Netwrix is pleased to announce the general availability of Netwrix Endpoint Protector 5.9.4.2. With this release, you will see major compliance enhancements to Enforced Encryption, which includes the following:
Want to be notified of future product updates?
Are you subscribed to this category? If not, or if you're not sure, expand me to see how!
What’s New in Endpoint Protector 5.9.4.2
The following components have been updated with this release:
- Server Version: 5.9.4.2
- Enforced Encryption: 3.0.0.2
IMPORTANT: This release is not changing Endpoint Protector Client versions and is focusing only on Enforced Encryption and related Endpoint Protection Server changes.
IMPORTANT: This release will no longer be available through LiveUpdate or automatic patch method. Instead, it will be accessible only via the Offline Patch method. Please use this link to download the offline patch file. Follow the instructions in the user manual to complete the installation process.
Legal Banner
The new Legal Banner feature on the Endpoint Protector Server login screen enhances your organization’s communication and compliance efforts. This feature allows you to display comprehensive disclaimers or compliance-related information directly beneath the credential fields. This provides a seamless way to convey important messages to users right at login.
Enforced Encryption FIPS 140-3 Validated Engine
Introducing Netwrix Enforced Encryption version 3.0.0.2, which incorporates FIPS 140-3 validated cryptography and adheres to the most robust data protection encryption standards, ensuring compliance with the latest industry regulations. This advanced encryption engine remains fully backward compatible, meaning existing users can seamlessly upgrade and continue to utilize previously encrypted drives without any disruption to their workflow.
Enforced Encryption Read-Only Mode
Introducing the Netwrix Enforced Encryption Read-Only Mode for unmanaged computers—an innovative solution designed to uphold your data security standards even on non-corporate devices. This optional feature empowers administrators to enable access to EE encrypted drives on personal computers, conference room setups, or exhibition area devices, all while maintaining critical security with a Read-Only setting. Seamlessly transfer corporate data across various environments, ensuring top-tier protection without compromising accessibility or convenience.
Enforced Encryption will Trace Folder Delete Operations:
Introducing a valuable enhancement to the EE Client, now offering the ability to trace folder deletion activities within the EE logs. This upgrade provides greater visibility into end-user actions, ensuring a comprehensive understanding of how sensitive corporate information is managed on encrypted drives. Elevate your oversight capabilities and enhance data security with this targeted improvement to the EE Client, designed to give you unparalleled insight into user interactions with critical data.
Bug Fixes and Miscellaneous Updates
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| Security | Security fixes This release contains important security fixes for EE. For information on these security fixes, please visit this security advisory. All EE customers are advised to update. |
376907, 376911, 376835 | |
| Security | Endpoint Protector Server Back End Components Refreshed Upgraded backend components for JQuery |
3788110 | 431347 |
| General | Re-enabling license management on Netwrix hosted environment License management functionality has been restored in the Netwrix-hosted environment |
377943 | |
| General | Fix “Transfer Limit” alert not to be sent to the deleted administrators Adjusted system configuration, now only the available administrator receives the Transfer Limit Alert. This targeted notification approach ensures timely and relevant updates are delivered to the appropriate personnel, streamlining alert management and response. |
344718 | 411953 |
| General | Alerts cache is not recreated properly Resolved an issue with the alert caching system, where updates made to a CAP alert involving changes to selected computers and users were not properly reflected in the cache. Previously, editing an alert to uncheck or check machines did not result in a correctly rebuilt cache. With this fix, the alert cache will now be accurately regenerated to include all specified machines and users after any modifications. |
319858 | 416406, 409790 |
| General | Ensuring Proper Cache Regeneration After Alert Renaming Fixed an issue where renaming an alert did not trigger the proper regeneration of the cache, leading to outdated or inaccurate information being displayed. With this update, whenever an alert is renamed, the system will now correctly regenerate the cache to ensure all data is current and reliable. |
