Netwrix is excited to announce the general availability of Netwrix Access Analyzer 12.0, our solution formerly known as Netwrix Enterprise Auditor. This release strengthens your ability to detect Active Directory risks — including vulnerabilities in Certificate Services — expands coverage to Azure Files, and streamlines administrative workflows to help reduce both risk and operational overhead.
Note to users: While the product name has changed, the user interface will be updated to reflect Netwrix Access Analyzer in a future release.
Want to be notified of future product updates?
Are you subscribed to this category? If not, or if you're not sure, expand me to see how!
What’s New in Netwrix Access Analyzer (formerly Netwrix Enterpise Auditor)
Enhanced Azure Security Insights
Netwrix Access Analyzer 12.0 delivers comprehensive security intelligence for Azure environments:
- Azure Files Scanning: Proactively identify and mitigate potential security risks by scanning file permissions and sensitive data.
- Visibility into Azure Roles and Permissions: Strengthen your Azure security posture by gaining comprehensive insights into Azure Roles, Role Membership, and RBAC. Track privileged access, identify stale roles, and detect unauthorized changes to critical administrative permissions before they pose a risk.
AD Certificate Services (ADCS) Vulnerability Detection
Protect your Active Directory from one of the most exploited attack paths — ADCS. Detect and address misconfigurations and vulnerabilities that could expose your domain to privilege escalation attacks, including:
- Misconfigured Certificate Templates: Identify templates that allow dangerous configurations, such as weak enrollment settings or overly permissive issuance policies.
- Insecure Access Controls: Detect misconfigured permissions on key ADCS objects, such as certificate templates, certificate authorities, and PKI objects, that could allow unauthorized access or privilege escalation.
- Improper Enrollment Agent Configurations: Highlight enrollment agent templates that could be abused to request certificates on behalf of other users.
- Vulnerable PKI Object Permissions: Identify weak access controls on PKI objects that could be exploited to issue rogue certificates.
- NTLM Relay Vulnerabilities: Detect configurations that allow NTLM relay attacks against AD CS HTTP endpoints.
- Malicious Certificate Managers: Expose certificate managers with excessive permissions that could be abused for unauthorized certificate issuance.
- Weak Backup Permissions: Identify overly permissive backup permissions that could enable attackers to compromise the CA database.
Enhanced Efficiency & Usability
-
File System Resiliency and Operational Improvements – Enhance system performance and stability with behind-the-scenes upgrades:
- Improved scan resiliency - File system scans now run in a dedicated process, continuing even if the main application crashes or experiences resource constraints.
- Simplified hotfix deployment: Fewer files and installers are required, making updates faster and easier to manage.
- Reduced errors and storage use: Removal of the StrucMap SQLite database decreases storage consumption and lowers the risk of errors during bulk imports.
-
Chart Building Wizard – Quickly visualize your security insights with a new report builder.
-
Consolidated Sensitive Data Discovery (SDD) Installer – Streamline deployment processes with a consolidated installation package that includes SDD, eliminating the need to run a separate installer to install or upgrade SDD components on the console, FSAA proxy servers, or SharePoint Agent servers.
Want to see it in action?
Check out this webinar where we will debut some of the new features in 12.0!
