Introducing Netwrix Endpoint Protector Client Version 2602! In this release you’ll find newly rebranded screens and colors, DLP for LLM support for new AI chat applications, bug fixes. and more!
Want the full details? Click the link below!
What’s new?
Updated Versions of components provided with this release:
Windows Client: 2602.1.1.1
Mac Client: 2602.2.1.1
Linux Client: 2602.3.1.0
Browser print plugin: 1.11
Outlook add-in: 1.0 (not changed)
Enforced Encryption: 2602.4.1.0
IMPORTANT: This release announcement pertains only to the EPP Client and does not affect EPP Server versions. It focuses exclusively on changes to the EPP & EE Client.
Note: The 2602 Clients have been tested in conjunction with the 2510 and 2601 EPP Servers, as well as EPP Unify 7.4. For optimal performance, we recommend using these clients paired with the corresponding server versions. Please note that these clients are incompatible with older EPP Server versions due to the implementation of a new versioning schema. Please refer to the announcement article.
Important Note: Customers who utilize the embedded EPP Server Client upgrade feature and are running EPP Clients older than version 5.9.4.3 must first upgrade their EPP Client to release 5.9.4.3 as a mandatory prerequisite before proceeding to the 2602 upgrade. This requirement is due to essential Netwrix certificate changes, and failure to do so will result in unsuccessful EPP Client upgrades. Please refer to article in migration procedure.
What’s new:
General:
Netwrix Visual Rebranding
Netwrix has introduced cohesive visual rebranding across all Netwrix products, cloud and on-premises. This update simplifies the user experience and enhances brand recognition, providing administrators and end users with a consistent look and feel.
For EPP Clients, these changes affect EPP Notifier and EE Clients on all platforms.
Expanded AI Interaction Visibility and Control: Data Loss Prevention for LLMs
With this release, Endpoint Protector continues to lead in Data Loss Prevention by expanding visibility and control over interactions with emerging AI chat applications. In addition to existing coverage for popular tools like ChatGPT, Microsoft Copilot, Google Gemini, DeepSeek, X Grok, and Claude, we have now added protection for:
- perplexity.ai,
- meta.ai
Note: Integration with meta.ai does not extend to the meta.ai agent embedded in meta applications such as Facebook, Messenger, and WhatsApp due to end-to-end encryption dependencies.
This extension ensures organizations can securely manage sensitive data across an even broader spectrum of AI platforms—whether content is typed or attached—empowering precise control over who can engage with AI prompts in web applications. Our latest improvements reinforce our commitment to supporting secure, compliant, and innovative use of artificial intelligence in modern enterprises.
As AI-driven communication and collaboration evolve, Endpoint Protector remains dedicated to providing cutting-edge solutions that address the dynamic challenges of data security, enabling organizations to confidently embrace the future of technology.
Hidden Icon client mode enhancements
A new option, ‘Show notifications in Hidden Icon mode’, is now available. This setting allows you to hide EPP traces from the operating system—such as icons or EPP Notifier—but still enables user interaction via the prompting mechanism.
Note: For full functional coverage, an upcoming EPP Server 2603 or higher version will be required.
Granular Bluetooth device control for Linux:
Linux now supports the same granular Bluetooth device control as macOS and Windows. Administrators can selectively block Bluetooth devices by category – radio, tablet, keyboard, mouse, smartphones, headphones, and others – providing consistent control across all platforms.
Enhanced macOS to Android file exchange over Bluetooth.
Bluetooth file transfers on macOS are supported with Android phones, while iPhone users can continue sharing files using AirDrop.
Note: For full functional coverage, an upcoming EPP Server 2603 or higher version will be required.
New PII updates
- Added predefined pattern for US California Driving License.
- French SSNs can now be validated even when written with spaces between digit groups, matching formats commonly found in real-world documents (e.g., S YY MM LLL CCC K).
- Updated the Belgium ID detection algorithm to properly handle large number calculations by ensuring the appropriate data type is used, improving detection accuracy and reliability.
- Indian phone number validation updated to require area code grouping whenever separators (space/dash) are used: area code must be a distinct group, with only one dash permitted after the area code and no single-digit groups allowed (e.g., 120-2123456, 120 2123 456)
This expansion of monitored applications demonstrates our commitment to meeting evolving data security requirements and supporting comprehensive oversight for digital communications and compliance.
New Applications monitored
- Yandex browser is now monitored on both Windows and Linux, expanding coverage.
This expansion of monitored applications demonstrates our commitment to meeting evolving data security requirements and supporting comprehensive oversight for digital communications and compliance.
Note: For full functional coverage, an upcoming EPP Server 2603 or higher version will be required.
HEIC Images Support in OCR on Windows.
