Code42 cloud release notes
Who is this article for?
Incydr Professional and Enterprise, yes.
Incydr Basic and Advanced, yes.
CrashPlan Cloud, yes.
Other product plans, yes.
CrashPlan for Small Business, no.
Overview
This page lists new features and bug fixes released to the Code42 cloud. Click a month below to expand or collapse the details.
These updates primarily impact cloud-only Code42 environments (without on-site authority or storage servers), but some of the fixes and enhancements also apply to Code42 environments with on-premises authority servers that use Code42 cloud storage.
For the Code42 app, see Code42 app version 8.7 release notes.
October 2021
September 2021
Features
Cloud storage and email service data connectors now available for Incydr Gov
September 28, 2021
Incydr Gov adds cloud storage and email service data connectors to give a comprehensive, holistic view of insider risk in your organization. Now, government agencies and their partners have a FedRAMP-approved, end-to-end solution that detects risky file activity anywhere it occurs:
- Endpoint monitoring tools detect file activity on individual devices as users copy files to removable media, sync new or modified files to personal cloud-based storage, or upload files to social media, corporate messaging programs, or personal cloud-based email services.
- Cloud storage data connectors monitor files in your cloud storage environments (for example, a corporate Google Drive or Microsoft OneDrive that users sign into using a web browser) that users have shared with other internal and external collaborators.
- Email service data connectors watch corporate email user accounts for possible exfiltration by detecting file attachments that are emailed to internal and external recipients.
Announcing Code42 Instructor: Bite-sized, targeted insider risk education
September 14, 2021
We have a new product: Code42 Instructor! Code42 Instructor provides bite-sized employee education that security teams can share with specific users or groups to reduce insider risk. Lessons include proactive, situational, and responsive education content.
With Code42 Instructor, security teams can:
- Promote and ensure data use policy compliance
- Enable and empower a more risk-aware workforce
- Reduce accidental and negligent employee data leaks
- Measure, report, and improve organization-wide insider risk posture
To provide easy access to Code42 Instructor video lessons and other materials, we've added a new Instructor tab to the Code42 console.
This functionality is available only if you have a Code42 Instructor product plan. Contact your Customer Success Manager (CSM) for assistance with licensing. If you do not know your CSM, contact our Customer Champions for support.
For more information, see:
Apply trust to specific Slack workspaces
September 13, 2021
Incydr's Trusted activity settings now enable you to add Slack workspaces, in addition to domains. Trusting a Slack workspace prevents file activity there from appearing in security event dashboards, user profiles, and alerts. This helps focus your investigations on higher risk file activity.
In addition, the previous Trusted domains tab is renamed Trusted activity, and includes an improved interface for managing your list of trusted locations.
Enhancements and updates
September 30, 2021
- Incydr's Trusted activity settings now include in-product recommendations and examples to help you define the most relevant trusted domains for your environment. The new Recommendations tab also lists common domains you may want to trust, and enables you to add them to your settings with a single click.
September 22, 2021
- Devices using unsupported Windows 10 builds 1809 and 1903 are blocked from upgrading to newer versions of the Code42 app.
- Sync Log data is now retained for 90 days. Previously, sync log data was retained indefinitely.
- Improved on-screen setup instructions for configuring two-factor authentication for local users.
September 20, 2021
- The Alert ID and a new Copy Link
button have been added to alert details to help you identify and investigate alerts. Click the button to copy the link to the alert in the Code42 console so that you can share it with others for investigation.
September 15, 2021
- Added a new Sent from corporate Microsoft Office 365 risk indicator to highlight files emailed to untrusted users. Requires Microsoft Office 365 email to be configured as a data connection with Code42.
September 14, 2021
- Refreshed interface for managing deployment policies in the Code42 console.
- Forensic Search now displays Source metadata to provide details about where download file events originated.
September 7, 2021
- Added the ability to add and edit notes for a user when you view event details from multiple areas of the Code42 console such as the All users list, the Risk Exposure dashboard, and risk detection lists.
September 2, 2021
- Alerts has replaced the "high/medium/low" severity in rules and alert notifications with the risk severity assigned to file events. Risk severity is assigned based on the risk score calculated for a file event, and better helps you identify risky activity throughout the Code42 console.
