Code42 cloud release notes

Greater visibility into file activity of high risk employees

February 19, 2020

Code42's new High Risk Employee lens provides comprehensive insight into file activity of employees you identify as a risk (for example, users with elevated permissions, access to sensitive data, on a performance improvement plan, etc.). The Detection > High Risk Employees section of the administration console enables you to: 

• Quickly identify suspicious file activity of high risk employees over the past 90 days
• Assign risk factors to employees to provide more context for insider threat investigations
• Easily review both endpoint and cloud sync file activity

Forensic File Search now searches backups from all users to locate and download file contents

February 12, 2020

When downloading file contents in Forensic File Search, the file event details now offers the option to search other locations if the file isn't found in the user's backup archive. Clicking Search Other Locations searches the backups of all users in your Code42 environment, which greatly increases the chance the file will be available for download. Previously, files could only be downloaded if there was an exact filename and file path match in the backup archive of the user associated with the event.

More subscription options for monitoring insider threats

February 11, 2020

The Code42 Diamond product plan offers a new subscription option for many of Code42's most advanced insider threat features, including:

• The Risk Exposure dashboard, which highlights suspicious file activity
• A highly customizable Alerts framework to notify you when when important data may be leaving your organization
• The powerful Forensic Search interface, which offers advanced search capabilities for investigating file exfiltration activity

Previously, some of this information was available via a CSV export, but full access to these features required the Code42 Platinum product plan. 

Requires Code42 app version 7.7.0.

Use one deployment policy to register users in multiple organizations

February 11, 2020

Deployment policies can now leverage custom user detection scripts that dynamically assign users to different organizations. Previously, deployment policies could only register users to a single organization.

Requires Code42 app version 7.7.0.

Video summary

Watch the short video below for a summary of features released this month.

Endpoint dashboard provides visibility for devices not reporting security events

January 30, 2020

A new Endpoint dashboard identifies user devices not sending file event data to Forensic File Search. This improved visibility can help you troubleshoot specific devices to ensure Code42's security monitoring is capturing file activity on all active devices in your Code42 environment.  

Better visibility into endpoint and cloud services file activity for all users

January 30, 2020

A new User Profile search interface provides comprehensive insight into file exfiltration risk for all users. The Investigation > User Activity section of the administration console now enables you to review both endpoint and cloud sync file activity for the last 90 days to quickly identify suspicious file activity. 

Previously, much of this information was only available for users added to a departing employee profile or via CSV export.

Requires the Code42 Platinum product plan.

Sync destinations added to Risk Exposure dashboard

January 27, 2020

The Risk Exposure dashboard now shows you where employees are syncing files. By reviewing the Synced to Cloud Service details, you can quickly see if users are syncing files to unapproved cloud services. 

Forensic File Search adds search filter for files shared with trusted domains

January 17, 2020

Trusted Domains settings enable you to easily exclude files shared with approved domains from search results in Forensic File Search.

To use the new search filter:

• Add domains you trust to Administration > Settings > Trusted Domains.
• From Investigation > Forensic Search, add the Exposure Type filter to your search criteria and select the value Outside trusted domain.

File categories added to Alerts 

January 16, 2020

You can now add file category filters to Alerts to help you more easily determine what types of files (spreadsheets, zip files, source code, and multimedia, for example) are leaving your organization. 

Sync destinations added to Departing Employees lens

January 13, 2020

The Departing Employees lens now shows you where employees are syncing files. By reviewing the sync destination details, you can quickly see if users are syncing files to unapproved cloud services. 

Risk Exposure dashboard highlights departing employee activity

January 2, 2020

The Risk Exposure dashboard now includes a summary of potential exposure events gathered from the Departing Employees lens. Click any value for more details.

January 29, 2020

• Performance and stability improvements.
• Fixed: The Administration > Organizations screen now loads much faster for Code42 environments with many child organizations.
• Fixed a web restore issue: filenames containing apostrophes now properly appear in search results. Previously, searching for a filename containing an apostrophe could return no results even if the file was backed up and available to restore. 
• Fixed: Exporting organization details to CSV now reports correct values for selectedFiles, totdoBytes and todoFiles. Previously, these fields could incorrectly report zero or null under certain circumstances even though there were files selected for backup.
• Improvements to logging.
• Fixed: Two-factor authentication for local users can now be enabled if a user's password contains special characters.
• Fixed: Using the action menu to block or unblock a user now immediately updates the status icon next to that user. Previously, even though the blocking or unblocking succeeded, refreshing the page was required to see the current status for the user.
• For Code42 environments managing their own external keystore, connection failures now display more specific error messaging on the Administration > Settings > Keystore page and in the logs.
• Fixed an intermittent display issue which could cause page styles to render incorrectly when navigating between specific screens in the administration console.
• Updates to translations.

January 8, 2020

• Fixes an issue in which downloading files from Forensic File Search was not available in the Safari web browser.
• Improves error messaging if File Size search criteria is blank.

