Code42 cloud release notes

File exfiltration detection for Windows shared network drives

June 18, 2019

On Windows devices, uploads and downloads to and from shared network drives now appear in Security Center Application Activity and as Forensic File Search Exposure events. (Mac devices already report file exfiltration via network shares.) Requires Code42 app version 7.0.0. 

Other enhancements and updates

June 11, 2019

Updates to Forensic File Search:

• Security updates. 
• Adds a new insertionTimestamp parameter to the fileevent resource in the Code42 API. This indicates when the event was received for indexing by the Code42 cloud. By making note of the latest insertionTimestamp value in your query results, you can more easily isolate new file events in a future query by specifying an insertionTimestamp greater than the value noted in your last query.

June 5, 2019

• Updates the URL to obtain Forensic File Search API authorization tokens. If you have any existing scripts or API integrations, you must update the GET requests to use the new URLs. 

June 3, 2019

Updates to Forensic File Search:

• User experience improvements related to pre-populating default search values and search criteria error validation. 
• Updates to translations.
• Improves keyboard navigation accessibility for the Events observed in the last filter.

June 18, 2019

• Security Center Application Activity and Forensic File Search Exposure events for uploads and downloads to and from shared network drives are missing some metadata, including the SHA256 and MD5 hashes, file size, and file category.

Data exposure dashboard

May 30, 2019

A new administration console dashboard with visualizations of file exposure activity on user devices is available for Code42 environments licensed for Forensic File Search.

Forensic File Search relative time filters

May 23, 2019

The Forensic File Search date filter adds a new Events observed in the last option to select pre-defined time periods ranging from the past 15 minutes to the past 30 days. This is especially useful for saved searches because they can be used at any time in the future and still search the same relative time period.

New roles to modify users

May 22, 2019

New User Modify and Cross Org User Modify roles enable more fine-grained control for administrator permissions. These new roles allow help desk personnel to manage users in an organization, but prevents them from managing or changing settings in the organization itself. 

Other enhancements and updates

May 23, 2019

• The Forensic File Search date filter now automatically appears at the top of the search criteria, and all searches must include a date range.

May 22, 2019

• Security updates.
• Performance and stability improvements.
• The App Downloads screen now includes the SHA-1 hash for each installer. This enables administrators to validate the authenticity of the downloaded file.
• For Code42 environments with multiple SSO identity providers, users are now only given the choice of selecting providers offered to their organization. 
• In the administration console, exporting CSV files containing device data now includes several fields previously only available via the Code42 API. 
• The backup status report email now lists devices that have not yet completed their first backup as In Progress in the Last Completed column. Previously, these devices displayed a dash (-) in the Last Completed column.
• Updates third-party library Netty to version 4.1.33.
• Updates Forensic File Search file category mappings to recognize over 100 additional file types.

May 22, 2019

• Performance and stability improvements for very large Code42 environments in which the number of subscriptions in use exceeds the number of subscriptions purchased.
• Corrects a rare issue in which users with the Customer Cloud Admin role were unable to migrate to a new Vault keystore.
• Corrects a rare issue in which using an old bookmark to access the Code42 cloud administration console could prevent some pages from loading properly.
• In the Code42 API, corrects an issue with the Computer resource in which including the export parameter to generate a CSV file did not include all fields when the incAll parameter was set to true.
• Improvements to logging.
• Corrects an issue in which archive maintenance could not be run twice in a row under certain circumstances. 
• In the administration console, corrects an issue in which exporting a CSV file of organizations, users, or devices could fail to export if the results contained more than 1,000 items.
• Corrects an issue in the Device Status Report in which the Export Records button was not localized.
• Corrects a very rare issue in which performing a web restore of files with non-ASCII characters in the filename replaced some characters with question marks (?) in the restored filename.
• Corrects an issue in which performing a web restore for a single file containing both a space and an international character in the filename replaced the space with a plus sign (+) in the restored filename.
• Improves error messaging for email customizations when attempting to upload a co-branded logo that exceeds the maximum allowed file size. 
• Corrects a rare issue in which using certain Unicode characters (including some emoji, and some Chinese, Japanese, and Korean characters) in the names of files or wireless networks excluded by the Code42 app could prevent Code42 configuration settings from loading properly.
• Corrects an issue in which some users were unable to access the Forensic Search page after signing out of the administration console and signing in again.

