Code42 cloud release notes

Last updated
Save as PDF
Share
1. Share
2. Tweet

Who is this article for?

Code42 for EnterpriseSee product plans and features

CrashPlan for Small Business

CrashPlan for Small Business, no.

Code42 for Enterprise, yes.

Link: Product plans and features.

Overview

This page lists new features and bug fixes released to the Code42 cloud. Click a month below to expand or collapse the details.

These updates primarily impact cloud-only Code42 environments (without on-site authority or storage servers), but some of the fixes and enhancements also apply to Code42 environments with on-premises authority servers that use Code42 cloud storage.

For the Code42 app, see Code42 app version 7.7 release notes.

May 2020

Features

Trusted domain filtering expanded to dashboards, alerts, and more

May 18, 2020

Domains on your list of Trusted domains now apply to more than just Forensic Search results:

File events on the Risk Exposure dashboard, Departing Employee and High Risk Employee lists, User Profiles, and in Alert notifications are now automatically filtered to only show events outside your trusted domains.
A new Trusted Activity filter in Forensic Search lets you easily include or exclude results for endpoint and email activity on trusted domains.
For Read by browser or other app events, trusted domain filtering now also applies to the Tab/Window Title and Tab URL fields.

This helps you focus investigations on higher-risk activity by filtering out events for domains you trust.

Remote file activity detection by IP address

May 18, 2020

Data Preferences in the Code42 console now includes a new tab to define your in-network IP addresses. Listing your in-network IP addresses enables Code42 to label activity from any IP address not on this list as remote activity, and lets you customize search results and dashboards to include in-network activity, remote activity, or both.

To view remote activity:

In Forensic Search, add the Remote Activity filter. In the file event details, remote events include a Remote activity label in the IP Address (public) field.
In Alert notifications, look for the Remote activity label next to the IP address.
On the Risk exposure dashboard:
- In the Top file activity section, click View by remote activity.
- Click the Remote activity tab within the All activity view.

Remote activity tab on Risk Exposure dashboard

Early access: Printer activity detection

May 5, 2020

On Mac and Linux devices, Code42 now detects files sent to printers. Once you enable print detection, print events are searchable in Forensic Search and you can download images of printed files. Monitoring printer activity gives you visibility into one more method of possible file exfiltration. Requires Code42 app version 8.0.0.

Enhancements and updates

May 20, 2020

Security updates.
In the Code42 console, non-administrator users now have permission to view restore history only for restores they performed. Restores performed by administrators are no longer visible to non-administrators.

May 19, 2020

For the Departing Employees and High Risk Employees lists, adds cloud share permission changes to file event details. Previously, clicking View event details only showed details for events that occurred from an employee's endpoint.
Updates creating or editing an alert rule with simplified steps and modular panels, for easier navigation and reduced scrolling.

May 7, 2020

Security updates.

Bug fixes

May 20, 2020

Performance and stability improvements.
Fixed several slow page load issues. It is now much faster to:
- Edit a user's details
- Edit an organization's details
- Load pages after making multiple settings updates
Fixed an issue in which the Administration > Organizations > Deactivated page did not properly load in Code42 environments with a very large number of deactivated organizations.
On the Identity Management > Provisioning screen, fixed an issue for narrow browser windows in which very long passwords did not display properly or provide the option to Copy to clipboard.
Improved error messaging for failed imports of identity provider XML metadata to better to describe the error and to provide a suggested resolution.
Updates to First Name, Last Name, and Email initiated by an authentication provider are now included in the Code42 Sync Log.
On the Organization details screen, fixed a display issue in which very long organization names could be truncated with an ellipsis (…), making it difficult to determine exactly where a child organization existed in the organizational hierarchy. Now, long names wrap to additional lines.
Fixed an issue in which attempting to reactivate a device resulted in an unexpected error message under certain circumstances.
Fixed an issue in which two-factor authentication for local users could not be enabled for users with passwords containing certain non-alphanumeric characters.