 

Early Access: Forensic File Search adds Google Gmail and Microsoft Office 365 email data sources

December 16, 2019

You can now connect Forensic File Search to your organization's Google Gmail or Microsoft Office 365 email environment to monitor and investigate email attachments. When a user emails an attachment, Forensic File Search captures the following file and message metadata:

• Filename of the attachment
• Email subject
• Address of the sender and recipients
• Data loss prevention policy that detected the attachment (Microsoft Office 365 only)

Forensic File Search's monitoring of email attachments differs slightly between Gmail and Microsoft Office 365:

• Gmail: Forensic File Search captures file and message information for all emails with attachments. Use the Google Admin console to further investigate an attachment.
• Microsoft Office 365: Forensic File Search only captures file and message information for email attachments that are detected by a DLP policy, as defined in your Microsoft Office 365 Security & Compliance Center. You can open attachments directly in Forensic File Search for further investigation.

For more information, see these articles:

• Allow Code42 Forensic File Search access to Gmail
• Allow Code42 Forensic File Search access to Office 365 email

Departing employee enhancements

December 13, 2019

The risk detection lens for departing employees adds new features to help you more easily identify exposure risk. 

User Directory Sync (UDS) version 1.4.0

December 19, 2019

• Makes the following enhancements to the config.properties file:
  • Adds the following Active Directory employee attributes for mapping to Code42: Manager, City, State, and Country.  
  • Adds a description and the default value for each property. The descriptions can be toggled to be displayed or hidden. 
  • Displays previously hidden properties.
• Provides an explanation of the error in the Run Summary log when a UDS sync or dry run fails to complete.
• Fixes the following issues:
  • Searches that included an "or" clause in the filter caused the search to loop without completing.  
  • LDAP validation results were not properly logged when the --trace flag was run. 
  • A query for for a multi-valued attribute (such as memberOf) returned an error when the attribute contained more than 1,500 values.
  • An attribute size of zero generated an exception error.

December 19, 2019

• Fixes several issues introduced on December 17, 2019 which prevented some Code42 environments from properly displaying device connection status and from being able to perform device restores in the administration console.

December 17, 2019

• Performance and stability improvements.
• Improvements to the accuracy of backup-related statistics and reporting throughout the administration console.
• Fixes an issue in which deselecting Inherit settings from parent did not properly apply endpoint monitoring settings to the child organization in very specific circumstances.
• In the Code42 API, fixes an issue introduced in the October 23, 2019 Code42 cloud release in which a request to the computer resource with the parameter incHistory=true did not return the backup history.
• Updates to Forensic File Search translations. 
• Fixes a very rare issue introduced in the October 23, 2019 Code42 cloud release which could cause an administration console web restore to fail if the device that created the backup is offline.
• Improvements to logging.
• Improves error message text throughout the administration console for invalid entries related to editing users and organizations. 
• For Code42 environments that access the administration console via https://console.us.code42.com/console:
  • Fixes an issue in which attempting to view the history log for a user device in the administration console displayed the error message "History log unavailable."
  • Fixes an issue in which performing a web restore for files with international characters in the filename replaced those characters with question marks (?) or underscores (_) upon restoring the files.

December 3, 2019

• In Forensic File Search, fixes an issue in which the Sync Destination search filter did not allow users to select Microsoft OneDrive.

Early access: Departing Employee application

November 1, 2019

Code42's new Departing Employee application provides comprehensive insight into the file activity of departing employees. From the Detection > Departing Employees section of the administration console, you can now:

• Quickly identify suspicious file activity
• Easily review both endpoint and cloud sync file activity
• Gain visibility into file activity before a user gives notice by looking at file events from the last 90 days

Early access: Enhanced security alerts

November 1, 2019

We've added brand new functionality to the administration console for creating and managing security alerts. Alerts are visible from Alerts > Review Alerts, and can also be sent as emails to proactively notify you in near real-time when a user exceeds a pre-defined threshold for file exfiltration activity. These alerts are highly configurable and monitor file uploads, files synced to cloud folders, activity on removable media, and publicly-shared files in cloud services.

November 20, 2019

• Performance and stability improvements.
• Continued improvements to the accuracy of backup-related statistics and reporting throughout the administration console.
• Fixes a rare issue which could prevent archive maintenance from completing for an archive.
• Fixes an issue in Forensic File Search in which downloading a file with international characters in the filename could rename the downloaded copy of the file.
• Fixes an issue for Windows devices in which user activity results and Forensic File Search file events were not created for FTP activity under certain circumstances.

Early access: Forensic File Search adds file upload destination details

October 30, 2019

Read by browser or other app file event details now include the window title and URL active at the time the file is read. This information helps determine the destination of an uploaded file. See the Forensic File Search reference guide for several limitations of this early access feature. 

Download files from within Forensic File Search

October 28, 2019

You can now download files directly from search results if the file is included in the user's backup file selection. This makes it easier to determine the sensitivity of a file and analyze risk. (Previously, downloading the file required you to navigate to a different area of the administration console and perform web restore.) 

Administration console menu updates

October 23, 2019

In the navigation menu on the left of the administration console, several menu items were renamed and reorganized to better highlight key features. Changes include:

• Security Center is renamed Investigation.
• Dashboards is renamed Detection.
• The Data Exposure dashboard is renamed Risk Exposure.

Other enhancements and updates

October 29, 2019

• In Forensic File Search, the Event Type and Source search filters now support selecting multiple values in a single search. Previously, these search filers only supported searching for one event type or source at a time.