May 13, 2019

Updates to Forensic File Search:

• Performance and stability improvements.
• The column names in the CSV export now match the column names used in the on-screen results.
• Corrects a rare issue which prevented a user from exporting results to CSV if the display language was changed while the Export Results window was open.

Improved cloud exposure insights in Forensic File Search

April 18, 2019

Forensic File Search adds three new Exposure Type filters to help you better identify where files are shared in the cloud: 

• Public on the web (Google Drive only): The file is available on public search engines and accessible to the entire World Wide Web.
• Public via direct link: The file is not listed in public search engines, but is available to anyone who accesses the link.
• Shared with corporate domain: The file is not publicly accessible, but is available to all users on your corporate domain.

Search by time in Forensic File Search 

April 4, 2019

Forensic File Search now supports searching file events within a specific time window, in addition to dates.

Email co-branding

April 3, 2019

Introduces the ability to add your own logo to co-brand the message body of Code42 email notifications for many types of events, such as user backup status alerts, administrator backup status reports, and password recovery requests.

Other enhancements and updates

April 3, 2019

• Expands file exfiltration detection to capture file activity for OneDrive for Business. (Requires Code42 app version 6.9.4.) 
• Adds the ability for users with the Customer Cloud Admin role to send test emails.
• Reactivating a deactivated user now automatically resumes existing backups for that user. Previously, administrators needed to manually re-attach the backup archive to the reactivated user's device to resume backups.
• When managing billing information from the Account Information screen of the administration console, agents in the Managed Service Provider Program are now redirected to 2Checkout, our third-party e-commerce service provider. 
• Removes the myClusterComputerId query parameter and output value from the Code42 API Cluster resource. This value was empty and no longer in use.

April 18, 2019

• Corrects a Forensic File Search issue in which clicking the name of a search in the Saved Searches dropdown did not load the selected search under very specific circumstances.

April 15, 2019

Updates to Forensic File Search:

• Corrects several minor cosmetic display issues.
• Adds a help link in the file event details for more information about how file categories are determined.

April 8, 2019

• Corrects an issue introduced with the initial release of version 6.9.4 on April 3 in which attempting to export Security Center User Activity to a CSV file resulted in an error.
• Corrects an issue for Code42 environments that upgraded to the Code42 cloud from an on-premises authority server in which users with upgraded archive encryption key security could not update their archive key password.

April 4, 2019

• In Forensic File Search, the on search operator is no longer available for Date Observed. Existing saved searches and bookmarks on a specific date were automatically converted to an is in range search on that date from 00:00:00 to 23:59:59.999.

April 3, 2019

• Performance and stability improvements.
• Corrects an issue introduced in version 6.9.2 that could cause Code42 API requests to the Computer resource to fail under very specific circumstances.
• Corrects an issue introduced in version 6.9.1 that prevented users with the Customer Cloud Admin role from being able to update Security settings for an organization under certain circumstances.
• Updates the default Mac user detection script to better detect usernames in certain circumstances that caused the script to fail previously. 
• Adding a destination to a backup set for an organization now limits the destination to that backup set. Previously, the destination was added to all backup sets.
• Device details now appear more quickly when clicking search results for a specific device in the administration console. 
• Corrects an issue for Code42 environments with more than one configured SSO provider in which users were unable to sign in under certain circumstances.
• Corrects an issue in which adding two file paths to a Legal Hold preservation policy that differed only by capitalization only saved one of the paths.
• Using the administration console to manually add to the backup file selection for a device now accepts file paths for any operating system. Previously, file paths were only accepted for the operating system of the selected device, but that complicated the ability to transfer file backups to a new device with a different operating system. 
• Corrects an issue in which archive maintenance did not run as scheduled for some archives.
• Corrects an issue in which attempting to pause backups to a specific destination via the administration console command-line interface (CLI) did not work if users were backing up to local destinations. 
• Corrects an issue introduced in version 6.9.2 in which performing a device restore from the administration console did not restore files with the selected permissions in certain circumstances.
• Corrects an issue in which uploading the same file via two different applications (for example, a web browser and FTP) at almost the same time could only generate one file event instead of two. (Requires Code42 app version 6.9.4.)
• Corrects an issue for Windows devices in which Security Center user activity results could incorrectly report file upload events for files that were only accessed by the web browser and not actually uploaded. (Requires Code42 app version 6.9.4.) 
• Corrects a rare issue in which users were unable to manually start archive maintenance after recently performing a web restore.
• Improvements to archive maintenance.
• In the Code42 API documentation viewer, improves the description of the q parameter in the User resource.
• Corrects an application compatibility issue between Dropbox team drives and Code42 Security Center reporting. (Requires Code42 app version 6.9.4.) 
• On Mac devices, corrects an application compatibility issue between iCloud Drive and Code42 Security Center reporting. (Requires Code42 app version 6.9.4.) 