Bug Fixes and Miscellaneous Updates
(Expand each list to see the relevant bug fixes)
File System
File System
| Description |
Case Number |
| FS Weekend Activity: Performance Improvements |
385360 |
| Add index to improve activity details performance |
343257 |
| Update the FS_MIPLabeling instant job to execute on batches of files rather than one file at a time |
373758 |
| Update feedback for FS_MIPLabeling job |
373758 |
| Split MIP Labeling job into separate queries |
373758 |
| FSAC Exceptions job appears to run forever and fill up temp DB |
386346 |
| FSAC Exceptions: Unusual User Activity Excessive TempDB Usage |
386346 |
| SEEK probable owners job takes forever and Fills up temp db. |
385116 |
| FS_DLPResults job takes forever and Fills up temp db. (Sensitive Security Groups/Activity Details) |
385116 |
| FS_DLPResults- Share Details Excessive TempDB Usage |
385116 |
| FS_DLPResults performance issues |
385116 |
| FS_DLPResults- Probable Owners Arithmetic Overflow Error |
385116 |
| FS_DLPResults - Sensitive Security Groups - Arithmetic overflow error converting expression to data type int |
|
| FS_DLPResults - Probable Owners - Arithmetic overflow error converting expression to data type int |
393298 |
| Least Privilege jobs seems to run endlessly. |
382360 |
| Unusual Peer Group Share Activity Excessive TempDB Usage |
391621 |
| Modify “Update Statistics” analysis task to work without dbo privileges |
392696 |
| FSAC Retention Settings not being respected when changed in subsequent scans. |
386765 |
| Update FSAC Parser to use Win32 API when parsing SDDLs |
|
| SATagParser will possibly corrupt file when there is an error in loading an office XML file |
385796 |
File System Action Module
| Description |
Case Number |
| FS AM: Excel files with images may error when setting tags |
385796 |
| Fix Possible Null Reference Exception in new XML Tag Parser |
385796 |
| SATagParser.CLI.EXE has new logs output in the bin folder |
412177 |
File System Access Auditing (FSAA)
| Description |
Case Number |
| FSAA SDD LATS Preservation Skip Processes File Anyway (Misleading Log Message) |
379261 |
| FSAA: Bug when sending large amounts of data to the applet while also trying to get status info from the applet |
387868 |
| FSAA not properly handling the case where the proxy is busy |
388366 |
| FSAA Applet Shuts Down Inappropriately for all sessions when one scan session throws an exception |
|
| FSAA SDD fails to retrieve DLPEX files from remote server when using multiple SDD scan processes |
389917 |
| FSAA scans running out of memory while retrieving databases |
387868 |
| FSAA SDD: FS SDD Differential Scans: ‘Files modified since last scan’ not working for VAST Platform |
394245 |
| FSAA: Race condition during certificate creation (Single Proxy targeting multiple hosts) |
392430 |
| FSAA: Update Certificate Validation to Deny Self-Signed Certificates |
|
| FSAA SDD: File names with special characters not scanning with SDD |
400412 |
| FSAA Permissions: NFS scans (incorrectly) attempt to follow symbolic links when getting file metadata |
398352 |
| FSAA Permissions: Threading issues in NFS scans cause AVs/hangs in large environments |
398352 |
| FSAA Permissions: NFS scans fail when scanning multiple exports after fix for threading issues |
398352 |
| FSAA Permissions: Fix Memory Leak during Tag Collection |
414641 |
| FSAA Permissions: Disable dircache during NFS scans |
398352 |
| FSAA: Error reading ScanTime after proxy scan failure |
422068 |
| FSAA SDD: FS SEEK - FS memory leak with new SDD API |
394274 |
| FSAA SDD: Scans not logging actual file path on exceptions |
|
Sensitive Data Dicovery (SDD)
| Description |
Case Number |
| SDD: Scans Skip Password-Protected Files without warning |
425175 |
| SDD: Tika suppressing exceptions for subfiles |
425175 |
| SDD Skips password protected .ZIP files created through WinRAR without warning |
431940 |
Databases
SQL
| Description |
Case Number |
| SQL_PermissionsScan error |
387657 |
| SQL_Authentication report shows no sql logins despite the target hosts having sql logins and mixed auth |
390418 |
| Receiving LOCK error when trying to run SQL_DomainUserPermissions job |
391105 |
| Incorrect SQL_SQLLogins job description causing confusion |
396682 |
| SQL Sensitive Data Scan - Not Storing Detections |
418486 |
| SQL DC: Deadlock issue, scan not working |
