 5.9.4 Released

December 12, 2024

See the Endpoint Protector 5.9.4 Bug Fix List for a list of bugs fixed in this version.