Previously existing alert notifications display a "-" for the Risk severity in the Review Alerts table. New alert notifications display the risk severity calculated for that activity.
For more information about risk settings and the risk prioritization model, see Risk Settings reference.
September 1, 2021
- Added the following event types to the Audit Log that record identity management changes:
- Federation: created, deleted, updated, metadata updated
- Identity provider: created, deleted, updated, assigned to org, metadata updated, removed from org
- SCIM provisioner: created, deleted, credentials changed, configuration updated
Bug fixes
September 22, 2021
- In Code42 environments that assign users to Code42 organizations based on their SCIM group, fixed an issue where some users unexpectedly moved Code42 organizations under certain circumstances.
- Fixed an issue where some improperly formatted API requests could return error code 500 (internal server error) instead of 415 or 400 (invalid syntax error).
- In the Audit Log, fixed an issue where Name change events for SSO users were not attributed to the correct username under certain circumstances.
September 13, 2021
- Fixed an issue where file events for ePub files were included in the Zip file category. Now, they're categorized as Documents.
Known issues
September 15, 2021
- Due to a security update implemented by Google, links in Forensic Search to files shared in Google Drive may not lead to the target file as expected. New event activity generated after September 13, 2021 contains updated links that allow analysts to access those files.
August 2021
Features
New risk indicators identify anomalous exfiltration activity
August 18, 2021
Two new risk indicators highlight infrequent use of cloud storage destinations, browser uploads, and Airdrop destinations. The First use of destination and Rare use of destination risk indicators identify:
- The first time a user moves a file to a specific destination
- If it has been more than 90 days since a user moved a file to a specific destination
These risk indicators help you identify new and noteworthy behavior, enabling you to more easily prioritize which file activity may require additional investigation.
New Incydr product plans for insider risk detection
August 2, 2021
New Incydr Professional and Incydr Enterprise product plans use a streamlined version of the Code42 app that is purpose-built for insider risk management.
These plans also introduce:
- A simplified experience in the Administration section of the Code42 console
- More efficient Code42 app deployment
To accommodate these differences, support articles now contain separate sections for Incydr Professional and Enterprise and Incydr Basic and Advanced, CrashPlan Cloud, and other plans where applicable.
The Who is this article for section at top of each article now also includes a separate indicator for the new Incydr product plans.
Enhancements and updates
August 27, 2021
- In Forensic Search, the Source field is now labeled Event observer.
- In the Forensic Search event details, the Executable name and Process user fields moved to a new Process section. Previously, these fields were included in the Exposure and Event sections. This is a display layout change only. There is no change to the metadata collection process.
- In Alerts, the filename criteria used in the Salesforce report exfiltration recommended rule template is updated. The updated criteria now accounts for the default file names Salesforce suggests for both "Formatted" and "Details only" reports that users can generate.
August 18, 2021
- Security updates.
- All Code42 API documentation is now centrally located in the Code42 Developer Portal at https://developer.code42.com. API documentation at https://console.us.code42.com/apidocviewer and https://console.us.code42.com/swagger is no longer visible.
- Devices using unsupported Windows 10 build 1803 and Ubuntu 16.04 will not upgrade to newer versions of the Code42 app.
August 16, 2021
- Added the following new destinations to the Risk Exposure dashboard and User Profiles to show when files are shared from your corporate cloud services or sent from your corporate email. These new destinations require you to configure Code42 to monitor your cloud and email data connections:
- Box corporate data connector
- Google Drive corporate data connector
- OneDrive corporate data connector
- Gmail corporate data connector
- Microsoft Office 365 corporate data connector
August 6, 2021
- To ensure the security and integrity of the Code42 cloud, Code42 implemented networking updates in our US2 cloud that changed the server address URL from www.crashplan.com to console.us2.crashplan.com, and changed the client address URL from central.crashplan.com to clients.us2.crashplan.com. The previous URLs automatically redirect to the new URLs, and all bookmarks, settings, and scripts that use the previous URLs continue to work without intervention on your part. However, we recommend that you change the old URLs to the new URLs in your Code42 environment to ensure uninterrupted service going forward. For more information, see Changes to server URLs.
