Code42 cloud release notes

Last updated
Save as PDF
Share
1. Share
2. Tweet

Who is this article for?

Incydr Professional and Enterprise

Incydr Basic and Advanced

CrashPlan Cloud

CrashPlan for Small Business

Incydr Professional and Enterprise, yes.

Incydr Basic and Advanced, yes.

CrashPlan Cloud, yes.

Other product plans, yes.

CrashPlan for Small Business, no.

Overview

This page lists new features and bug fixes released to the Code42 cloud. Click a month below to expand or collapse the details.

These updates primarily impact cloud-only Code42 environments (without on-site authority or storage servers), but some of the fixes and enhancements also apply to Code42 environments with on-premises authority servers that use Code42 cloud storage.

For the Code42 app, see Code42 app version 8.6 release notes.

July 2021

Features

New comprehensive risk prioritization model

July 28, 2021

Incydr introduces a new numeric scoring framework to identify and prioritize insider risk. Based on over 60 individual risk indicators, Incydr highlights the file activity and user behaviors that create the greatest file exfiltration and exposure risk, helping you quickly identify and respond to the most critical risks to your data.

For example, if a user uploads source code outside their normal hours to an untrusted cloud service, that file event would contain three risk indicators, each with its own risk score:

A File risk indicator for the heightened risk of source code file activity (+3)
A User risk indicator for the off hours file activity (+1)
A Destination risk indicator for the upload to an untrusted cloud service (+5)

The sum of all three risk indicators produces a risk score of 9. This indicates a critical severity event, signaling it should be prioritized for more investigation. Learn more about severity levels and how risk scores are calculated.

This new risk severity scoring is incorporated throughout Incydr, including the Risk Exposure dashboard, Forensic Search, Cases, and Alerts. For more details:

Risk prioritization throughout the Code42 console

New Security Administrator role

July 22, 2021

A new Security Administrator role grants permissions to manage the infrastructure of your Incydr environment, but not view the user activity details of insider risk investigations.

We recommend assigning the Security Administrator role instead of Customer Cloud Admin to administrators who need to manage items like data connections, integrations, and client installations, but who do not need access to Incydr features (such as the Risk Exposure dashboard, Forensic Search, Alerts, and the High Risk and Departing Employees lists).

New Microsoft Office 365 email service data connection to monitor all attachments

July 20, 2021

Code42 has added a new email service data connection for Microsoft Office 365. This new data connection differs from Code42's existing Microsoft Office 365 DLP data connection:

The existing Microsoft Office 365 DLP data connection collects information about an email attachment only when that attachment violates an existing data loss prevention (DLP) policy set up in the Microsoft Office 365 Security & Compliance Center.
Like Code42's Gmail data connection, the new Microsoft Office 365 data connection collects information about all email attachments sent by monitored accounts, not just the attachments that violate DLP rules. This new data connection gives you more flexibility in monitoring the movement of important files while simplifying configuration by eliminating reliance on policies set up in other environments.
LIke all Code42 data connections, this new connection also collects the file classification metadata from Microsoft Information Protection (MIP) that's applied to attachments. This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.

Due to permissions and reporting, Microsoft Office 365 email accounts monitored by Code42 must have a subscription that includes Advanced Audit.

Enhancements and updates

July 21, 2021

For organizations with two-factor authentication for local users enabled, the Code42 console sign-in screen now requests both the password and two-factor code in the same step.
Added User role assigned and User role revoked event types to the Audit Log to record when an administrator assigns or removes roles from a user.

Bug fixes

July 27, 2021

Fixed an issue introduced on July 21st where some users experienced problems signing in to the Code42 console or accessing the Code42 app.

July 21, 2021

Performance and stability improvements.
Fixed an issue where users with the User Modify role were not able to update the username and email address for users in organizations using SSO authentication.
Fixed a rare issue where a Customer Cloud Admin was unable to assign the Customer Cloud Admin role to another user.
In the Code42 API, fixed an issue where an invalid request could return an incorrect error code under certain circumstances.

Known issues

The Sync Log may not display some user attributes for Azure SCIM providers (for example, City, State, Country, Manager, Title, and Department). This is a display issue only; the attributes are still associated with the user, but do not appear in the Sync Log.
Users with only the new Security Administrator role cannot view some deployment policy details, such as the name of the SSO provider for an organization, the client visibility setting, and whether an organization is deactivated.