We have introduced support for the HEIC file type in OCR processing on Windows. This enhancement allows the system to efficiently handle HEIC images, expanding the range of file types that can be processed with OCR capabilities.
Enforced Encryption usability improvement for 1+ Non–Read Only drives
A launch button has been added in the agent interface for drives configured in 1+ Non–Read Only mode, supporting CMMC requirements. This allows users to close and relaunch Enforced Encryption without ejecting and reconnecting the drive, improving overall usability.
Bugfix list:
The following table contains a comprehensive list of updates and fixes introduced in this version:
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Security | Endpoint Protector Components Refreshed Upgraded components for Libmagic, OpenSSL | 398993, 400329, 405642 | |
| Security | **Executable renaming to reduce false positives **BrowserBroker.exe has been renamed to EppExtensionHost.exe to eliminate false positive virus detections (CVE: Win32:CVE-2019-0566-A) in the EPP client archive. The new name has been verified and no longer triggers alerts on VirusTotal. Note: Please update your antivirus exclusions to reflect the new executable names. | 408618 | 00463758, 00461324 |
| General | Enhanced tamper protection against forced uninstallation Strengthened tamper protection to prevent EPP Client uninstallation using third-party tools such as Revo Uninstaller and IOBit Uninstaller, even when uninstall password and tamper mode are enabled. Additional improvements were made to better handle uninstallation attempts when offline. | 320104 | |
| General | Improved IPv6 communication between EPP Client and Server Fixed an issue where the EPP Client installer did not accept IPv6 IP addresses and required DNS AAAA records instead. The EPP Client now supports binding to both IPv6 IP addresses and DNS records across all platforms. | 408636 | |
| DC | **Enhanced mobile device control on macOS **Mobile device blocking for iPhone and Android devices on macOS is now more reliable, ensuring devices are consistently restricted from mounting in Finder and other applications. This update simplifies configuration, improves consistency, and provides effective control without impacting device charging. | 407826 | 00460417 |
| DC | **Improved compatibility with Axpert application when File Tracing is enabled **Resolved an issue where enabling File Tracing caused the Axpert application to fail to open. Axpert now runs correctly with File Tracing enabled. | 408967 | 00456905 |
| DC | Audio device permission handling improvement on Windows Resolved an issue where manually disabled audio devices were automatically re-enabled by the agent when permission was set to Allow. Disabled devices now remain disabled as expected, and inactive states are no longer intercepted. | 409970 | 00460253 |
| DC | mproved detection and monitoring of HID devices in EPP Resolved an issue where devices with specific HID identifiers (e.g., HID_DEVICE_UPR:xxxxxx, PID: xxxxx, VID: xxxx) were recognized in Device Manager but not detected by Endpoint Protector, even when USB device access was restricted. These HID devices are now properly detected and monitored by EPP. | 413877 | 00433152 |
| CAP | **Improved OneDrive differentiation without DPI **EPP client can now distinguish between OneDrive Business and OneDrive Personal on macOS and Windows without relying on DPI. This update enables more precise monitoring, allows DPI to be disabled for OneDrive | 409112, 369333 | 00429530 |
| CAP | OCR text handling in EPP client logs Previously, OCR-extracted text from image files was logged in the EPP client log during debug mode, even when obfuscation was enabled. Logging of OCR text during hashing scans has now been suppressed to prevent potential exposure of confidential information. | 409223 | |
| CAP | OCR clipboard blocking reliability on macOS Corrected an issue where images containing sensitive content were not blocked when pasted into Teams, Slack, or email in monitored browsers on macOS, despite CAP clipboard restrictions and OCR being enabled. Images are now properly blocked and reported according to policy settings. | 320056, EPP-8651 | 00421283 |
| CAP | Web Dropbox file upload blocking behavior improvement Resolved an issue with web Dropbox where files containing confidential information, when blocked by CAP policy with DPI enabled, would remain in a syncing state and could not be canceled, ultimately being uploaded after about 90 seconds. The blocking process now properly prevents upload and allows users to cancel the transfer without needing to close the browser tab. | 320096, 409083 | |
| CAP | Improved CAP policy enforcement for special characters Resolved an issue where CAP policies failed to block strings containing special characters, such as Korean driving licenses, when using clipboard restrictions. These patterns are now correctly detected and blocked according to policy settings. | 345111 | 341233 |
| CAP | Clipboard monitoring performance improvement for Excel on Windows Resolved delays and interface freezes when performing copy/paste operations on large Excel files with clipboard monitoring enabled, ensuring smoother user experience. | 345857, 403888 | 00455431, 00435855, 340648, 00445881 |
| CAP | Improved compatibility with OneDrive on macOS under CAP policies Resolved an issue where OneDrive for macOS could fail to start if EPP client blocked access to certain configuration or database files due to CAP policy settings. OneDrive now starts reliably when CAP policies are applied. | 346410 | |