October 28, 2019

• If your product plan includes Forensic File Search, the Risk Exposure dashboard now appears for users with the Customer Cloud Admin or Security Center User roles when they sign in to the administration console. This dashboard provides an overview of endpoint and cloud file activity to help you better monitor potential file exfiltration threats. (The former landing page focused on backup and restore is still accessible via Administration > Dashboard.) 
• Adds a new Security Center - Restore role to allow fine-grained control over which administrators have access to download file contents from Forensic File Search. 

October 23, 2019

• Security updates. 
• Improves accuracy of backup-related statistics and reporting throughout the administration console. As a result, some statistics are now updated on a regular interval instead of in real-time. Affected locations are identified with a note indicating the refresh interval (for example "up to 15 minutes delayed"). 
• If you configured SCIM provisioning to Create new users in a Code42 organization, moving a user to a different organization in the Code42 administration console no longer moves the user back to the originally provisioned organization when the provisioning provider syncs with Code42.
• Removes the Map users to organizations based on an existing provider SCIM attribute option from the Edit Organization Mapping Method dialog. Instead, map users to Code42 organizations using your provider's c42OrgName attribute. 
• Updates the wording of the options in the Edit Organization Mapping Method dialog for provisioning providers to improve usability. 

October 21, 2019

Updates to cloud services monitoring:

• A Scoped To column now appears in the Cloud Services table at Investigation > Data Sources. This column shows the scope of drives monitored for the cloud service, whether all drives, drives for specific users, or drives for users belonging to specific groups.  
• Statistics for cloud services are now refreshed on the Data Sources screen every ten seconds.
• You can no longer select all drives for monitoring using the Code42 integration for Box. Instead, you must select specific users or groups. 
  Box integration is currently in early access release. Contact your Customer Success Manager (CSM) for access to Box integration.  

October 9, 2019

Updates to Forensic File Search:

• Security updates.
• Adds Media Name, Volume Name, and Partition Guid search filters and exposure details to file events occurring on removable media. This helps better identify details about the specific media used.
• Corrects an issue in which the Forensic Search screen did not load properly in the Internet Explorer web browser.

User Directory Sync (UDS) version 1.3.0

October 15, 2019

• Corrects an issue in which the UDS connection to the Active Directory server timed out due to a full work queue.  
• Returns an array for multi-valued items (like MemberOf) even when there's only one value in the array. 
• Adds the following Active Directory employee attributes to the config.properties file for mapping to Code42: Title, Division, Department, and Employee Type.  
• Completes a dry run even if the SCIM service is unavailable. 
• Provides support for Active Directory 2016. 
• Adds upgrade instructions to the readme.txt file provided with UDS. 
• Uses the objectGUID attribute for user UIDs because it is a unique ID in Active Directory. If you configure pre-1.3.0 versions of UDS to use the objectSID for user UIDs, the UDS automatically manages the ID translation. 
• Corrects an issue in which spaces were not allowed in paths. Spaces can now be used in UDS directories, scripts, and program file names. 
• Improves dry run results output. 
• Provides the URL to the configured LDAP server in the LDAP connection log. 
• Performance and stability improvements. 

October 23, 2019

• Performance and stability improvements.
• Fixes an issue in backup status report emails in which clicking a username opened the administration console dashboard instead of the details for that user.
• Fixes a very rare issue in which archive maintenance did not remove old file versions as specified by the file version retention settings. 
• Fixes an issue in which the administration console could incorrectly show an online device as offline. 
• Fixes an issue in which a Security Center User Activity CSV export could display a null processOwner value for FILE_OPENED events.
• Improvements to logging.
• Fixes an issue in which the Account menu in the upper right was partly hidden in very narrow browser windows.
• Fixes a display issue in which the File Path Mismatch error message did not appear in the correct location.
• Fixes formatting display issues on the Code42 Registration page for new users invited by email.
• When editing a user's profile, the Update User button is now only clickable after a change is made to the user. 
• Fixes an issue in which clicking the Update User button did not close the User dialog under certain circumstances.
• Fixes an issue that prevented some administrators from being able to retrieve logs for a device from the administration console.
• Improves error messaging if the target of an administration console device restore is unavailable.
• Devices with an active connection to Code42 now display the status Destination Connection instead of Online. 
• On the Device Details screen, the Connection Status column is now labeled Destination Status and no longer includes the time since the last connection.

Enhancements and updates

September 25, 2019

• Security updates.
• In Backup Status Report emails, devices with no recent backup activity are now highlighted in red. This helps more easily identify devices that may require administrator action. 
• Updates to Forensic File Search:
  • Adds a new fileevent/lastknown resource to the Forensic File Search API, which enables queries that return only the last observed state of files on the device (this differs from existing queries, which focus on event activity). This can help you determine:
    • What files are on a device right now
    • Which files in your cloud services are currently being shared publicly
    • If specific types of files currently exist in places they shouldn't (for example, source code in Google Drive)
  • Re-orders the File event details to list the most relevant metadata first.

September 6, 2019

• Increases the maximum Client Updates delay from 30 days to 60 days.

September 5, 2019

• Adds a new fileevent/grouping resource to the Forensic File Search API. This enables queries that group results by a particular value and provide a count of unique events in each group. For example, grouping by username outputs a distinct list of users and the count of file events for each user. 