June 2021

Enhancements and updates

June 28, 2021

In the Departing Employees list and High Risk Employees list, increased the character limit of the Notes field from 250 to 1000.
To improve initial indexing performance and limit vendor throttling, the Google Drive cloud service connector now monitors a shared drive only when at least one of its members is an in-scope user.

June 16, 2021

Security updates.

Bug fixes

June 16, 2021

Performance and stability improvements.
Fixed an issue where backup exclusions were not applied properly under certain circumstances.
Fixed an issue where changing a username in the Code42 console unnecessarily prompted users to also update their password under certain circumstances.
Fixed a broken link on the Subscriptions page.
Fixed a broken link in the directory sync notification email.
Improved accuracy of restore statistics and Audit Log events if an error during a push restore prevented all files from being restored.
Fixed an intermittent issue where Code42 app logs retrieved from the Code42 console were not downloaded as a .zip file as expected.
In the Edit User Roles dialog:
- Fixed an issue where some permission descriptions only displayed the name of the permission, instead of a descriptive explanation.
- Fixed an issue where some roles displayed the same permission twice.
- Fixed an issue where some permissions were not sorted alphabetically.
Fixed an issue with Code42 User Directory Sync (UDS) and Azure provisioning where entering a country code with lowercase characters could prevent changes to other fields from saving properly.
In the Sync Log, fixed a very minor issue where unmapped role names did not display correctly (for example, "Desktop User" was displaying as "desktop-user").

June 7, 2021

Fixed an issue where trusted domains were not properly applied to OneDrive events under specific circumstances.

May 2021

Enhancements and updates

May 25, 2021

Added support for a single SSO identity provider to be used in more than one Code42 environment. This enables large organizations and universities that use the same identity management infrastructure across multiple divisions or departments to maintain separate Code42 environments.
The Code42 API Org resource and the organizations CSV export now return two new unique identifier fields: orgGuid and parentOrgGuid.

May 20, 2021

In Forensic Search, the off hours risk indicator now applies to cloud and email file activity. Previously, off hours activity was only evaluated for endpoint events.
Code42's Gmail data connection now collects the file classification metadata from Microsoft Information Protection (MIP) that's applied to attachments. This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.

May 18, 2021

Added the option to permanently delete a case.
Added a Case deleted event type to the Audit Log to record when cases are deleted.

May 14, 2021

Added event types to the Audit Log that record changes in the High Risk Employees list or Departing Employees list:
- Cloud alias added
- Cloud alias removed
- Departing employee added
- Departing employee alert settings changed
- Departing employee departure date changed
- Departing employee removed
- High risk employee added
- High risk employee alert settings changed
- High risk employee removed
- Risk factor added
- Risk factor removed
- Risk profile notes changed

May 11, 2021

In Forensic Search, the Source filter option for Office 365 changed to Office 365 Email to more clearly indicate it applies only to email activity in Office 365.

May 5, 2021

Released Code42 User Directory Sync version 1.6.2. For details, see the Code42 User Directory Sync release notes.

May 3, 2021

Added new recommended rules to Alerts. These additional rules make it easier than ever to create rules that identify suspicious activity, notifying you about file events involving earnings reports, archive or Zip files, source code files, reports generated from Salesforce, and more. In the recommended rules list, click View all recommendations for details about these new templates.

Bug fixes

May 25, 2021

Performance and stability improvements.
Fixed an issue where the descriptions in the Code42 console for two permissions were reversed: dataconnections.settings.read incorrectly listed edit capabilities and dataconnections.settings.write incorrectly listed read-only capabilities. This was only an issue with the description text. Users with the read permission could only view settings and were never able to add, edit, or remove data connection settings. Users with the write permission were always able to edit settings.
When creating or updating a SCIM user, improves error messaging when using a full country name instead of the required 2 letter country code.
Fixed an issue where creating a new user over an IPv6 connection could fail under certain circumstances.
Fixed an issue where exporting large CSV files from the Code42 console could take several seconds to start downloading in the web browser. Now, the download progress is visible immediately.
Improved accuracy of restore statistics and Audit Log events if a restore is canceled before it completes.

April 2021

Features

New criteria-based Alert rule builder

April 26, 2021

Alerts now includes a rule builder that thinks the way you do. You can now build alerts by easily mixing and matching rule settings based on the file activity your organization has identified as risky. This allows you to build more targeted, meaningful rules that reduce noise and increase fidelity. Use Alerts to watch for the movement of specific files (either by filename or extension) or file categories to a variety of exfiltration destinations.