| CAP | Improved file shadow upload performance for Mac Mail and Printers Addressed delays where file shadows from Mac Mail app or printing actions took excessive time to upload to the server with DPI and file shadowing enabled. File shadows now upload promptly as expected. | 346488 | |
| CAP | Correct CAP policy enforcement for browsers with URL categories enabled and DPI disabled Resolved an issue where CAP policies did not block files in browsers when URL categories were enabled but DPI was disabled. Files are now correctly blocked as expected in this configuration. | 357464 | |
| CAP | Obfuscation of email subject in logs and UI Resolved an issue where email subjects containing confidential data were written in plain text in EPP client logs and displayed in the server UI, even with obfuscation enabled. Subjects are now properly obfuscated in both logs and UI across supported platforms. | 363919 | |
| CAP | Content Aware Report accuracy with Print Screen blocking policies Resolved an issue where print screen events blocked by CAP “Block Only” policies were still displayed in the Content Aware Report table. Events are now correctly excluded from reports as expected. | 399803, 409874 | |
| CAP | Correct application identification for cloud file uploads with DPI disabled Resolved an issue where uploads to Microsoft Teams were incorrectly detected as Outlook (Attachments) in Content Aware Reports when DPI was disabled. Reports now display the correct application as expected. | 399904 | |
| CAP | Improved CAP enforcement for blocking source code printing Resolved an issue where source code could still be printed from Notepad despite CAP policies configured to block such actions via printers. Printing of source code is now correctly blocked according to policy. | 403776 | 00429095 |
| CAP | Improved OCR detection of threats in images attached via Outlook on Windows10 Resolved an issue where threats in images sent as Outlook attachments were not detected or reported when OCR was enabled. Image threats are now properly identified and reported. | 403928 | 00451505 |
| CAP | Improved file remediation handling for AI chat uploads Resolved an issue where files sent via AI chat platforms such as Copilot and ChatGPT required multiple rounds of remediation due to being detected as different file types. Remediation now works as expected and files can be successfully sent after the first action. | 405948 | |
| CAP | Shadow icon accuracy in remediation logs without file tracing Resolved an issue on Mac and Linux where the shadow icon was missing from “Content Remediation Session Active” logs when CAP shadowing was enabled but file tracing was turned off. The shadow icon now appears correctly when files are found on disk during remediation. | 408907 | |
| CAP | **Improved CAP enforcement for Slack installed from Microsoft Store or msix package **Resolved an issue where file uploads in Slack installed via Microsoft Store or msix package were not monitored or blocked by CAP policies when DPI was disabled. Uploads are now correctly blocked and reported according to policy settings. | 408926 | |
| CAP | Resolved infinite print loop with Palo Alto Cortex and EPP Agent on macOS Fixed an issue where printing files flagged by a Report Only CAP policy resulted in an infinite print job loop when both Palo Alto Cortex and EPP Agent were installed on macOS. Printing now completes as expected without repeated restarts. | 408964 | |
| CAP | OCR scanning for image attachments in Outlook on macOS Resolved an issue where image files attached in Outlook were not OCR scanned and therefore not blocked according to policy. Image attachments are now properly scanned and blocked when containing threats. | 409464 | |
| CAP | Correct case-sensitive detection in custom denylist dictionaries Resolved an issue where case-sensitive custom dictionaries did not properly detect threats when words appeared in different capitalization formats. Files are now scanned and threats are reported accurately according to case sensitivity settings. | 409559 | 00462396 |
| CAP | Accurate application detection for paste restrictions in EPP Notifier Resolved an issue where paste restrictions incorrectly reported Outlook instead of Teams when the Teams application process was detected as msedgewebview2.exe. Paste actions are now accurately attributed to the correct application in logs. | 409573 | 00462638 |
| CAP | **Improved detection of image files in ZIP archives for CAP policies **Resolved an issue where image files within ZIP archives uploaded through web browsers were not detected or blocked when DPI and OCR were enabled, allowing policy bypass. CAP policies now properly inspect and enforce restrictions on images inside compressed archives. | 410071 | |
| CAP | Notification template handling for long or multi-byte policy names Resolved an issue where notification templates failed to display correctly if the CAP policy name exceeded the byte limit or contained multi-byte special characters. Notification templates now display as expected for policies with longer or special character names. | 410695 | 00463434 |
| CAP | Excess WebUpload Logs Generated for Specific Websites Resolved an issue where EPP generated excessive WebUpload logs when users accessed certain websites (e.g., geeksforgeeks.org, trendyol.com, shop.mango.com). This occurred because background site requests with text content were being reported as text file uploads. The new build includes additional conditions to automatically ignore scanning such requests on these websites, addressing the customer’s concern. | 366638 | 00419396 |