April 2020

Features

Manage access for Code42 support users

April 27, 2020

The Code42 console adds a new control for you to manage permissions for Code42 "support" users. A support user is a user account created by a Code42 Customer Champion in response to a support ticket. This allows Code42 to temporarily access your environment for the purpose of troubleshooting. To configure settings, navigate to Administration > Settings > Code42 Support Access.

Early access: Visual risk indicators for anomalous behavior

April 23, 2020

The User Profile now adds a risk indicator icon to file activity that may indicate greater risk, such as activity during hours when a user is not typically active or when file contents do not match the file extension. This enables you to better prioritize which file activity to investigate:

Off hours - Categorizes file activity that occurs at times a user is not typically active as an added risk. The off hours determination is unique to each user and based on the user's past patterns of behavior on their endpoint. This enables you to focus investigations on unusual file activity.
File mismatch - Highlights file activity where files have extensions that do not match the file contents as an added risk. File mismatch determinations are shown for both endpoint and cloud file activity. This allows you to more quickly investigate anomalous file activity.

Early access: Off hours risk indicator in Forensic Search

April 23, 2020

The Risk Indicator filter in Forensic Search adds a new option to search for Off hours file activity. The off hours determination is unique to each user and is based on the user's past patterns of behavior. This enables you to focus investigations on unusual file activity that may indicate greater risk.

Early access: New Suspicious file mismatch alert rule

April 17, 2020

Code42 adds a new Suspicious file mismatch alert rule to notify you when activity is detected for a file with an extension that doesn't appear to match its contents—for example, when the file's contents indicate that the file is a ZIP file, but it has a PNG extension. This rule is automatically triggered for endpoint or cloud share permissions exposures.

Early access: Filter by risk indicators in Forensic Search

April 10, 2020

Forensic Search adds a new search filter and a risk indicator icon Yellow diamond risk indicator icon to highlight file activity that may indicate greater risk, such as a file extension that does not match the file contents. This enables you to better prioritize which file activity to investigate, and may indicate an attempt to disguise and exfiltrate data.

Forensic Search file mismatch risk indicator: search filter and file event details

Enhancements and updates

April 30, 2020

Updates the Code42 application in PingOne to perform provisioning from PingOne to Code42 in addition to providing SSO.

April 17, 2020

Improves visibility of file activity details with a new View event details option on the Top file activity by remote employees tile and the High Risk Employees and Departing Employees lists.

April 16, 2020

Security updates.
Performance and stability improvements.

Allows the Deactivation Delay setting to be edited for Code42 User Directory Sync providers in the Code42 console. Click the edit icon to set the length of time to delay deactivation after synchronization is performed.
Displays additions, updates, and removals for all user attributes in the provisioning Sync Log. In addition, all Organization attribute values displayed in the Sync Log now include the orgId of the organization, and all Manager attribute values now include the userId.

April 15, 2020

Adds a View event details button to the Remote employee file activity tile of the Risk Exposure dashboard and to the User Profile. Previously, you had to click a bar in the graph to view file event details.
On the User Profile, the File Activity Last 30 days tile is now split into two separate tiles: File events by destination and File events by file category group.
Adds SCIM attributes to the remote employees view allowing you to see information such as the employee's department and role.

April 6, 2020

In the Code42 console navigation menu, Trusted Domains is renamed Data Preferences.
Updates APIs for managing departing employees, and adds APIs for managing high risk employees. Use these APIs to automate adding and removing users from the High Risk Employees or Departing Employees lists.

April 2, 2020

Added the IP addresses involved in file activity to alert details and email notifications for the Exposure on an endpoint alert rule.

Bug fixes

April 30, 2020

In Forensic Search, improved messaging if a file is not available for download. Previously, an incorrect message appeared in some situations indicating the device was not backing up to Code42, even though it was backing up. Now, the messaging correctly explains the reason the file is unavailable.