New Alerts rule builder

New roles for Incydr

April 21, 2021

New roles for Incydr simplify role assignment and enable you to grant more granular permissions to users responsible for managing, detecting, and responding to insider risks. New roles include:

Insider Risk Admin: Assign to the administrator responsible for managing the team of insider risk analysts. This role provides read and write access to all Incydr functionality.
Insider Risk Analyst: Assign to analysts who investigate and respond to insider risks, but who you do not want to maintain users in the High Risk Employees list or the Departing Employees list.
Insider Risk Read Only: Assign to people who need to be kept informed about insider risks, but who you do not want creating alert rules, cases, or saved searches. This role provides read-only access to Incydr functionality.

New roles for device management

April 21, 2021

New Org Computer Modify and Cross Org Computer Modify roles provide more granular control over managing devices. For example, assign in conjunction with a help desk role to enable support personnel to add and deactivate user devices.

Integrate with Slack for insider risk response

April 2, 2021

Use automated integrations to send alerts to Slack, from which you can review and respond to them.

Slack_integration

The automated Slack message about the alert provides the following options:

Click the Actor link to view the user's profile.
Click the Review Alert in Incydr link to view more details about the alert.
Click Generate DM template to generate customizable direct message content to then copy and paste into a message to send to the actor.
Click Close Alert to close the alert from within Slack.

See more information about automated integrations.

Enhancements and updates

April 28, 2021

Code42's cloud services now collect file classification metadata from Microsoft Information Protection (MIP). This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.

April 27, 2021

In Forensic Search, a simplified design for the Saved Searches screen is now more consistent with other areas of the Code42 console. Highlights include fewer columns and details that slide in from the right instead of expanding within each row.

April 22, 2021

Added automated integrations options to take action when new file events appear in the results of a saved search, for example, automatically send an email to a specified address or open a new Case.

April 20, 2021

On the Risk Exposure dashboard, added indicators to the Top users by file activity to show when an employee is on a risk detection list such as the Departing Employees or High Risk Employees list.

April 16, 2021

On the Risk Exposure dashboard and User Profile, AirDrop is now listed as a separate destination. Previously, AirDrop events were listed in the "Other" destination.

April 13, 2021

On the Risk Exposure dashboard and User Profile, the date selector now appears in the upper-right corner and applies to all items on both screens. Previously, each area had a separate date selector.

April 12, 2021

Code42 announces support for Amazon WorkSpaces that run a currently supported Windows operating system. Code42 app version 8.5.1 or above must be installed on the virtual desktop, and additional configuration is required.
Forensic Search and Cases now display file classification metadata from Microsoft Information Protection (MIP). This metadata can help provide additional risk context if you already use MIP in your organization.

April 6, 2021

The Incydr Basic product plan now includes additional features:
- Case management for security investigations
- The Departing Employees and High Risk Employees lists for risk detection
- One data connection to monitor files moving to and from cloud services (for example, Box, Google Drive, and OneDrive), or attachments sent through email services (such as Office 365 Outlook)
Increased the limit of employees that can be on a risk detection list from 5,000 to 10,000 users.

April 5, 2021

Added filters to the risk detection lists:

The Departing Employees list now allows you to filter the list by department, departure date, and only employees on the list with file events.
The High Risk Employees list now allows you to filter the list by department, risk factors, and only employees on the list with file events. Previously, you could only filter on risk factors.

Bug fixes

April 28, 2021

Fixed an issue in Alerts in which default rules created by the Departing Employees or High Risk Employees lists generated alerts when those lists did not contain any Code42 usernames.

April 21, 2021

Performance and stability improvements.
Improvements to sync processes between the Code42 cloud and on-premises authority servers.
Fixed an issue where exporting CSV reports for users and devices in very large Code42 environments could take a very long time to complete.
Fixed an issue in the Audit Log where zip file download events incorrectly included a value for Device guid data is pushed to. (Zip file downloads occur via web browser, not the Code42 app on a device, so are not associated with a specific device guid.)
Improved error messaging when minimum password requirements aren't met for new user registrations.

April 7, 2021

Fixed an issue in OneDrive where usernames and exposure field values were duplicated in Forensic Search. Previously, when a file in OneDrive was shared with Sharepoint users, those users may have been listed in the Shared with users field using this convention: "sharedlinks.<ID>.flexible.<ID>." This value also resulted in duplicate "Outside Trusted Domains" entries for the File exposure changed to and Exposure type fields in Forensic Search.

