Netwrix Endpoint Protector 2509 marks a major milestone with a refreshed server image, smarter automation, and enhanced security controls. Featuring dynamic Smart Groups, improved client management, expanded monitoring, and modernized upgrade workflows, this release empowers organizations to simplify administration, strengthen data protection, and maintain. This release also includes important information related to support updates and a new versioning schema.

Download Netwrix Endpoint Protector Server 2509 here!

Overview

With the release of Endpoint Protector 2509, we’re delivering one of the most significant updates in recent years—combining a major server image refresh with important new features, enhanced security controls, and an updated support policy.

This release is designed to do three things:

• Update your environment with a modernized appliance image that ensures compatibility, stability, and security.
• Streamline management through smarter automation, simplified client handling, and clearer versioning across the platform.
• Guide you through the transition with a structured upgrade path that takes you from earlier versions to 2509 smoothly and with minimal disruption.

The following sections walk you through what’s changing, why it matters, and how to take advantage of the new capabilities—from Smart Groups and client download enhancements, to expanded monitoring, DPI options, and a redesigned backup/restore process.

This release also changes:

• Versioning / Numbering format
• Support Policies going forward
• Patching and staying up to date requirements going forward

We strongly recommend reviewing this document end-to-end. By doing so, you’ll not only understand what’s new, but also how to successfully migrate and remain in Full Support after the 120-day transition window and then stay in full support after 2509 is in place.

Tip: You will be downloading 2509 Server, updated EasyLock pieces and previously shipping Client pieces from https://www.netwrix.com/my_products.html. Then locate Netwrix Endpoint Protector. You can also re-download your EPP license key here, as explained in this document.

Support Update

With the release of Netwrix Endpoint Protector Server version 2509, we are aligning our support policies to ensure that you benefit from the latest security, performance, and compatibility enhancements.

Why This Version Matters:

• Exclusive Full Support: Version 2509 will be the only version eligible for Active support after a 120-day transition period.
• Action Required: All previous Endpoint Protector Server versions enter Limited Support immediately. To maintain full support, transition to version 2509 is necessary within the 120-day period. After the Limited support period, all previous versions will transition to Discontinued support.
• Future-Ready: Benefit from ongoing updates, including the newest features and critical security patches.

By upgrading to version 2509, organizations can ensure a robust and reliable Endpoint Protector environment. Make this transition part of your IT strategy to stay updated and secure.

Please also read these important communications:

• Endpoint Protector SaaS Customers: Policy Change
• Client & Agent Supportability Statement here on Community (Note: This will also soon be published at docs.netwrix.com → Endpoint | Endpoint Protector | Supportability | Client Statement
• Server Supportability Statement here on Community (Note: This will also soon be published at docs.netwrix.com → Endpoint | Endpoint Protector | Supportability | Server Statement)

Toward the end of this document is the overview of the Upgrade Process, which links to a full step-by-step guide for all customers who are using Endpoint Protector server 5.7 or later to successfully transition to Endpoint Protector 2509.

For assistance with upgrading and support during the transition, please contact Netwrix Support.

Important: Licensing Changes for Endpoint Protector Server 2509 (Action Required for On-Prem Self/Hosted Customers)

Tip: Customers using Netwrix Endpoint Protector SaaS may safely ignore this section.

Action Required
2509 uses an updated license format. You must verify now whether your license file is in the new format and then re-import the license.

Do I need a new license?

• Issued on or after January 1, 2025 → Already likely in the updated format. Typically no new license required.
• Issued before January 1, 2025 → Likely legacy format. Request a refreshed license.

How can I see if my license is the correct type?

1. See if your key is present in the Netwrix My_Products portal underneath the Netwrix Endpoint Protector category. Then click Download License like what is seen here.

Tip: Alternatively, search your administrative mailbox for the original license message from “CoSoSys” or “Netwrix.”

2. Open your license .txt file.

   • If it ends with a field like:

     ...,"modules":["DC","EL"],"php_els":"<your-unique-value>"}
     

     → You’re on the updated format.