September 25, 2019

• Performance and stability improvements.
• Fixes an issue in which the Cold column on the Organizations screen could incorrectly display a value when there are no archives in cold storage for that organization.
• Fixes an issue in which HTML formatting did not render correctly in customized emails.
• Fixes an issue in which a Security Center User Activity CSV export could include two extra empty columns for some removable media events.
• Improvements to logging.
• Fixes a rare issue in which performing a web restore for a single file with an alternate data stream (ADS) could result in only the ADS file (for example, Zone.identifier) being restored. 
• Fixes a Forensic File Search issue on Windows devices in which background system processes could generate false positive Read by browser or other app file events attributed to a user. 
• Fixes an issue in which navigating from Security Center > User Activity to Administration > Client Management did not open the Client Management screen.
• Fixes an issue in which the Date Modified column for an Activity Profile could update even if the profile settings didn't change.

Monitor cloud activity for groups of users

August 29, 2019

Forensic File Search now provides the option to enable monitoring for cloud data sources based on the groups defined in Box, Google Drive, and OneDrive. This simplifies the process of adding multiple users and makes it easier to target specific groups for monitoring. 

New help desk roles 

August 28, 2019

New Org Help Desk - No Restore and Cross Org Help Desk - No Restore roles enable more fine-grained control for administrator permissions. These new roles allow help desk personnel to manage users in an organization, but prevents them from restoring other users' files. 

IBM Resilient integration

August 28, 2019

The Code42 for IBM Resilient app combines IBM Resilient’s automation and incident handling with Code42’s context of file activity to accelerate discovery and remediation of data loss incidents. Code42 for Resilient adds Code42-specific functions, rules, and workflows to your IBM Resilient environment, specifically for addressing departing employee and malicious file scenarios.

SAML SSO attribute customizations

August 28, 2019

For added security and flexibility, administrators can now use the Code42 API to set the SAML 2.0 context and class references in your identity provider's SSO requests, as well as the digest and signature algorithms.

Monitor cloud activity for individual users

August 5, 2019

Forensic File Search now provides the option to enable monitoring for cloud data sources for individual users in Box, Google Drive, and OneDrive. This enables administrators to target a small group of individual users (instead of monitoring all users with cloud accounts). This can be especially helpful during initial testing or to conserve resources.

Other enhancements and updates

August 28, 2019

• Adds mediaName, volumeName, and partitionGuid metadata fields to file events occurring on removable media. This helps better identify details about the specific media used. Requires Code42 app version 7.2.0. 
• In the Code42 API, adds a new device-status-count resource to easily query total devices and their backup status. See the Code42 API documentation and select API version v6 for more details.
• During the Forensic File Search initial device scan, events for current file activity are now prioritized over scanning all files on the device. This means that no matter how long the initial scan takes, current file activity is still reported every 5 minutes. Requires Code42 app version 7.2.0
• When upgrading archive encryption key security in the administration console, the confirmation message now includes information about the impact to restoring files from legal hold archives. 
• Adds support for proxy servers for sending Forensic File Search event data to the Code42 cloud. Previously, proxy configurations only applied to backup data. Requires Code42 app version 7.2.0 

August 12, 2019

• In the Forensic File Search API, removes the deviceStatus output value from the fileevent resource.

August 28, 2019

• Security updates. 
• Performance and stability improvements.
• Improves restore performance for devices on slow or frequently interrupted network connections.
• In the Device Status Report, corrects an issue in which searching for devices that have alerts could return some devices without alerts under certain circumstances.
• Corrects a very rare issue in which deactivating a device did not move all archives for the device into cold storage.
• Corrects a very rare issue which could prevent archive maintenance from running as scheduled for an individual archive. 
• Updates several incorrect and broken links to Code42 support articles in the Code42 API v3 and later documentation.
• Corrects an issue in which changing settings in Device Backup Default Settings > Network > Scheduled did not save properly after clicking the Push or Lock icons.

The following bug fixes improve file event detection and reporting for Forensic File Search and Security Center user activity (endpoint monitoring). 

Requires Code42 app version 7.2.0

• Corrects an issue on Windows devices in which file activity on local volumes was incorrectly reported as removable media under certain circumstances.
• Corrects an issue in which file events in Forensic File Search and Security Center User Activity CSV exports could display MD5 or SHA256 hash values of 0xFFFFFFF or a string of repeated f's (for example, fffffffffffffff) when the hash is unavailable. 
• Corrects a rare issue on Mac devices in which browsing the Photos Library to add an attachment to an email could create superfluous Read by browser or other app events for files that were not actually attached to the email.
• Corrects an issue on Mac devices in which some system-initiated file activity on removable media incorrectly generated file events attributed to the user.
• Corrects an issue in which Forensic File Search incorrectly categorized some image files as videos.
• Corrects a rare issue on Mac devices in which file upload events were not detected for a very specific sequence of uploading files. 
• Corrects an application compatibility issue between a recent iCloud update for Mac and Code42 Security Center reporting.
• Corrects an issue on Windows devices in which duplicate file upload events could appear in Forensic File Search and Security Center User Activity CSV exports.

August 7, 2019

• Security updates.
• Reverts the July 24th Code42 cloud update that made the Data Exposure dashboard the default landing page for certain users. Now, all users once again see the backup and restore dashboard upon signing in to the administration console. If your product plan includes Forensic File Search, the Data Exposure dashboard is still accessible via Dashboards > Data Exposure and continues to provide an overview of endpoint and cloud file activity to help you better monitor potential file exfiltration threats.