March 2021

Features

Unified username search across endpoints, cloud, and email

March 4, 2021

In Forensic Search, the Username search filter now returns results for endpoint, cloud, and email file events. Previously, there were separate fields for each data source. Specific updates include:

The Username (Code42) field is renamed Username.
The Username metadata now appears in the Event section of the file event details. Previously, it appeared in the Device section.
The Username field continues to search endpoint file events, but now also returns cloud and email events for that user. Previously, searching cloud and email events required entering a username in the Actor and Sender fields, respectively.

Enhancements and updates

March 18, 2021

Added event types to the Audit Log that record when an administrator or user restored files from the Code42 console, or a user restored files from the Code42 app:
- Restore started
- Restore ended
- ZIP file downloaded

March 17, 2021

Updated the Departing Employee Manager role to include permission to view and modify alert settings for departing employees.
Updated the High Risk Employee Manager role to include permission to view and modify alert settings for high risk employees.

March 15, 2021

In the rare case where the Active tab title and URLs are not available for a file upload event, the file event details now include a more specific description of why those values are unavailable. Requires Code42 app version 8.6 or later.

March 9, 2021

Adds Chinese, Korean, Thai, and Japanese to the supported languages for exporting a case summary PDF.

March 5, 2021

Released Code42 User Directory Sync version 1.6.1. For details, see the Code42 User Directory Sync release notes.

Bug fixes

March 17, 2021

Performance and stability improvements.
Fixed an issue on Windows devices where restoring a very large PDF file could result in duplicate files being restored.
Fixed an issue where some users with special characters or accent marks in their usernames were unable to sign in.
Fixed a rare issue where password resets could fail if the new password contained certain combinations of special characters.
Fixed an issue that only occurred in the Code42 federal environment on Windows devices backing up files with alternate data streams (ADS): restoring a previous version of a file now also correctly restores the associated ADS files.
In Forensic Search, fixed an issue where the detailed reason was missing for why a SHA256 or MD5 hash value is unavailable.

March 10, 2021

In Forensic Search, fixed an issue where clicking anywhere in the file event details unexpectedly closed them. Now, event details only close upon clicking the "x" icon in the upper right.

February 2021

Features

Destination-focused dashboard

February 25, 2021

On the User Profile and Risk Exposure dashboard, we've added a destination-focused tile to help you find the most critical information you need, faster. The Destination activity over time graph only shows destinations that have file activity and shows file event details for destinations such as cloud service providers, email, removable media, and source code repositories.

With this change, we transitioned the Endpoint over time and Cloud sharing over time data into the more robust Destination activity over time graph and have expanded the File category breakdown information into its own tile, keeping critical information in the forefront.

Quickly add multiple file events to a case

February 23, 2021

Forensic Search now includes a multi-select option, which enables you to quickly and efficiently add multiple file events to a case.

Forensic search - select multiple events to add to a case

Improved upload destination detection

February 16, 2021

When a user accesses more than one browser tab while file uploads are in progress, the event details in Forensic Search, Cases, and Alerts now list all tab titles and URLs visited during that upload. This helps provide a more complete view of user activity. Previously, only one tab was listed and in some cases it may not have accurately represented the upload destination, but instead indicated a tab viewed by the user while a file was being uploaded to a different tab in the background.
In the Forensic Search API, the windowTitle and tabURL fields are deprecated and replaced by tabTitles and tabURLs, respectively. The windowTitle and tabURL fields will continue to function normally until February 2022. However, the new fields provide better context for user activity so we recommend updating your scripts and integrations as soon as possible to take advantage of the new information.

Forensic Search usability improvements

February 4, 2021

Forensic Search adds several updates and enhancements to make it easier to review search results, including:

Event details now slide in from the right instead of expanding within each row of search results.
File download links now automatically appear if the file is backed up by any user in your Code42 environment. Previously, if there wasn't an exact match in the backup archive of the user who caused the file event, you needed to manually click the Search Other Locations button.
In the expanded event details, improved display of fields with very long values. For example, long file paths now automatically wrap to the next line and display the entire path (previously, some long values were truncated and could only be viewed in their entirety via the CSV export).
In the list of search results, improved display when many columns are selected, including pinned columns for common actions when scrolling horizontally.
Other minor usability updates.

Updated Forensic Search interface

Enhancements and updates

February 19, 2021

The Cases list is now automatically filtered to only show Open cases by default. This makes it easier to find and access your active investigations. Closed cases are still visible by clicking the filter icon and choosing Closed or Any Status.