   • If php_els is missing (or you can’t find the file) → request a refreshed license.

What if I don’t update the license?

Some underlying OS components will not upgrade until you import a license that includes php_els. For full platform currency, plan to re-import the updated license post-restore.

How to get/compare a refreshed license?

• Open a ticket using the Netwrix Support Portal with subject:
  “License refresh for Endpoint Protector 2509.”
• Attach your current license if available.

Recommended:
Locate your prior license email from “CoSoSys” or “Netwrix.” When you receive the refreshed file, confirm it includes php_els and that the fields match your original license and entitlements.

Confirm the following fields:

• Support
• Number of endpoints
• Start Date / End Date / Validity
• Package Type
• Modules

If any values don’t match, do not import. Reply to the ticket and reference the discrepancy to have it corrected.

Introducing a New Versioning Format for Enhanced Clarity and Flexibility

We are pleased to announce a significant update to our server and client versioning system, designed to provide greater clarity and flexibility.

Indeed, this version of Endpoint Protector server is referenced as 2509, but its full reference number (at initial release) would be most properly expressed as 2509.0.1.0.

The new versioning format uses a structured approach that reflects the release year, month, target platform, and build specifics. This change aims to streamline your experience and align with industry standards for version tracking.

Key Aspects of the New Versioning System

• Structured Format: Version numbers now follow the format:
  YYMM.O.C.B

  • YYMM = release year and month (e.g., 2603 = March 2026).
  • O = target platform/component:
    • 0 = Server
    • 1 = Windows Client
    • 2 = Mac Client
    • 3 = Linux Client
    • 4 = Combined Win-Mac Environments (EE)
  • C = custom/fork/build increment:
    • 0 = internal
    • 1 = standard releases
    • 2+ = customer-specific builds or hotfixes
  • B = optional build number for internal tracking

• Consistency Across Interfaces: This versioning format is applied across all UI pages where version numbers appear, including dashboards, reports, maintenance tools, and the EPP Client Notifier.

Examples of the New Versioning

With this enhancement, our goal is to enhance your workflow by providing a transparent and easily navigable versioning system.

What’s New in Endpoint Protector: Enhancements, Flexibility, and Smarter Management

Endpoint Protector continues to evolve with a set of impactful updates that enhance security, streamline management, and improve user experience. These changes touch every part of the platform—from client software handling and dynamic grouping of assets to expanded monitoring, network configuration flexibility, and backup/restore improvements for smooth server transitions.

The common thread across all these updates is control and clarity: giving administrators more powerful tools to deploy, manage, and secure their environments, while maintaining the reliability and compliance standards required in today’s IT landscape.

In this release, you’ll see:

• Simplified client download and upload workflows via the Netwrix Portal.
• Introduction of Smart Groups for automated, rules-based asset management.
• Expanded application monitoring in Content Aware Protection.
• New DPI configuration options and improved protocol management.
• Better visibility into remediation events and support for encrypted PDFs.
• A full refresh of translations for better international support.
• A modernized, more resilient backup and restore process for transitioning to version 2509.

Together, these updates ensure Endpoint Protector is not just keeping pace but setting the standard in endpoint data security, compliance, and operational efficiency.

Enhancements to Client Downloads and Uploads in Netwrix Portal

We are excited to announce pivotal updates to how Endpoint Protector clients are downloaded and upgraded via the Netwrix Portal. This enhancement aims to streamline the process for both online and offline environments, ensuring secure and efficient management of client versions.

Key Changes:

Download Client Software

• Dedicated Download Section: Accessible under System configuration → Client Software page (seen here). The client software is now accessible directly from the Netwrix My Products Portal, allowing users to configure and download clients specific to their operating system with a simple click.
• Security Measures: All downloaded clients are digitally signed with a SHA-256 certificate from a trusted Certificate Authority. Verify integrity with signtool.exe for Windows or codesign for macOS.
• Enforced Encryption Client: Available for direct download without additional metadata, ensuring straightforward access for administrators.