| DPI | Improved QUIC protocol management for Firefox on macOS QUIC protocol management for Firefox now works for installations in both the default location and user-specific Applications folders under /Users on macOS, covering more common usage scenarios. | 410476 | |
| DPI | Improved website compatibility with Stealthy DPI Connection handling in the Stealthy Deep Packet Inspection (DPI) connector has been improved to support successful loading of websites like https://sma.bobcard.co.in, resolving issues with connection failures caused by improper disconnect timing. | 411528 | |
| DPI | File hash and shadowing reporting for recently modified files Resolved an issue where file hashes and shadowing were not performed for files that had just been modified, due to timing between hash calculation and request scanning. Enhancements to scanning order now ensure that files correctly appear in Content Aware Reports with their hash and download shadows. Further improvements are planned to minimize such cases and optimize reliability. | 319819 | |
| DPI | Network connection stability improvements in DPI on macOS Addressed rare issues on macOS where network connections could be dropped or routed incorrectly when DPI was enabled, particularly under high system load or with many concurrent connections. Enhancements to connection list management and timing now ensure reliable downloads and accurate server routing. | 320037 | 00415587 |
| DPI | Correct file size reporting with DPI enabled for WhatsApp uploads Resolved an issue where file sizes and details were not accurately reported for files uploaded via WhatsApp when DPI was enabled. Reports now display correct file information and sizes as expected. | 345145 | |
| EE | Enforced Encryption deployment feedback improvement Previously, when attempting to deploy Enforced Encryption (EasyLock) on an EPP server with no EE client uploaded, users received a deployment notification but no feedback if installation failed. Now, the client displays a clear message if EasyLock cannot be deployed, improving user guidance in these scenarios. | 403653 | |
| EE | Immediate retrieval of Enforced Encryption settings on first ping Resolved an issue where the Enforced Encryption client received critical settings only after the second communication with the server. All relevant metadata is now updated promptly on the first ping across macOS and Windows EE. | 409484 |
Known Limitations
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| General | In newer Linux Ubuntu versions, the default installation of the ‘snap’ application for file access events in xdg Desktop portals is not supported by EPP Client. This may lead to unexpected behavior in File Tracing, File Shadow, CAP, and DPI due to missing file access events. | EPP-8735 | EPPSUPPORT-3198 |
| DC | Despite denying Bluetooth, Webcam, and iPhone access on macOS endpoints, the Continuity Camera issue persists in applications like Slack, Zoom, FaceTime, and Photo Booth, where the camera is not correctly blocked. | EPP-8781 EPP-6826 | |
| CAP | On certain Linux environments, particularly those using the Wayland protocol by default, paste control is constrained due to Wayland’s inability to detect the focused window, resulting in content blocking during the copy operation. | EPP-8510 | |
| CAP | An error is returned when enabling CAP and eDiscovery modules on a new server: ”An error occurred. Please ensure the Endpoint Protector Server has a functional Internet connection or that the required domain and ports have been whitelisted for outgoing traffic." This is not a blocking limitation, as the modules can be enabled after trying to click “Save” and enable them a second time. | ||
| CAP | File Shadow downloads from AWS S3 buckets, with concurrent File Tracing and CAP activation, may result in inconsistent behavior, displaying artifacts deleted in File Tracing reports but still available in CAP reports, and vice versa. | 320213, EPP-9023 | |
| EPP Client | With the release of EPP Client version 5.9.4.1, support for Windows XP, 7, 8, early builds of Windows 10, and Windows Server 2016 has been discontinued. To maintain EPP coverage on these systems, customers should continue using EPP Client version 5.9.4.0. Please note that no new features or fixes will be backported to this release. | 438053 | |
| CAP | Integration with meta.ai does not extend to the meta.ai agent embedded in meta applications such as Facebook, Messenger, and WhatsApp due to end-to-end encryption dependencies. | 410799 |
Discontinued
In this version no features of functionality were discontinued.
Upcoming Depreciations
List of features which will be discontinued in future.
| Component | Description | Case # | Targeted release |
|---|---|---|---|
| CAP | Contextual Detection under SYSTEM PARAMETERS will be discontinued in future updates and replaced by ‘Context Detection Rules’ in the ‘Content Detection Summary’ section of CAP Policies. | EPP-8941 | TBD |
| General | The File Shadow Maintenance feature, which provides functionality for listing and managing File Shadows stored locally on the EPP Server will be discontinued in future. | TBD |
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Endpoint Protector > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Endpoint Protector > Ideas |
| If you have something cool to show… | Show everyone what you built: Endpoint Protector > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!