348301 | 416406 |
| General | Correct Email Address Display in Alert History Resolved an issue where the wrong email addresses were being displayed in the Alert History under Alert Details: Recipient across all alert types. This occurred when an alert was created using the “Check All” option in the Administrator section, which included deleted administrators. With this fix, the system now accurately displays the correct email addresses associated with active administrators in the Alert History. |
364793, 366029 | 426144 |
| General | Group selector improvement Enhanced the functionality within the Computers and Users tables to ensure that selected items remain checked even after clicking the “select all” checkbox while using the search filter. |
358129 | 356518 |
| General | Improved Responsiveness of Dashboard Text Addressed an issue where the text under the Modules section on the General Dashboard was not responsive, causing it to be overlapped by the Most Active Users section when the browser width was reduced to less than 1880px. With this update, the text is now fully responsive, ensuring clear and unobstructed display across all screen sizes. |
319927 | |
| Device Control | Reliable Computer Name Updates for Mac and Windows Resolved an issue affecting both Mac and Windows computers, where changes to the computer name were not being permanently applied. With this update, any computer name edits are now consistently saved and accurately reflected in the Computer List, ensuring reliable updates across both platforms. |
319856 | |
| Device Control | Correct Handling of Serial Numbers with “&” in Custom Classes Resolved an issue where adding devices to Custom Classes using the Bulk Import or New Device options resulted in incorrect handling of serial numbers containing the “&” character. This led to improper saving of these devices and misapplication of device rights. With this fix, serial numbers with “&” characters are now correctly processed, ensuring accurate saving and application of device rights. |
370345 | 430816 |
| Content Aware Protection | Results are not sorted when using specific filter in CAP reports Improved sorting and filtering capabilities to allow results to be organized according to any specified column. |
351200 | 351168 |
| Content Aware Protection | MPIP reporting details We’ve refined the reporting details for the Content Remediation Session Active log. Now, the ‘Items Type’ column prominently displays the ‘MIP Classification,’ offering clearer insight and a more organized view of your data management activities. |
355766 | |
| Content Aware Protection | Denylists/Allowlists dictionaries import Resolved an issue where an invalid .xls file import would incorrectly create a dictionary despite showing an error message. Now, the error “Import failed! Please use a valid .xls file!” will be displayed, and no dictionary will be created, ensuring accurate data handling and user notifications. |
359542 | |
| Content Aware Protection | Resolved Export Issue in Denylists/Allowlists Sections Addressed a problem affecting the export functionality in the Denylists/Allowlists sections, where exporting a dictionary containing 50,000 items would result in a “no results” message upon opening the file. This issue has been resolved, and exports will now correctly display all items as expected. |
359501 | |
| Content Aware Protection | Fixed Misidentification of Microsoft Outlook as Microsoft Teams by Endpoint Protector Client Resolved the issue where the Endpoint Protector Client was incorrectly identifying Microsoft Outlook as Microsoft Teams. With this fix, Microsoft Outlook is now properly recognized, ensuring accurate monitoring and protection for the correct application |
367917 | |
| Enforced Encryption | Enhanced Security for Offline File Tracing with Enforced Encryption We’ve enhanced the security of our Enforced Encryption feature, specifically when configured for “Offline File Tracing.” With this update, file encrypt/decrypt events are now securely encrypted, ensuring that offline file tracing events are uploaded to the server only after the user logs into Enforced Encryption (EE) with their password. |
362675 |
Known Limitations
| Component | Description | Case # | Escalation # |
|---|---|---|---|
| General | In newer Linux Ubuntu versions, the default installation of the ‘snap’ application for file access events in xdg Desktop portals is not supported by EPP Client. This may lead to unexpected behavior in File Tracing, File Shadow, CAP, and DPI due to missing file access events. | EPP-8735 | EPPSUPPORT-3198 |