April 16, 2020

Improved error messaging if you enter only one character in the Code42 console search box.
Improved logging for a rare circumstance in which the Code42 app is unable to connect to the Code42 cloud.
Fixed an issue on the Code42 console sign-in page in which translations for some non-English languages did not display properly.
For Code42 environments using Okta as the authentication provider, fixed an issue in which deactivating a user in Okta did not properly deactivate the Code42 user, under certain circumstances.

March 2020

Features

Greater visibility into file activity of employees working from home

March 20, 2020

Code42's new remote employee view provides organization-wide visibility into file activity on removable media, in cloud sync folders, and browser uploads for remote workers. The Detection > Risk Exposure dashboard enables you to:

Quickly identify suspicious file activity over the past 90 days for employees working from home
Easily review both endpoint and cloud sync file activity
Detect organization-wide usage of Dropbox, iCloud, Box, OneDrive and Google Drive

Remote employee

Code42 app for Demisto now available

March 19, 2020

The Code42 app for Demisto (now Cortex XSOAR) is now available. Using the Code42 app for Demisto, you can view and search Code42 data in Demisto, as well as manage Code42 Departing Employees from Demisto.

Code42 CLI tool now available for SIEM integration

March 18, 2020

The Code42 command-line interface (CLI) tool offers a way to extract Code42 data for use in a security information and event management (SIEM) tool like LogRhythm, Sumo Logic, or IBM QRadar. Use this command-line interface tool to get the security events in either a JSON or CEF format for use by your SIEM tool.

Early access: Code42 federal environment now available

March 12, 2020

The new Code42 federal environment is now available. This environment offers the same high level of security as all Code42 environments to government agencies in compliance with FedRAMP requirements.

The Federal Risk and Authorization Management Program (FedRAMP) from the United States Government provides a standard method for the security assessment, authorization, and continual monitoring of cloud products and services. Government agencies (and companies who partner with them) are required to choose FedRAMP authorized providers when using cloud products and services to ensure the security of their data. The Code42 federal environment is one such solution for organizations seeking a FedRAMP authorized service to protect against insider threat and data loss.

Government agencies can request access to the Code42 security package using the request form available on the FedRAMP marketplace. To access the form, select Code42 from the marketplace list and then click the Package Access Request Form link. More information is also available at https://www.code42.com/go/federal-solutions.

Enhancements and updates

March 31, 2020

The High Risk Employees and Departing Employees lists now alert you by default when file activity happens outside the trusted domains you have configured for cloud share permission changes. Pre-existing default alerts for both High Risk Employees and Departing Employees have been updated to have this new default value. VID-1365 & VID-1349.
From the Risk Exposure dashboard, streamlined the process for adding an employee to the High Risk Employees or Departing Employees lists. Previously, clicking Add to list brought you to that list and you had to navigate back to the Risk Exposure dashboard.

March 26, 2020

Added new alert rule configuration options to notify you when files are shared outside of the domains you trust. The first ten untrusted domains and email addresses with which the file has been shared are listed in the Cloud share permission changes notification email and alert details and can be investigated further in Forensic Search.
Added the name and path of the first ten files that generated an alert to the notification email and alert details. You can investigate further in Forensic Search and view all of the file events that triggered the alert.

March 19, 2020

Security updates.
When initiating Code42 app upgrades from the administration console, the confirmation messaging improved to make it clearer that only devices on supported operating systems receive the upgrade.
Added a new exclusions resource for managing backup exclusions via the Code42 API.
Updates to search behavior in the administration console:
- When entering a search term, auto-complete suggestions now only appear after at least four characters are entered.
- Searching for a partial term now only returns results that begin with those characters. Previously, search results included matches that contained the characters anywhere (not just at the beginning).