Upload Client Software

• New Upload Interface: Found under System configuration → Client Software Upgrade. A dedicated section for uploading updated clients ensures seamless integration with existing upgrade processes. Users can upload the client version to their own EPP environments securely.
• Version and OS Compatibility: Mandatory specification of client version and operating system ensures compatibility, aiding in the smooth execution of upgrade jobs.
• Security Validation: Uploaded clients undergo hash validation to ensure integrity, rejecting any upload with mismatched hashes.
• Termination of 32-bit Support: Support for 32-bit Windows clients has ended.

Impact on Enforced Encryption

• Upload Functionality: Exclusive section for uploading EasyLock clients compatible with Windows or macOS, maintaining connectivity and security standards.
• Automation Changes: Automatic updates are now manual, requiring clients to be uploaded to the server before deployment can commence, ensuring better control over client distributions.

IMPORTANT
When migrating from an old server to a fresh EPP Server deployment, ensure that you upload the new EE Clients first to prevent potential errors following the backup restoration process.

These enhancements mark a significant step toward more secure and flexible management of your Endpoint Protector clients, offering streamlined processes and increased security measures. We encourage users to engage with these new features to optimize their IT environment management.

Dynamic Smart Groups for Enhanced Management

We are excited to introduce Smart Groups, a powerful new feature designed to streamline the management of computers and users within your organization. Smart Groups dynamically organize entities based on configurable rules, offering a flexible and automated way to structure and manage your IT assets.

Key Features Include

• Dynamic Grouping Criteria: You can Define membership for computers and users using criteria such as Computer Name, Username, IP Address, Department, OS, and more. Build custom groups based on specific conditions with wildcard pattern matching.
• Automated Assignment: Smart Groups automatically update membership as organizational changes occur, ensuring all entities are sorted into the correct group. New entries that do not meet any Smart Group criteria are assigned to Default Groups for easy tracking.
• Simple Group Management: Quickly enable or disable Smart Groups from the System Settings. Create and configure Smart Groups with ease, utilizing up to 15 custom rules per group.
• Efficient Synchronization: Enhance system performance by managing dynamic entities with scheduled and ad-hoc synchronization options, allowing on-demand updates without impacting overall performance.
• Seamless Integration: Automatically convert existing group rules to the Smart Group format upon system upgrade without losing functionality.

Quick Start Guide

1. Enable Smart Groups: Activate the Smart Group feature within System Configuration and watch as dynamic defaults organize your assets.
2. Create Custom Groups: Use expression-based rule definitions to tailor entities into groups relevant to your operational structure.
3. Monitor and Adjust: Utilize the sync functionality for real-time updates and ensure all entities are correctly assigned.

Smart Groups offer greater control over your asset management processes, turning manual monitoring into an automated system, offering insights and efficiency. Enable Smart Groups today and experience enhanced organization and control across your IT environment.

Enhanced Application Monitoring in Content Aware Protection

With the latest update of Endpoint Protector, we are pleased to announce the expansion of our application monitoring capabilities to include additional platforms, strengthening your data security and compliance measures across the organization.

New Applications Monitored

(Available with the upcoming 2510.x.1.0 Windows-specific Client Release)

• WeCom: Ensure compliance and security for communications within WeCom, supported on Windows and macOS.
• BOX: Enhanced visibility for the new native BOX sync app for Windows and macOS.
• Slab: Enhancing visibility over file exchanges within this application.
• Asana: Enhancing visibility over file exchanges with the Asana application.

This expansion of monitored applications reflects our ongoing commitment to addressing complex data security needs and providing detailed oversight of digital communications. By integrating these applications into Content Aware Protection, Endpoint Protector ensures that your organization’s sensitive data remains protected, regardless of the platform used.

Note:
This release also cleaned up obsolete and discontinued applications in the Server UI.

New DPI Bypass Option for Enhanced Network Traffic Management

We are introducing a new option for Deep Packet Inspection (DPI) Bypass feature designed to improve network traffic management while connecting to VPNs on Ubuntu systems. This update enhances flexibility for Linux users, providing a secure and efficient way to handle network interactions.