Two-factor authentication for local users

July 24, 2019

Two-factor authentication is now available as an added security measure to help prevent unauthorized access to the administration console and Code42 API for both:

• Users in organizations that only use local authentication
• Dedicated local users in organizations with an external authentication provider

Local two-factor authentication uses the Time-based One-Time Password (TOTP) algorithm and easily integrates with Google Authenticator. 

CPU usage settings for Forensic File Search

July 24, 2019

Administrators now have the option to apply device CPU limits to Code42 security processes (previously, CPU limits only applied to backup). Limiting CPU usage for security processes can be especially helpful during the initial Forensic File Search device scan, but it may also reduce the effectiveness of security monitoring. Therefore, we recommend only enabling limits when necessary. Requires Code42 app 7.0.0 or later. 

New Forensic File Search filtering options

July 12, 2019

• Adds a new File exposure changed to search filter to identify when permissions change for files in cloud services. This enables you to more easily search for new exposure risk by focusing on files that were changed to allow public sharing. 
• Adds new exists and does not exist search operators for many search criteria. This enables you to quickly identify file events where any value is present or no values are present. For example, you can now search for file events with any Exposure Type value by simply selecting the exists operator. Previously, this search required specifically including all possible exposure types in your search criteria. 

User Directory Sync version 1.2.0

July 11, 2019

• Adds the ability to view the version of User Directory Sync in use. 
• Adds the ability to map which LDAP attributes are used by User Directory Sync to provision and update Code42 user information. 
• Now performs a "changes-only" sync when using either the default search or a custom search filter. 
• Provides more detailed information during dry-runs, including attribute mapping and script results for each user. 
• Introduces the option to run a full sync on demand with a new optional flag.  
• Offers improved error messaging, including: 
  • A usererror.log that contains dry-run results and user errors during live syncs.
  • The scripts and the associated line number when the Active, Role, or Org script causes a sync to fail.  

Other enhancements and updates

July 24, 2019

• Security updates.
• Adds individual Inherit setting from parent options to the Web Restores and Client Visibility organization settings. This change provides better control over which settings are inherited from the parent organization. 
• The SSO attribute mapping fields for Username, Email, First Name, and Last Name now allow up to 128 characters. Previously, the limit was 64 characters.

July 31, 2019

• Corrects two issues introduced in the July 24th Code42 cloud release:
  • The Reset password button once again enables users to successfully complete the password reset process.
  • The Data Exposure dashboard now only appears for users with the Customer Cloud Admin and Security Center User roles. 

July 24, 2019

• Performance and stability improvements.
• For Code42 environments with multiple SSO identity providers, the sign-in screen now only gives users the choice of selecting providers offered to their organization.
• Device details now load much faster when searching by device GUID in the administration console. 
• Corrects an issue in which attempting to create a deployment policy for an organization with a backslash (\) in its name resulted in an "unknown error" message.
• For Code42 environments that access the administration console via https://console.us.code42.com/console, corrects an issue in which performing a web restore for files with international characters in the filename replaced those characters with question marks (?) or underscores (_) upon restoring the files. 
• Updates to administration console translations.
• Improves error messaging in the administration console if SSO user attributes are missing.
• Corrects an issue in which newly-provisioned SCIM users were not moved to the correct organization under certain circumstances.
• In the Reporting section of the administration console, corrects an issue introduced in version 7.0.0 in which sharing a link for a specific search (which includes query parameters in the URL) did not display results if the second administrator was not already signed in to the administration console.
• Corrects a rare issue in which users with the Org Admin - No Web Restore or Cross Org Admin roles could not be deactivated under certain circumstances.

File exfiltration detection for Windows shared network drives

June 18, 2019

On Windows devices, uploads and downloads to and from shared network drives now appear in Security Center Application Activity and as Forensic File Search Exposure events. (Mac devices already report file exfiltration via network shares.) Requires Code42 app version 7.0.0. 

Other enhancements and updates

June 24, 2019

Updates to Forensic File Search:

• Security updates.
• In the Code42 API, adds an exists operator to the fileevents resource to enable querying events where any value exists for a search parameter.
• Corrects an issue in which users were unable to edit the name or notes for a saved search.
• Improves date and time error validation.
• Updates Forensic File Search file category mappings to recognize additional file types.
• The Search timed out error message now provides specific suggestions for optimizing your search criteria and avoiding future search errors.
• Reloading a saved search from the Saved Searches dropdown menu after changing search criteria but not clicking Save now reverts to the original saved search. Previously, returning to the original search required selecting it from the Saved Searches tab or refreshing the page.

June 11, 2019

Updates to Forensic File Search:

• Security updates. 
• Adds a new insertionTimestamp parameter to the fileevent resource in the Code42 API. This indicates when the event was received for indexing by the Code42 cloud. By making note of the latest insertionTimestamp value in your query results, you can more easily isolate new file events in a future query by specifying an insertionTimestamp greater than the value noted in your last query.

June 5, 2019

• Updates the URL to obtain Forensic File Search API authorization tokens. If you have any existing scripts or API integrations, you must update the GET requests to use the new URLs. 