March 18, 2020

Updates to User Directory Sync (UDS). Version 1.5.0 introduces:

New properties in the config.properties file:
- ldap.connection.allowunsafecerts: Allows for self-signed certificates.
- scim.client.threads: Sets the number of processing threads to use during synchronization.
New --changed-since flag for the C42UserDirectorySync executable that synchronizes all users who haven't been updated since the specified date.
Faster synchronization through the introduction of multi-threaded processing.
Faster queries for missing users.
Improved log messaging.
Fixes an issue where installation of the embedded JRE incorrectly overwrote the existing JAVA_HOME variable.
Known issue: If you run a synchronization with the the scim.client.threads property set to a value higher than 1, and you use org scripts to automatically create new organizations in Code42, a new organization will be created for each thread, resulting in duplicate organizations. To work around the issue, you must create all the organizations needed by users before running a synchronization.

March 17, 2020

Updates to Forensic Search:

Improves visibility of the column selector within search results by adding the text label Modify columns and moving it to the upper right. Previously, the column selector was an icon with no text label and appeared in the column heading row of the search results.
The File Path column is now included in search results by default.
When exporting search results to CSV, fields containing a list of values (for example, IP Address, Shared With, and Exposure Type) no longer include line breaks. Now, all lists within a single field are comma-separated. Line breaks are only used to indicate a new record.

March 16, 2020

From the User Profile page, you can now add an employee to the Departing Employees and High Risk Employees lists. Additionally, improves the appearance and scaling of the File Activity Last 30 Days graph to make it easier to interact with smaller file event counts.
Improved experience while viewing Alerts details. Previously, you could expand a row in the list of notifications to see details. Now the list of notifications stays intact while the details for the selected notification slide in from the right side of the screen.
In Forensic Search, the File exposure changed to filter adds the option to search for files Outside trusted domain. This enables you to easily identify exactly when a file was shared with a user outside your list of Trusted Domains. FFS_6.3.0
Various accessibility improvements

March 12, 2020

If you have a Code42 Platinum or Diamond product plan, File Activity Notification profiles will soon be discontinued, given the new and improved options available in Alerts. You must recreate any existing File Activity Notification profiles in Alerts to continue notifications. See Migrate Activity Notification profiles to alerts for more information.

March 10, 2020

Updates to Forensic Search:

In the Device section of the file event details, adds a link to the User Profile for the Code42 user associated with the file event. The User Profile highlights file activity for that user over the past 90 days that may indicate a file exfiltration risk.
Adds support for wildcard characters (*, ?) to all search filters except MD5 hash, SHA256 hash, IP address, and file size.

March 9, 2020

Cleans up data shown in the file activity graphs of the User Profile to no longer show line items where file events are equal to zero in the summary previews.

March 6, 2020

Updates to the Departing Employees list:
- Adds columns for Total File Events and Total Size of Files
- Removes the Date Added column
- Results are now sorted by Total File Events by default. Previously, the default sort order was by Date Added.

March 3, 2020

Updates to Forensic Search:

Improvements to the search filter interface:
- Updated styling
- Improved accessibility
- New searches now default to the Filename filter. Previously, the default was MD5 Hash.
For cloud and email events, clicking the filename in the event details now opens the file in a new browser tab. Previously, the file opened in the same tab as the search results.

March 2, 2020

Alerts now lists the first ten files impacted by file events in notification emails.

Bug fixes

March 19, 2020

Performance and stability improvements.
In Code42 environments with an on-premises authority server that use Code42 cloud storage, fixed an issue which could prevent devices from being able to connect to the Code42 cloud under a very specific set of network port configuration circumstances.
Authentication and directory services settings now properly inherit values from the parent organization by default.
Fixed an issue in which attempting to search for a GUID in the administration console returned an error.
Fixed an issue for Code42 environments using SCIM provisioning: deleting a SCIM group now applies the default Code42 roles (Desktop User and PROe User) to any users in that group. Previously, the role mapping defined by the deleted group remained in place.
Fixed a rare display issue in which the web restore date picker could continue to appear at the bottom of the administration console after navigating to a different page.
Fixed an issue in which restoring files from the administration console could fail if you selected a folder to restore and then deselected sub-folders within the selected folder.