February 17, 2021

Security updates.
Performance and stability improvements.
Devices using unsupported macOS 10.13 High Sierra will not upgrade to newer versions of the Code42 app.
When initiating a device restore from the Code42 console for a large number of files, files now start restoring to the target device more quickly than before.
Updated the on-screen setup instructions for local two-factor authentication to more clearly list additional options for generating the Time-based One-Time Password (TOTP) than only the Google Authenticator mobile app.

February 9, 2021

In the Forensic Search API, some fileCategory output values have updated strings (for example, SOURCE_CODE changed to SourceCode). If you use customized scripts or integrations that expect a specific string value in the fileCategory response, you may need to update them to account for the new category names.

February 4, 2021

Added event types to the Audit Log to record case actions:
- Case assignee changed
- Case closed
- Case created
- Case file event added
- Case file event removed
- Case subject changed

Bug fixes

February 17, 2021

In Forensic Search, fixed a rare issue where a file could be unavailable for download if the capitalization of the filename or file path changed after the file was backed up.
The confirmation dialog to deactivate a user now indicates that the backup archive will be placed into cold storage (according to the cold storage settings for the organization). Previously, the message implied the archive would be deleted immediately.
On the Restore History screen, values in the Restore To column are no longer clickable links. This fixes an issue where clicking a value in that column caused an error.
In the Forensic Search and Cases file event details, fixed an issue where the File exposure changed to field was temporarily labeled Sharing Type Added.

January 2021

Features

Code42 Developer Portal

January 11, 2021

The Code42 Developer Portal is a new resource site for those who want to write scripts to automate Incydr tasks and set up integrations.

Benefits of the portal include:

A single access point for documentation of methods for Incydr, including Code42's REST API, Python SDK py42, and command-line interface (CLI)
A single request URL for Code42 API calls to each cloud instance
Code42 API reference documentation as well as articles that describe how to use the APIs
Open-source contributions to the portal using GitHub

Code42 Developer Portal

Get help
For help using the resources in the Code42 Developer Portal, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Enhancements and updates

January 26, 2021

Adds the URL of files involved in activity on cloud services (when available) to the "File events" list in alert details and emails, giving you more context and information for investigations.

January 25, 2021

Enhancements to the Audit Log:
- Organized event types into categories to make it easier to filter and search for events.
- Added event types to log when Code42 support user access is enabled and disabled.

January 20, 2021

The Code42 console now displays a message when updates to device settings are in progress. This information provides visibility to administrators to confirm updates are processing, which reduces the chance of inadvertently submitting duplicate changes.
For provisioning provider synchronization, increased the maximum deactivation delay to 90 days. Previously, the limit was 24 hours.
The Identity Management > Provisioning list view now includes a Type column to differentiate between SCIM providers and Code42 User Directory Sync. Previously, the provisioning type was only displayed in the provider's details.
Security updates.

January 8, 2021

Case details now display additional risk context to provide a more holistic view of the user being investigated. Details include:
- If the user is on the High Risk Employees or Departing Employees lists.
- Other risk factor attributes in the user's profile (for example, High impact employee or Flight risk).
Added a Code42 support user type to the Audit Log search filter. Employ this user type to search for events triggered by Code42 support users who are given support access to your Code42 environment.

Bug fixes

January 20, 2021

Performance and stability improvements.
Fixed an issue where the Device details screen in the Code42 console could display the wrong Code42 app version.
Improved error messaging if a keystore migration fails.
Fixed an issue with Azure SCIM Provisioning where removing one user from a group could unintentionally move all users in the group to the "default" Code42 organization.
In the Administration section of the Code42 console, fixed an issue where previously-entered search terms could unexpectedly re-appear in the search box under certain circumstances.
Fixed an issue where some users with special characters or accent marks in their usernames were unable to sign in to the Code42 app via SSO (single sign-on).
Fixed a broken link in the Code42 for Enterprise Backup Status Alert email.
Removed the prompt to download the CrashPlan app from the Administration section of the Code42 console.

January 13, 2021

Fixed an issue where permissions changes to folders in Box and OneDrive cloud services could be incorrectly attributed to the wrong actor in Forensic Search. In some cases, this fix may result in a blank value for File exposure changed to in Forensic Search for activity detected in Box and OneDrive.

Previous release notes

For release notes prior to January 2021, see Previous version release notes.