June 3, 2019

Updates to Forensic File Search:

• User experience improvements related to pre-populating default search values and search criteria error validation. 
• Updates to translations.
• Improves keyboard navigation accessibility for the Events observed in the last filter.

June 18, 2019

• Security Center Application Activity and Forensic File Search Exposure events for uploads and downloads to and from shared network drives on Windows devices are missing some metadata, including the SHA256 and MD5 hashes, file size, and file category.

Data exposure dashboard

May 30, 2019

A new administration console dashboard with visualizations of file exposure activity on user devices is available for Code42 environments licensed for Forensic File Search.

Forensic File Search relative time filters

May 23, 2019

The Forensic File Search date filter adds a new Events observed in the last option to select pre-defined time periods ranging from the past 15 minutes to the past 30 days. This is especially useful for saved searches because they can be used at any time in the future and still search the same relative time period.

New roles to modify users

May 22, 2019

New User Modify and Cross Org User Modify roles enable more fine-grained control for administrator permissions. These new roles allow help desk personnel to manage users in an organization, but prevents them from managing or changing settings in the organization itself. 

Other enhancements and updates

May 23, 2019

• The Forensic File Search date filter now automatically appears at the top of the search criteria, and all searches must include a date range.

May 22, 2019

• Security updates.
• Performance and stability improvements.
• The App Downloads screen now includes the SHA-1 hash for each installer. This enables administrators to validate the authenticity of the downloaded file.
• In the administration console, exporting CSV files containing device data now includes several fields previously only available via the Code42 API. 
• The backup status report email now lists devices that have not yet completed their first backup as In Progress in the Last Completed column. Previously, these devices displayed a dash (-) in the Last Completed column.
• Updates third-party library Netty to version 4.1.33.
• Updates Forensic File Search file category mappings to recognize over 100 additional file types.

May 22, 2019

• Performance and stability improvements for very large Code42 environments in which the number of subscriptions in use exceeds the number of subscriptions purchased.
• Corrects a rare issue in which users with the Customer Cloud Admin role were unable to migrate to a new Vault keystore.
• Corrects a rare issue in which using an old bookmark to access the Code42 cloud administration console could prevent some pages from loading properly.
• In the Code42 API, corrects an issue with the Computer resource in which including the export parameter to generate a CSV file did not include all fields when the incAll parameter was set to true.
• Improvements to logging.
• Corrects an issue in which archive maintenance could not be run twice in a row under certain circumstances. 
• In the administration console, corrects an issue in which exporting a CSV file of organizations, users, or devices could fail to export if the results contained more than 1,000 items.
• Corrects an issue in the Device Status Report in which the Export Records button was not localized.
• Corrects a very rare issue in which performing a web restore of files with non-ASCII characters in the filename replaced some characters with question marks (?) in the restored filename.
• Corrects an issue in which performing a web restore for a single file containing both a space and an international character in the filename replaced the space with a plus sign (+) in the restored filename.
• Improves error messaging for email customizations when attempting to upload a co-branded logo that exceeds the maximum allowed file size. 
• Corrects a rare issue in which using certain Unicode characters (including some emoji, and some Chinese, Japanese, and Korean characters) in the names of files or wireless networks excluded by the Code42 app could prevent Code42 configuration settings from loading properly.
• Corrects an issue in which some users were unable to access the Forensic Search page after signing out of the administration console and signing in again.

May 13, 2019

Updates to Forensic File Search:

• Performance and stability improvements.
• The column names in the CSV export now match the column names used in the on-screen results.
• Corrects a rare issue which prevented a user from exporting results to CSV if the display language was changed while the Export Results window was open.

Improved cloud exposure insights in Forensic File Search

April 18, 2019

Forensic File Search adds three new Exposure Type filters to help you better identify where files are shared in the cloud: 

• Public on the web (Google Drive only): The file is available on public search engines and accessible to the entire World Wide Web.
• Public via direct link: The file is not listed in public search engines, but is available to anyone who accesses the link.
• Shared with corporate domain: The file is not publicly accessible, but is available to all users on your corporate domain.

Search by time in Forensic File Search 

April 4, 2019

Forensic File Search now supports searching file events within a specific time window, in addition to dates.

Email co-branding

April 3, 2019

Introduces the ability to add your own logo to co-brand the message body of Code42 email notifications for many types of events, such as user backup status alerts, administrator backup status reports, and password recovery requests.

Other enhancements and updates

April 3, 2019

• Expands file exfiltration detection to capture file activity for OneDrive for Business. (Requires Code42 app version 6.9.4.) 
• Adds the ability for users with the Customer Cloud Admin role to send test emails.
• Reactivating a deactivated user now automatically resumes existing backups for that user. Previously, administrators needed to manually re-attach the backup archive to the reactivated user's device to resume backups.
• When managing billing information from the Account Information screen of the administration console, agents in the Managed Service Provider Program are now redirected to 2Checkout, our third-party e-commerce service provider. 
• Removes the myClusterComputerId query parameter and output value from the Code42 API Cluster resource. This value was empty and no longer in use.

April 18, 2019

• Corrects a Forensic File Search issue in which clicking the name of a search in the Saved Searches dropdown did not load the selected search under very specific circumstances.