435094 |
General Database
| Description |
Case Number |
| PgSQL SDD scans only collect from one database when multiple databases with the same name exist on the same server |
|
| Oracle Sensitive Data failing with a key violation |
366780 |
| SQL jobs not creating an instance column |
|
| Data type mismatch when running SDD for databases |
390326 |
| Propagate the global timeouts to the Effective Role Membership Provider |
388656 |
| SQL Permissions scan error - System.Data.SqlClient.SqlException (0x80131904): |
391830 |
| NEA for SQL AWS RDS not working |
400395 |
SharePoint
| Description |
Case Number |
| SP_Teams Activity summary reporting is empty |
403881 |
| SPAA: Azure ADI Group Lookups Fail during Bulk Import when using UPN |
|
| SPAC Retention Setting Not Working as Expected |
386765 |
| SPAA_Exceptions throwing error when Azure ADI views do not exist |
394475 |
| Direct Permissions - SP_UnresolvedSIDs Throwing Error When Azure ADI Views Do Not Exist |
394475 |
| SPAA Exceptions UnresolvedSIDs Using Incorrect TrusteeType Filter for On-Prem And Missing SIDs That Are Technically Deleted but Still Have a Resolved TrusteeType |
394475 |
| SP SDD doesn’t set SDDTempDir |
395310 |
| Activity USN is not incremented properly in SPAC scans |
391543 |
| SPAA: Handle Duplicate Trustees for Resolving Activity Resources |
|
| Improve Site Collection Tier 2 Lookup Queries for SharePoint |
390550 |
| SPAC bulk import SQL timeouts during activity resource resolution |
390550 |
| SPAA/SPAC FK violations during bulk import activity resolution |
390550 |
| SPAC Bulk Import re-imports already imported activity data |
390550 |
| SPAC Bulk Import - Performance Enhancement to eliminate updating activity events |
390550 |
| SPAC System Scan errors out despite fresh starting data |
400286 |
| SPAA Scans not processing files in OneDrives |
403195 |
| SPAA: Permissions resources inserted or updated by activity scans for resolution cause scans to inappropriately resume |
412254 |
| SPAC: Activity Resource lookup error |
412676 |
| SPAC: unknown SPO item types added as farm |
412676 |
| SPAA: Handle ActivityResourceManager stale site collection cache |
412676 |
| SPAA - improve index used on site collection lookup |
412676 |
| SPAA: Trustee mapping Performance improvement (12.0+) |
412676 |
| SPAC: Adding Activity Resources performance improvement |
424761 |
Exchange
| Description |
Case Number |
| Microsoft Alert - Migrate Your Application from ADAL to MSAL |
381182 |
| Errors in Exchange Online Job |
386627 |
| EX_MailboxAccess job encountering merge error |
390191 |
| AIC does not populate Perms data for Exchange. |
392444 |
| Fix duplicated permissions in the AIC |
392444 |
| Exchange Online - EX_Mailflow job - Local Domains query is failing |
394869 |
| Ex Mailflow collection errors |
393253 |
| Update AIC Import to account for deleted principals in trustee calculation |
390191 |
| Mailbox AIC Imports can be improperly typed as Folders causing permissions not to be displayed in the AIC |
390191 |
Active Directory and AzureAD Inventory
| Description |
Case Number |
| ADInventory DC: SA_ADInventory_UpdateMembers stored procedure changes affecting AIC |
|
| AD_DomainControllers Failing |
382145 |
| AD_DomainInfo Job failing |
376546 |
| AzureADI Import Custom Attributes cannot connect |
387300 |
| Error when collection Extended Attributes for Azure AD |
387300 |
| Error when collecting NULL valued attributes |
387300 |
| Error pops up “"none" is an invalid XMLNodeType. Line 1, position 15.” when configuring saved AD Action module |
387902 |
| Fix issue with AzureAD null creds on import screen |
390577 |
| AD_Domain_Controllers job failing with “An unknown directory object was requested, hr = 80005004” |
393630 |
| Errors with Sites query on AD_DomainInfo job |
396683 |
| ADI: Key Constraint on Effective Group Memberships |
400689 |
| Update computer column from DN of trustee to DN of the computer object in the object owner insert in LAPS job |
402113 |
| ADI Error “Length of the access control list exceed the allowed maximum” kills scan |
423205 |
| ADI: DC UI throws error when attempting to open DC Config |
424862 |
| EntraID Inventory failing with unique key constraint - Violation of UNIQUE KEY constraint ‘UQ_SA_AzureADInventory_Principals_ObjectId’. |
435677 |
Active Directory Permissions Analyzer (ADPA)
| Description |