Feature Details

• Location: Device Control → Global Settings → DPI Configuration
• Toggle Switch: Enables/disables DPI bypass for unidentified applications (especially useful with VPNs on Linux).
• Default Setting: Off, ensuring backward compatibility.
• Platform Support: Applies to EPP Clients for Linux, version 2.4.5.x or higher.

Introducing HTTP/2 Toggle in DPI Configuration

We’re adding a new “Enable HTTP/2” toggle in:
Device Control → Global Settings → DPI Configuration

• Default: Off (for backward compatibility).
• Purpose: Activates HTTP/2 support in DPI. If negotiation fails, it falls back to HTTP/1.
• Tooltip: “Experimental feature: Enables DPI HTTP/2 support. Requires EPP Clients after 2508.x.x release.”
• Internal Setting: allow_http2_negotiation (values: 0 or 1; default = 0 if not present).

This feature provides greater control and flexibility in protocol management.

Enhanced Detection for Encrypted PDF Files

We have introduced a new feature to help distinguish between encrypted and non-encrypted PDF files within Endpoint Protector policies.

• Feature: New checkbox for “Encrypted PDF.”
• MIME Type: application/encrypted-pdf
• Purpose: Allows policies to block encrypted PDFs specifically.

Note: This feature requires:

• EPP Windows Client 2510.1.x.x
• macOS Client 2510.2.x.x
• Linux Client 2510.3.x.x

This update enhances your ability to manage document security more precisely.

Introducing Capability to Distinguish macOS Airdrop Incoming vs Outgoing Traffic

We’ve enhanced Airdrop management on macOS by distinguishing between incoming and outgoing traffic. This advancement allows administrators to control data transfers with greater granularity.

Note: Requires EPP Clients version 2510.x.x.x or later (upcoming release). Customers who want to cover both directions must update their CAP policy to include both Airdrop options.

Full Update of German Translations

We’ve completed a comprehensive update of German translations across Endpoint Protector server.

This ensures accurate and contextually appropriate localization, improving usability and experience for native speakers.

On-Prem / Self-Hosted: Endpoint Protector Upgrade Process & Supportability to Version 2509 (Summary)

Tip: Netwrix Endpoint Protector SaaS customers may safely ignore this section.

2509 is a major server image update and is only available as a new full appliance image. In-place upgrades are not supported.

After a 120-day transition, 2509 is the only version in Full Support.
All prior versions move to Limited Support immediately and then to Discontinued after that window.

Required Upgrade Path (Overview)

1. If you’re on 5.7 or later, upgrade to 5.9.4.2 first.
2. Back up your 5.9.4.2 configuration. (Optionally export Logs and File Shadows offline; they do not restore to the new server.)
3. Deploy a new 2509 server image.
4. Restore the 5.9.4.2 backup onto 2509.

IMPORTANT
Only 5.9.4.2 backups are accepted by 2509.

Important Notices for customers

• Logs and File Shadows are not migrated. See docs for exporting to offline backups.
• EE customers using the same IP method should see automatic client switch-over once the backup is imported.

How to Get Comprehensive Guidance
Full step-by-step guidance is available in the official migration guide.

Final Thoughts

The 2509 release is more than just an incremental update—it is a milestone that modernizes the Endpoint Protector platform, aligns support policies, and introduces features designed to simplify management and strengthen security.

With improvements spanning client handling, smart automation, application monitoring, and migration workflows, this release ensures administrators have both the flexibility and control needed to protect their environments effectively.

We strongly encourage all customers to plan their transition to 2509 within the 120-day support window to maintain full coverage.

Take advantage of the new features, streamlined processes, and enhanced resilience offered in this release, and make 2509 part of your long-term IT and security strategy.

For detailed guidance on migration steps, feature adoption, or to address issues during the upgrade process, consult the documentation or contact Netwrix Support.

Upcoming Deprecations

Current Deprecations

BUGS / ISSUES FIXED

Known Limitations

Need help with this update?

There are many different ways to get help with our products!

What are your thoughts?

We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!