August 5, 2021
- Added quick filters to the All Users, Departing Employees, and High Risk Employees lists to help you more easily see file events for each level of severity.
- The User file activity details now show the risk indicators associated with the user's file activity.
August 3, 2021
- A new Departing risk indicator is now automatically applied to file activity for users on the Departing Employees list. Since departing employees are both a high risk user group and an urgent priority, incorporating their activity into the risk scoring model makes it easier to review the riskiest file activity in a timely manner.
- The Account menu in the Code42 console now lists your product plan and the cloud name for your Code42 environment (for example, US1). This account information makes it easier for you to identify which support articles apply to you, and also assists our Customer Champions if you need to contact us for support.
Bug fixes
August 18, 2021
- Performance and stability improvements.
- Fixed an issue where users with the Security Administrator role could not view some deployment policy details, such as the name of the SSO provider for an organization, the client visibility setting, and whether an organization is deactivated.
- Fixed an issue where restoring a file with an alternate data stream (ADS) could result in multiple ADS files being restored under certain circumstances.
- Fixed an issue where the Code42 console did not support some international characters in username email addresses.
- Fixed an issue where assigning the Insider Risk Admin role did not generate a New Code42 administrator role assignment email notification.
- Fixed an issue where the Sync Log did not display some user attributes for Azure SCIM providers (for example, City, State, Country, Manager, Title, and Department).
- Fixed an issue for Code42 environments using Okta provisioning: if a group membership is out-of-sync between Okta and Code42, initiating a manual sync from Okta now correctly removes users from Code42 who have been removed from the Okta group.
- Fixed several issues only affecting Incydr Professional and Enterprise product plans:
- Users with the Security Administrator role can now access the Agent Downloads screen.
- Agent logs are now available to download from the Code42 console.
- The Code42 console CLI is now accessible.
- Fixed an issue where the Retrieve Logs option in the Code42 console was not working under certain circumstances.
- Fixed an issue where the Code42 console account menu could incorrectly display the product plan Code42 Gold in environments with Code42 Diamond, Code42 Platinum, or Incydr Gov product plans.
- Fixed an issue introduced on August 3rd where some SSO providers were unable to connect to the Code42 cloud.
August 17, 2021
- Fixed an issue introduced in Code42 app version 8.7.0 where some Forensic Search results displayed a blank Event type.
July 2021
Features
Improved file upload risk detection
July 29, 2021
In addition to Incydr's existing list of user-defined trusted domains, trust is now also automatically inferred for any cloud data connections configured for monitoring by Code42. This enables you to better identify untrusted activity in cloud services that use the same domain for both personal and corporate accounts (this is most often an issue for Google Drive, Gmail, and Box).
Inferred trust is determined by comparing events on Code42-managed endpoints with events from your cloud service data connection. For example, if a file uploaded to Google Drive from a Code42-managed endpoint appears as a new file in your corporate Google Drive, the upload is trusted. But if there's no matching cloud activity, the upload is not trusted because the file was uploaded to an unsanctioned cloud account.
Since trusted activity is excluded from security event dashboards, detection lists, user profiles, and alerts, the addition of inferred trust reduces noise and false positives, enabling you to focus on the activity that poses the greatest exfiltration and exposure risk to your data.
New comprehensive risk prioritization model
July 28, 2021
Incydr introduces a new numeric scoring framework to identify and prioritize insider risk. Based on over 60 individual risk indicators, Incydr highlights the file activity and user behaviors that create the greatest file exfiltration and exposure risk, helping you quickly identify and respond to the most critical risks to your data.
For example, if a user uploads source code outside their normal hours to an untrusted cloud service, that file event would contain three risk indicators, each with its own risk score:
- A File risk indicator for the heightened risk of source code file activity (+3)
- A User risk indicator for the off hours file activity (+1)
- A Destination risk indicator for the upload to an untrusted cloud service (+5)
The sum of all three risk indicators produces a risk score of 9. This indicates a critical severity event, signaling it should be prioritized for more investigation. Learn more about severity levels and how risk scores are calculated.