February 2020

Features

Video summary

Watch the short video below for a summary of features released this month.

Greater visibility into file activity of high risk employees

February 19, 2020

Code42's new High Risk Employee lens provides comprehensive insight into file activity of employees you identify as a risk (for example, users with elevated permissions, access to sensitive data, on a performance improvement plan, etc.). The Detection > High Risk Employees section of the administration console enables you to:

Quickly identify suspicious file activity of high risk employees over the past 90 days
Assign risk factors to employees to provide more context for insider threat investigations
Easily review both endpoint and cloud sync file activity

High Risk Employee user profile and activity

Forensic File Search now searches backups from all users to locate and download file contents

February 12, 2020

When downloading file contents in Forensic File Search, the file event details now offers the option to search other locations if the file isn't found in the user's backup archive. Clicking Search Other Locations searches the backups of all users in your Code42 environment, which greatly increases the chance the file will be available for download. Previously, files could only be downloaded if there was an exact filename and file path match in the backup archive of the user associated with the event.

More subscription options for monitoring insider threats

February 11, 2020

The Code42 Diamond product plan offers a new subscription option for many of Code42's most advanced insider threat features, including:

The Risk Exposure dashboard, which highlights suspicious file activity
A highly customizable Alerts framework to notify you when when important data may be leaving your organization
The powerful Forensic Search interface, which offers advanced search capabilities for investigating file exfiltration activity

Previously, some of this information was available via a CSV export, but full access to these features required the Code42 Platinum product plan.

Requires Code42 app version 7.7.0.

Code42 insider threat features

Use one deployment policy to register users in multiple organizations

February 11, 2020

Deployment policies can now leverage custom user detection scripts that dynamically assign users to different organizations. Previously, deployment policies could only register users to a single organization.

Requires Code42 app version 7.7.0.

Other enhancements and updates

February 25, 2020

In the User Profile, file activity for the last 30 days now defaults to an exfiltration type with recent activity. Previously, the Synced to Cloud Service filter was always selected by default, even if there was no cloud service file activity for the user.

February 24, 2020

In Forensic Search, custom column preferences are now maintained upon page refresh and across sessions.

February 19, 2020

On the Device Details screen and in the list of active devices, Destination Status is now labeled Authority Connection. This is a label change only. The status continues to indicate if the device is connected to the Code42 cloud.

February 13, 2020

Updates the process of adding a departing employee so that the window slides in from the right rather than appearing in a pop-up modal.
Adds the ability to remove a user from the list of departing employees from within the User Profile.
On the Endpoint dashboard, the Data Summary columns are now sortable.

Bug fixes

February 19, 2020

Security updates.
Performance and stability improvements.
Fixed an issue in which the text-only version of the backup status report email displayed some fields incorrectly.
In Code42 environments with an on-premises authority server also using Code42 cloud storage, fixed a rare issue in which backup storage statistics did not update properly.
Fixed a rare issue in which clicking the link in an activity notification email to view user activity did not display any results.

Known issues

In activity notification emails sent before February 19, 2020, clicking a link to user activity details results in an error. To see details for this activity, search for the user.

January 2020

Features

Video summary

Watch the short video below for a summary of features released this month.

Endpoint dashboard provides visibility for devices not reporting security events

January 30, 2020

A new Endpoint dashboard identifies user devices not sending file event data to Forensic File Search. This improved visibility can help you troubleshoot specific devices to ensure Code42's security monitoring is capturing file activity on all active devices in your Code42 environment.
Endpoint dashboard - endpoints not reporting security events graph

Better visibility into endpoint and cloud services file activity for all users

January 30, 2020

A new User Profile search interface provides comprehensive insight into file exfiltration risk for all users. The Investigation > User Activity section of the administration console now enables you to review both endpoint and cloud sync file activity for the last 90 days to quickly identify suspicious file activity.

Previously, much of this information was only available for users added to a departing employee profile or via CSV export.