File categories in Forensic File Search

March 4, 2019

Forensic File Search now groups files into categories based on analysis of the file contents and file extension. This enables you to narrow your searches to specific types of files. For example, performing a search for the Image file category returns file activity for .gif, .jpg, .png, and many other known image file types. File categories can also help identify instances of a user changing a file extension. For example, if a file event has the file category Spreadsheet but the filename uses the .jpg extension, it may indicate an attempt to hide or exfiltrate data.

For a complete list of file categories and the specific file types in each category, see Forensic File Search file categories.

March 27, 2019

• Improvements to archive maintenance.
• Agents in the Managed Service Provider Program can no longer manage billing information from the Account page of the administration console. If you are affected by this change, Code42 has already emailed you with new instructions for managing your billing information.

March 12, 2019

Updates to Forensic File Search:

• Corrects an intermittent issue in which the Forensic File Search screen did not load properly after signing out and signing in again.
• Improves the accuracy of the Date Observed reported in the file event details. 
• Corrects an issue in which the Exposure Type was incorrectly populated for some file events that did not present an exposure risk (for example, file Modified or No longer observed events).

March 6, 2019

• In Forensic File Search, cloud service data sources with expired licenses are now deauthorized within 24 hours.

Hide the Code42 app from user view

February 27, 2019

A new Client Visibility setting in the administration console gives administrators the choice to show or hide the Code42 app on user devices. The default setting is Visible, which keeps Code42 easily accessible to users. Setting the visibility to Hidden removes most user-facing indications of Code42's presence on the device, but does not uninstall any Code42 components, so file backups and Code42 Next-Gen Data Loss Protection monitoring continue to run in the background.

Email customization

February 27, 2019

Introduces the ability for Code42 cloud customers to customize the sender email address and message body of Code42 email notifications for many types of events, such as user backup status alerts, administrator backup status reports, and password recovery requests.

Restore to original location

February 27, 2019

The administration console now allows you to restore files to the original location on the device. Previously, restoring to the original location was only available for restores initiated from the Code42 app on the device or the Code42 API. 

Exfiltration and exposure data in Forensic File Search 

February 21, 2019 (requires Code42 app version 6.9.2)

New Exposure Type filtering options in Forensic File Search offer greater visibility into file movement throughout your organization. This enables you to more easily investigate these types of file activity on user devices:

• Synced to cloud service: Monitors files that exist in a folder used for syncing with cloud services, including iCloud, Box, Dropbox, Google Drive, and Microsoft OneDrive
• Activity on removable media: Monitors file activity on external devices, such as an external drive or memory card
• Read by browser or other app: Monitors files opened in apps that are commonly used for uploading files, such as a web browser, Slack, FTP client, or curl

File exfiltration data is still also available via the Security Center > User Activity section of the administration console, but the addition of this data to Forensic File Search introduces more advanced search options, and also brings some file activity details to the administration console that were previously only available via CSV export.