This new risk severity scoring is incorporated throughout Incydr, including the Risk Exposure dashboard, Forensic Search, Cases, and Alerts. For more details:
- Identify users with the highest-risk activity
- Create alerts based on risk severity
- Review and adjust risk settings
New Security Administrator role
July 22, 2021
A new Security Administrator role grants permissions to manage the infrastructure of your Incydr environment, but not view the user activity details of insider risk investigations.
We recommend assigning the Security Administrator role instead of Customer Cloud Admin to administrators who need to manage items like data connections, integrations, and client installations, but who do not need access to Incydr features (such as the Risk Exposure dashboard, Forensic Search, Alerts, and the High Risk and Departing Employees lists).
New Microsoft Office 365 email service data connection to monitor all attachments
July 20, 2021
Code42 has added a new email service data connection for Microsoft Office 365. This new data connection differs from Code42's existing Microsoft Office 365 DLP data connection:
- The existing Microsoft Office 365 DLP data connection collects information about an email attachment only when that attachment violates an existing data loss prevention (DLP) policy set up in the Microsoft Office 365 Security & Compliance Center.
- Like Code42's Gmail data connection, the new Microsoft Office 365 data connection collects information about all email attachments sent by monitored accounts, not just the attachments that violate DLP rules. This new data connection gives you more flexibility in monitoring the movement of important files while simplifying configuration by eliminating reliance on policies set up in other environments.
- LIke all Code42 data connections, this new connection also collects the file classification metadata from Microsoft Information Protection (MIP) that's applied to attachments. This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.
Due to permissions and reporting, Microsoft Office 365 email accounts monitored by Code42 must have a subscription that includes Advanced Audit.
Enhancements and updates
July 28, 2021
- Added the Risk setting changed event type to the Audit Log to record when the severity score of risk indicators are updated.
July 21, 2021
- For organizations with two-factor authentication for local users enabled, the Code42 console sign-in screen now requests both the password and two-factor code in the same step.
- Added User role assigned and User role revoked event types to the Audit Log to record when an administrator assigns or removes roles from a user.
Bug fixes
July 27, 2021
- Fixed an issue introduced on July 21st where some users experienced problems signing in to the Code42 console or accessing the Code42 app.
July 21, 2021
- Performance and stability improvements.
- Fixed an issue where users with the User Modify role were not able to update the username and email address for users in organizations using SSO authentication.
- Fixed a rare issue where a Customer Cloud Admin was unable to assign the Customer Cloud Admin role to another user.
- In the Code42 API, fixed an issue where an invalid request could return an incorrect error code under certain circumstances.
Known issues
- The Sync Log may not display some user attributes for Azure SCIM providers (for example, City, State, Country, Manager, Title, and Department). This is a display issue only; the attributes are still associated with the user, but do not appear in the Sync Log.
- Users with only the new Security Administrator role cannot view some deployment policy details, such as the name of the SSO provider for an organization, the client visibility setting, and whether an organization is deactivated.
- For Code42 environments using Okta provisioning, if a group membership is out-of-sync between Okta and Code42, initiating a manual sync from Okta does not remove users from Code42 who have been removed from the Okta group.
June 2021
May 2021
Enhancements and updates
May 25, 2021
- Added support for a single SSO identity provider to be used in more than one Code42 environment. This enables large organizations and universities that use the same identity management infrastructure across multiple divisions or departments to maintain separate Code42 environments.
- The Code42 API
Orgresource and the organizations CSV export now return two new unique identifier fields:orgGuidandparentOrgGuid.
May 20, 2021
- In Forensic Search, the off hours risk indicator now applies to cloud and email file activity. Previously, off hours activity was only evaluated for endpoint events.
- Code42's Gmail data connection now collects the file classification metadata from Microsoft Information Protection (MIP) that's applied to attachments. This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.
May 18, 2021
- Added the option to permanently delete a case.
- Added a Case deleted event type to the Audit Log to record when cases are deleted.
May 14, 2021
- Added event types to the Audit Log that record changes in the High Risk Employees list or Departing Employees list:
- Cloud alias added
- Cloud alias removed
- Departing employee added
- Departing employee alert settings changed
- Departing employee departure date changed
- Departing employee removed
- High risk employee added
- High risk employee alert settings changed
- High risk employee removed
- Risk factor added
- Risk factor removed
- Risk profile notes changed
May 11, 2021
- In Forensic Search, the Source filter option for Office 365 changed to Office 365 Email to more clearly indicate it applies only to email activity in Office 365.