| Device Control | Despite denying Bluetooth, Webcam, and iPhone access on macOS endpoints, the Continuity Camera issue persists in applications like Slack, Zoom, FaceTime, and Photo Booth, where the camera is not correctly blocked. | EPP-8781 EPP-6826 | |
| Content Aware Protection | Clipboard operations may not always be captured accurately by MacOS CAP OCR | EPP-8651 | |
| Content Aware Protection | File Shadow downloads are affected by incorrect MD5 hashes in Endpoint Protector Clients’ event logs, causing artifacts to fail downloading with a “File Not Found” error. Upgrade EPP clients to 5.9.1.0+ (Windows: 5.9.1.7+; macOS: 2.8.1.4+; Linux: 2.1.0.3+) before updating the EPP server to versions 5.7.1.0 or 5.9.1.0+. | 320097, 320221 | |
| Content Aware Protection | On certain Linux environments, particularly those using the Wayland protocol by default, paste control is constrained due to Wayland’s inability to detect the focused window, resulting in content blocking during the copy operation. | EPP-8510 | |
| Content Aware Protection | File Shadow downloads from AWS S3 buckets, with concurrent File Tracing and CAP activation, may result in inconsistent behavior, displaying artifacts deleted in File Tracing reports but still available in CAP reports, and vice versa. | 320213, EPP-9023 | |
| Content Aware Protection | EPP may not cover full blocking capabilities against Microsoft New Outlook application, including printing use cases. Issue will be addressed in future EPP release. | 320024 | 00411874 |
| Endpoint Protector Client | With the release of EPP Client version 5.9.4.1, support for Windows XP, 7, 8, early builds of Windows 10, and Windows Server 2016 has been discontinued. To maintain EPP coverage on these systems, customers should continue using EPP Client version 5.9.4.0. Please note that no new features or fixes will be backported to this release. | 438053 | |
| Endpoint Protector Client | Upon upgrading to the EPP Client version related to 5.9.4.1 release, there is a potential issue where the assigned Department designation may be lost. This limitation will be addressed in the subsequent EPP Client release. For those who have already transitioned to version 5.9.4.1, it is recommended to manually reassign affected clients to their appropriate Departments. | 379516 | 437246, 437612 |
Upcoming Depreciations
| Component | Description | Case # | Targeted Release |
|---|---|---|---|
| General | Reporting V1 will be discontinued in future updates, and users should migrate to Reporting V2 beginning with EPP version 5.7 and beyond. | EPP-8532 | 5.9.5.0 |
| General | Backup V1 will be discontinued in future updates, and users should transition to Backup V2 starting from EPP version 5.9.0.0 and above. | EPP-8535 | 5.9.5.0 |
| General | DHCP Client support in EPP server will be phased out in upcoming updates; transition to static IP for stability is recommended. | EPP-8586 | 5.9.5.0 |
| General | Contextual Detection under SYSTEM PARAMETERS will be discontinued in future updates and replaced by ‘Context Detection Rules’ in the ‘Content Detection Summary’ section of CAP Policies. | EPP-8941 | 5.9.6.0 |
| General | The File Shadow Maintenance feature, which provides functionality for listing and managing File Shadows stored locally on the EPP Server will be discontinued in future. | TBD | |
| Content Aware Protection | The CAP applications list will be refreshed, and the list of obsolete/discontinued third-party applications will be removed. | 377314 | 5.9.5.0 |
| General | Starting with the 5.9.4.2 release, updates will no longer be available through LiveUpdate or the automatic patch method. Instead, updates will only be accessible via the Offline Patch method. Consequently, Live Update buttons will be removed. | 378739 | 5.9.5.0 |
Need help with this update?
There are many different ways to get help with our products!
| Situation | Action |
|---|---|
| If you feel the product is broken and not working as intended… | Contact Support |
| If you have a question you’d like to ask other experts… | Create a discussion in the community: Endpoint Protector > Discussions & Questions |
| If you have a feature request… | Let our product team know directly: Endpoint Protector > Ideas |
| If you have something cool to show… | Show everyone what you built: Endpoint Protector > Show & Tell |
What are your thoughts?
We are always happy to hear from our users on what you like, and what you hope to see in the future. Please, share your thoughts below!