April 15, 2019

Updates to Forensic File Search:

• Corrects several minor cosmetic display issues.
• Adds a help link in the file event details for more information about how file categories are determined.

April 8, 2019

• Corrects an issue introduced with the initial release of version 6.9.4 on April 3 in which attempting to export Security Center User Activity to a CSV file resulted in an error.
• Corrects an issue for Code42 environments that upgraded to the Code42 cloud from an on-premises authority server in which users with upgraded archive encryption key security could not update their archive key password.

April 4, 2019

• In Forensic File Search, the on search operator is no longer available for Date Observed. Existing saved searches and bookmarks on a specific date were automatically converted to an is in range search on that date from 00:00:00 to 23:59:59.999.

April 3, 2019

• Performance and stability improvements.
• Corrects an issue introduced in version 6.9.2 that could cause Code42 API requests to the Computer resource to fail under very specific circumstances.
• Corrects an issue introduced in version 6.9.1 that prevented users with the Customer Cloud Admin role from being able to update Security settings for an organization under certain circumstances.
• Updates the default Mac user detection script to better detect usernames in certain circumstances that caused the script to fail previously. 
• Adding a destination to a backup set for an organization now limits the destination to that backup set. Previously, the destination was added to all backup sets.
• Device details now appear more quickly when clicking search results for a specific device in the administration console. 
• Corrects an issue for Code42 environments with more than one configured SSO provider in which users were unable to sign in under certain circumstances.
• Corrects an issue in which adding two file paths to a Legal Hold preservation policy that differed only by capitalization only saved one of the paths.
• Using the administration console to manually add to the backup file selection for a device now accepts file paths for any operating system. Previously, file paths were only accepted for the operating system of the selected device, but that complicated the ability to transfer file backups to a new device with a different operating system. 
• Corrects an issue in which archive maintenance did not run as scheduled for some archives.
• Corrects an issue in which attempting to pause backups to a specific destination via the administration console command-line interface (CLI) did not work if users were backing up to local destinations. 
• Corrects an issue introduced in version 6.9.2 in which performing a device restore from the administration console did not restore files with the selected permissions in certain circumstances.
• Corrects an issue in which uploading the same file via two different applications (for example, a web browser and FTP) at almost the same time could only generate one file event instead of two. (Requires Code42 app version 6.9.4.)
• Corrects an issue for Windows devices in which Security Center user activity results could incorrectly report file upload events for files that were only accessed by the web browser and not actually uploaded. (Requires Code42 app version 6.9.4.) 
• Corrects a rare issue in which users were unable to manually start archive maintenance after recently performing a web restore.
• Improvements to archive maintenance.
• In the Code42 API documentation viewer, improves the description of the q parameter in the User resource.
• Corrects an application compatibility issue between Dropbox team drives and Code42 Security Center reporting. (Requires Code42 app version 6.9.4.) 
• On Mac devices, corrects an application compatibility issue between iCloud Drive and Code42 Security Center reporting. (Requires Code42 app version 6.9.4.) 

File categories in Forensic File Search

March 4, 2019

Forensic File Search now groups files into categories based on analysis of the file contents and file extension. This enables you to narrow your searches to specific types of files. For example, performing a search for the Image file category returns file activity for .gif, .jpg, .png, and many other known image file types. File categories can also help identify instances of a user changing a file extension. For example, if a file event has the file category Spreadsheet but the filename uses the .jpg extension, it may indicate an attempt to hide or exfiltrate data.

For a complete list of file categories and the specific file types in each category, see Forensic File Search file categories.

March 27, 2019

• Improvements to archive maintenance.
• Agents in the Managed Service Provider Program can no longer manage billing information from the Account page of the administration console. If you are affected by this change, Code42 has already emailed you with new instructions for managing your billing information.

March 12, 2019

Updates to Forensic File Search:

• Corrects an intermittent issue in which the Forensic File Search screen did not load properly after signing out and signing in again.
• Improves the accuracy of the Date Observed reported in the file event details. 
• Corrects an issue in which the Exposure Type was incorrectly populated for some file events that did not present an exposure risk (for example, file Modified or No longer observed events).

March 6, 2019

• In Forensic File Search, cloud service data sources with expired licenses are now deauthorized within 24 hours.

Hide the Code42 app from user view

February 27, 2019

A new Client Visibility setting in the administration console gives administrators the choice to show or hide the Code42 app on user devices. The default setting is Visible, which keeps Code42 easily accessible to users. Setting the visibility to Hidden removes most user-facing indications of Code42's presence on the device, but does not uninstall any Code42 components, so file backups and Code42 Next-Gen Data Loss Protection monitoring continue to run in the background.

Email customization

February 27, 2019

Introduces the ability for Code42 cloud customers to customize the sender email address and message body of Code42 email notifications for many types of events, such as user backup status alerts, administrator backup status reports, and password recovery requests.

Restore to original location

February 27, 2019

The administration console now allows you to restore files to the original location on the device. Previously, restoring to the original location was only available for restores initiated from the Code42 app on the device or the Code42 API. 