Case Number |
| Fix timeout issues in ADPermissions |
369731 |
| Update ADPA jobs to handle NULLS |
369731 |
Access Information Center (AIC)
| Description |
Case Number |
| AIC - unable to select from “Access request” due to 50 row limit |
375094 |
| AIC - Processing changes for Entitlements review not working for a resource |
378714 |
| AIC Translation support - Fix AIC to follow browser’s preferred language order to enable Polish translation |
390010 |
| AIC: Resource Owners are seeing 403 errors when running resource audit reports |
394132 |
| Error in AIC when attempting to update resource owners |
397269 |
| AIC: SP Effective Access report throws a 500 error |
402861 |
| AIC 500 error when searching trustee and selecting “Include nested resources: 1 levels” |
402861 |
| AIC: 500 error - MemberOf-Path report |
402861 |
| AIC: “Sorry we are unable to complete this request” error when select certain groups in Member Of report |
402861 |
| AIC - Deleted Trustee retuning NULL value |
417199 |
| AIC Owner Review - Confirmation status is set back to Not Confirmed when updating the resource without making any changes |
397590 |
| Exchange AIC Import analysis task is wiping exchange perms data in AIC |
397158 |
| AIC: Add ORDER BY clause to query for Resource Owners Page |
428495 |
| AIC: Review processing throws SQL deadlock error |
428664 |
| AIC - Activity queries converting date ranges to local time instead of UTC |
417173 |
| AIC 500 Error: Cannot insert the value NULL into column ‘GroupName’ |
429554 |
| AIC: Index reorganization causing SQL timeout (11.6/12.0) |
434469 |
| User with Security Role Access is not seeing URL in Entitlement Reviews for a handful of servers he has been granted access to. |
386648 |
AnyData
| Description |
Case Number |
| Salesforce Powershell code Using Retired version of REST API |
381148 |
DropBox
| Description |
Case Number |
| DropBox Scans failing post upgrade |
391526 |
| DropBox Scans failing post upgrade to Team Space |
391526 |
| DropBox Scans fallback authentication doesn’t check for Teams Spaces upgrade |
391526 |
| Dropbox: Get usage space for scoped users only |
391526 |
| Dropbox: Cannot process a file without an extension |
391526 |
Windows
| Description |
Case Number |
| Update SG_LocalAdmins query to not drop data of offline/errored hosts |
399507 |
Unix
| Description |
Case Number |
| PuTTY ECDSA keys supported by our plink but not by UNIX DC |
428820 |
CDSA (Credentials and Data Security Assessment)
| Description |
Case Number |
| Update SharePoint Open Access data points in the CDSA |
421120 |
SA Core
| Description |
Case Number |
| Job running statistics referencing other running jobs |
370263 |
| RBA Report Viewer role not working with Vault |
390322 |
| Additional logging for CyberArk Integration |
390982 |
| Table for Sites query changes when configure to use SSL thru Job Page on AD_DomainInfo job |
397057 |
| SA: Finalizer thread not getting serviced when jobs run non-interactively |
400203 |
| Core: clicking on Scheduled job status in Job statistics returns Warnings |
411225 |
| RBA Users able to escalate permissions within console |
426837 |
Reporting
| Description |
Case Number |
| Reports configured to send CSV email are not sending an attachment |
388998 |
| Bug with sorting reports |
391928 |
| Web reports failing to start after upgrade to 11.6 where HTTPS was configured pre-upgrade |
402908 |
Powershell
| Description |
Case Number |
| Powershell Action Module - Separate AIP authentication from MIP labeling action |
373758 |
| Powershell pipeline stalling |
400693 |
Miscellaneous
| Description |
Case Number |
| Survey Action Module ‘Hide and lock previous response’ checkbox not working properly |
426451 |
| Proxy Installer doesn’t create windows firewall for 8767 |
387793 |
| AD_WeakPasswords - Could not load file or assembly 'BouncyCastle.Crypto |
388901 |
| Ini Collector - Holding data from prior scanned host and adding it as an entry for the next host. |
381130 |
| Add additional logging to SmartLog DC |
396054 |
| SQLViewCreation Export to excel, removes last row of data. |
400226 |
| SQL Scripting Column Headers aren’t saved properly when modified through job page. |
402673 |
Need help with this update?
There are many different ways to get help with our products!
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!
7 Likes