Requires the Code42 Platinum product plan.

Sync destinations added to Risk Exposure dashboard

January 27, 2020

The Risk Exposure dashboard now shows you where employees are syncing files. By reviewing the Synced to Cloud Service details, you can quickly see if users are syncing files to unapproved cloud services.

Sync Destination shown on Synced to Cloud Service

Forensic File Search adds search filter for files shared with trusted domains

January 17, 2020

Trusted Domains settings enable you to easily exclude files shared with approved domains from search results in Forensic File Search.

To use the new search filter:

Add domains you trust to Administration > Settings > Trusted Domains.
From Investigation > Forensic Search, add the Exposure Type filter to your search criteria and select the value Outside trusted domain.

File categories added to Alerts

January 16, 2020

You can now add file category filters to Alerts to help you more easily determine what types of files (spreadsheets, zip files, source code, and multimedia, for example) are leaving your organization.

Sync destinations added to Departing Employees lens

January 13, 2020

The Departing Employees lens now shows you where employees are syncing files. By reviewing the sync destination details, you can quickly see if users are syncing files to unapproved cloud services.

Sync Destination on the Departing Employees lens

Risk Exposure dashboard highlights departing employee activity

January 2, 2020

The Risk Exposure dashboard now includes a summary of potential exposure events gathered from the Departing Employees lens. Click any value for more details.

Departing Employees tile on the Risk Exposure Dashboard

Enhancements and updates

January 29, 2020

The Administration > Dashboard menu now contains sub-menus for Endpoint and Usage.
- Endpoint provides visibility for devices not sending file event data to Forensic File Search.
- Usage (the previous landing page) displays a summary of users and backup storage in your Code42 environment.
Updates to endpoint monitoring settings:
- Forensic search is renamed File Metadata Collection.
- Removes the options to enable/disable the File restore and Pattern matching detection types.
Updates to SCIM provisioning:
- The Sync Log now includes entries for changes to any of the following user attributes: Title, Division, Department, Manager, Employment Type, Manager, Locality, Region, and Country.
- When using the Code42 API to customize SAML attributes, the authnContextComparison attribute is now optional.
Alerts notifications now indicate if the alert is due to a departing employee's activity.
Devices using unsupported Windows 10 versions (builds 1507, 1511, and 1703) will not upgrade to newer versions of the Code42 app. To upgrade, Windows 10 devices must run supported versions.
Streamlined the process of creating a security alert.

January 8, 2020

Updates to Forensic File Search:

The label for the file category archive is renamed zip.
Improves keyboard navigation accessibility in the Save Search and Export Results to CSV dialogs.

Bug fixes

January 29, 2020

Performance and stability improvements.
Fixed: The Administration > Organizations screen now loads much faster for Code42 environments with many child organizations.
Fixed a web restore issue: filenames containing apostrophes now properly appear in search results. Previously, searching for a filename containing an apostrophe could return no results even if the file was backed up and available to restore.
Fixed: Exporting organization details to CSV now reports correct values for selectedFiles, totdoBytes and todoFiles. Previously, these fields could incorrectly report zero or null under certain circumstances even though there were files selected for backup.
Improvements to logging.
Fixed: Two-factor authentication for local users can now be enabled if a user's password contains special characters.
Fixed: Using the action menu to block or unblock a user now immediately updates the status icon next to that user. Previously, even though the blocking or unblocking succeeded, refreshing the page was required to see the current status for the user.
For Code42 environments managing their own external keystore, connection failures now display more specific error messaging on the Administration > Settings > Keystore page and in the logs.
Fixed an intermittent display issue which could cause page styles to render incorrectly when navigating between specific screens in the administration console.
Updates to translations.

January 8, 2020

Fixes an issue in which downloading files from Forensic File Search was not available in the Safari web browser.
Improves error messaging if File Size search criteria is blank.

Previous release notes

For release notes prior to January 2020, see Code42 cloud 2019 release notes.