February 27, 2019

• Security updates. 
• Performance and stability improvements. 
• Dramatically improves page load time for viewing the details of organizations with many thousands of devices.
• Corrects a rare issue in which users were unable to manually start archive maintenance under certain circumstances. 
• Corrects an issue in the Device Status Report in which some items appeared in English when a non-English language is selected.
• Corrects an issue in which performing a web restore via the administration console for files with international characters in the filename replaced those characters with question marks (?) or underscores (_) upon restoring the files.
• Corrects an issue in which Code42 User Directory Sync could incorrectly indicate in the Sync Log that a username changed if the user's email address contains uppercase letters. 
• Improves sync processes between on-premises authority servers and the Code42 cloud.
• Corrects an issue in which attempting to export a list of users or devices to CSV could fail under certain circumstances.
• Directory sync notification emails now stop sending if your Code42 User Directory Sync license expires.
• Corrects an issue in which the File Path Mismatch warning dialog could appear upon saving Device Backup Default settings unrelated to the File Selection.
• Corrects an issue in which users with the Customer Cloud Admin role were unable to perform an Access Lock under certain circumstances.

February 11, 2019

Updates to Forensic File Search:

• Performance and stability improvements.
• The free-form search criteria fields no longer use the web browser's spellchecker. In most cases, spell-check was not helpful, because valid hash values or file paths were often highlighted as spelling errors, yet they were correct as entered. 
• Corrects an issue in which the error message for being unable to save a search did not display the correct name of the search. 

Delayed client updates

January 23, 2019

New Client Updates settings in the administration console enable administrators to define Code42 app update schedules by organization. Configuring these settings to specify when new versions of the Code42 app are released to user devices enables you to:

• Test new Code42 app versions on a small group of users before updating all users in your Code42 environment.
• Schedule Code42 app upgrades to better align with your change management process.
• Create a staggered rollout schedule based on organization.

Watch the short video tutorial below for an example of how to define a client update schedule.

January 23, 2019

• Security updates.
• Performance and stability improvements.
• In the Reporting > Device Status search results, the Client Version column now displays the Code42 app version, including the build number. For example, 6.9.2.123 indicates Code42 app version 6.9.2, build 123. Previously, the Client Version column displayed a longer string that did not clearly identify the build number. 
• For Code42 environments with an on-premises authority server also using Code42 cloud storage:
  • Corrects a rare issue in which restoring files from the administration console could fail if the target restore device is different than the device that originally backed up the files.
  • Corrects a rare issue that could prevent backup report emails and alerts from sending properly.
• Adding a new file path to the backup selection of a locked backup set now overrides any existing paths. Previously, the new and existing paths were both included in the backup file selection.
• The option to enable Forensic File Search now only appears if your Code42 environment is licensed for this feature. Previously, some unlicensed environments saw this option in the administration console, although enabling it had no effect.
• Corrects an issue introduced in version 6.9.1 in which clicking the Run a Device Report icon on the Administration > Users screen did not display the report.
• Adds an Upgrade Clients option to manually upgrade the Code42 app on all devices in an organization.
• On the Reporting > Device Status screen, corrects an issue introduced in version 6.9.1 in which the User Profile Status search filter did not appear under certain circumstances. 
• Updates the product plan and add-on features names listed at the top of the Administration > Subscriptions page to use the full product name instead of an abbreviated product code. 
• Improvements to logging.
• Corrects an issue in which Security Center user activity could incorrectly report a single download action as both an upload and download event under certain circumstances. Requires Code42 app version 6.9.2. 
• Corrects an issue introduced in version 6.8.2 in which selecting Replace a Device from the action menu for a specific device could incorrectly deactivate the new device instead of the old device if both devices are still online.
• Improvements to translations.
• Corrects an issue in which the Client Management screens did not correctly display non-English languages.
• Corrects an issue in the email titled Your Code42 for Enterprise license keys are ready in which an outdated customer email address could appear in the message body.

January 15, 2019

• Corrects a Forensic File Search issue in which deleting or saving changes to an existing search did not work correctly in Internet Explorer 11.

January 9, 2019

Updates to Forensic File Search:

• When viewing the expanded details of a saved search, clicking Cancel or Save now collapses the details. 
• The quick view list of saved searches now sorts alphabetically. Previously, the list was sorted by last modified date. 
• Adds new parameters to the Code42 API fileevent and fileevent/export resources to show exposure details for potential file exfiltration events. These new parameters are all searchable and also appear as output values: RemovableMedia, processOwner, processName, removableMediaVendor, removableMediaName, removableMediaSerialNumber, removableMediaCapacity, removableMediaBusType, syncDestination. See the Code42 API documentation for complete details.