Exfiltration and exposure data in Forensic File Search 

February 21, 2019 (requires Code42 app version 6.9.2)

New Exposure Type filtering options in Forensic File Search offer greater visibility into file movement throughout your organization. This enables you to more easily investigate these types of file activity on user devices:

• Synced to cloud service: Monitors files that exist in a folder used for syncing with cloud services, including iCloud, Box, Dropbox, Google Drive, and Microsoft OneDrive
• Activity on removable media: Monitors file activity on external devices, such as an external drive or memory card
• Read by browser or other app: Monitors files opened in apps that are commonly used for uploading files, such as a web browser, Slack, FTP client, or curl

File exfiltration data is still also available via the Security Center > User Activity section of the administration console, but the addition of this data to Forensic File Search introduces more advanced search options, and also brings some file activity details to the administration console that were previously only available via CSV export.

February 27, 2019

• Security updates. 
• Performance and stability improvements. 
• Dramatically improves page load time for viewing the details of organizations with many thousands of devices.
• Corrects a rare issue in which users were unable to manually start archive maintenance under certain circumstances. 
• Corrects an issue in the Device Status Report in which some items appeared in English when a non-English language is selected.
• Corrects an issue in which performing a web restore via the administration console for files with international characters in the filename replaced those characters with question marks (?) or underscores (_) upon restoring the files.
• Corrects an issue in which Code42 User Directory Sync could incorrectly indicate in the Sync Log that a username changed if the user's email address contains uppercase letters. 
• Improves sync processes between on-premises authority servers and the Code42 cloud.
• Corrects an issue in which attempting to export a list of users or devices to CSV could fail under certain circumstances.
• Directory sync notification emails now stop sending if your Code42 User Directory Sync license expires.
• Corrects an issue in which the File Path Mismatch warning dialog could appear upon saving Device Backup Default settings unrelated to the File Selection.
• Corrects an issue in which users with the Customer Cloud Admin role were unable to perform an Access Lock under certain circumstances.

February 11, 2019

Updates to Forensic File Search:

• Performance and stability improvements.
• The free-form search criteria fields no longer use the web browser's spellchecker. In most cases, spell-check was not helpful, because valid hash values or file paths were often highlighted as spelling errors, yet they were correct as entered. 
• Corrects an issue in which the error message for being unable to save a search did not display the correct name of the search. 

Delayed client updates

January 23, 2019

New Client Updates settings in the administration console enable administrators to define Code42 app update schedules by organization. Configuring these settings to specify when new versions of the Code42 app are released to user devices enables you to:

• Test new Code42 app versions on a small group of users before updating all users in your Code42 environment.
• Schedule Code42 app upgrades to better align with your change management process.
• Create a staggered rollout schedule based on organization.

Watch the short video tutorial below for an example of how to define a client update schedule.

January 23, 2019

• Security updates.
• Performance and stability improvements.
• In the Reporting > Device Status search results, the Client Version column now displays the Code42 app version, including the build number. For example, 6.9.2.123 indicates Code42 app version 6.9.2, build 123. Previously, the Client Version column displayed a longer string that did not clearly identify the build number. 
• For Code42 environments with an on-premises authority server also using Code42 cloud storage:
  • Corrects a rare issue in which restoring files from the administration console could fail if the target restore device is different than the device that originally backed up the files.
  • Corrects a rare issue that could prevent backup report emails and alerts from sending properly.
• Adding a new file path to the backup selection of a locked backup set now overrides any existing paths. Previously, the new and existing paths were both included in the backup file selection.
• The option to enable Forensic File Search now only appears if your Code42 environment is licensed for this feature. Previously, some unlicensed environments saw this option in the administration console, although enabling it had no effect.
• Corrects an issue introduced in version 6.9.1 in which clicking the Run a Device Report icon on the Administration > Users screen did not display the report.
• Adds an Upgrade Clients option to manually upgrade the Code42 app on all devices in an organization.
• On the Reporting > Device Status screen, corrects an issue introduced in version 6.9.1 in which the User Profile Status search filter did not appear under certain circumstances. 
• Updates the product plan and add-on features names listed at the top of the Administration > Subscriptions page to use the full product name instead of an abbreviated product code. 
• Improvements to logging.
• Corrects an issue in which Security Center user activity could incorrectly report a single download action as both an upload and download event under certain circumstances. Requires Code42 app version 6.9.2. 
• Corrects an issue introduced in version 6.8.2 in which selecting Replace a Device from the action menu for a specific device could incorrectly deactivate the new device instead of the old device if both devices are still online.
• Improvements to translations.
• Corrects an issue in which the Client Management screens did not correctly display non-English languages.
• Corrects an issue in the email titled Your Code42 for Enterprise license keys are ready in which an outdated customer email address could appear in the message body.

January 15, 2019

• Corrects a Forensic File Search issue in which deleting or saving changes to an existing search did not work correctly in Internet Explorer 11.

January 9, 2019

Updates to Forensic File Search:

• When viewing the expanded details of a saved search, clicking Cancel or Save now collapses the details. 
• The quick view list of saved searches now sorts alphabetically. Previously, the list was sorted by last modified date. 
• Adds new parameters to the Code42 API fileevent and fileevent/export resources to show exposure details for potential file exfiltration events. These new parameters are all searchable and also appear as output values: RemovableMedia, processOwner, processName, removableMediaVendor, removableMediaName, removableMediaSerialNumber, removableMediaCapacity, removableMediaBusType, syncDestination. See the Code42 API documentation for complete details.