May 5, 2021
- Released Code42 User Directory Sync version 1.6.2. For details, see the Code42 User Directory Sync release notes.
May 3, 2021
- Added new recommended rules to Alerts. These additional rules make it easier than ever to create rules that identify suspicious activity, notifying you about file events involving earnings reports, archive or Zip files, source code files, reports generated from Salesforce, and more. In the recommended rules list, click View all recommendations for details about these new templates.
Bug fixes
May 25, 2021
- Performance and stability improvements.
- Fixed an issue where the descriptions in the Code42 console for two permissions were reversed: dataconnections.settings.read incorrectly listed edit capabilities and dataconnections.settings.write incorrectly listed read-only capabilities. This was only an issue with the description text. Users with the read permission could only view settings and were never able to add, edit, or remove data connection settings. Users with the write permission were always able to edit settings.
- When creating or updating a SCIM user, improves error messaging when using a full country name instead of the required 2 letter country code.
- Fixed an issue where creating a new user over an IPv6 connection could fail under certain circumstances.
- Fixed an issue where exporting large CSV files from the Code42 console could take several seconds to start downloading in the web browser. Now, the download progress is visible immediately.
- Improved accuracy of restore statistics and Audit Log events if a restore is canceled before it completes.
April 2021
Features
New criteria-based Alert rule builder
April 26, 2021
Alerts now includes a rule builder that thinks the way you do. You can now build alerts by easily mixing and matching rule settings based on the file activity your organization has identified as risky. This allows you to build more targeted, meaningful rules that reduce noise and increase fidelity. Use Alerts to watch for the movement of specific files (either by filename or extension) or file categories to a variety of exfiltration destinations.
New roles for Incydr
April 21, 2021
New roles for Incydr simplify role assignment and enable you to grant more granular permissions to users responsible for managing, detecting, and responding to insider risks. New roles include:
- Insider Risk Admin: Assign to the administrator responsible for managing the team of insider risk analysts. This role provides read and write access to all Incydr functionality.
- Insider Risk Analyst: Assign to analysts who investigate and respond to insider risks, but who you do not want to maintain users in the High Risk Employees list or the Departing Employees list.
- Insider Risk Read Only: Assign to people who need to be kept informed about insider risks, but who you do not want creating alert rules, cases, or saved searches. This role provides read-only access to Incydr functionality.
New roles for device management
April 21, 2021
- New Org Computer Modify and Cross Org Computer Modify roles provide more granular control over managing devices. For example, assign in conjunction with a help desk role to enable support personnel to add and deactivate user devices.
Integrate with Slack for insider risk response
April 2, 2021
Use automated integrations to send alerts to Slack, from which you can review and respond to them.
The automated Slack message about the alert provides the following options:
- Click the Actor link to view the user's profile.
- Click the Review Alert in Incydr link to view more details about the alert.
- Click Generate DM template to generate customizable direct message content to then copy and paste into a message to send to the actor.
- Click Close Alert to close the alert from within Slack.
See more information about automated integrations.
Enhancements and updates
April 28, 2021
- Code42's cloud services now collect file classification metadata from Microsoft Information Protection (MIP). This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.
April 27, 2021
- In Forensic Search, a simplified design for the Saved Searches screen is now more consistent with other areas of the Code42 console. Highlights include fewer columns and details that slide in from the right instead of expanding within each row.
April 22, 2021
- Added automated integrations options to take action when new file events appear in the results of a saved search, for example, automatically send an email to a specified address or open a new Case.
April 20, 2021
- On the Risk Exposure dashboard, added indicators to the Top users by file activity to show when an employee is on a risk detection list such as the Departing Employees or High Risk Employees list.
April 16, 2021
- On the Risk Exposure dashboard and User Profile, AirDrop is now listed as a separate destination. Previously, AirDrop events were listed in the "Other" destination.
April 13, 2021
- On the Risk Exposure dashboard and User Profile, the date selector now appears in the upper-right corner and applies to all items on both screens. Previously, each area had a separate date selector.
April 12, 2021
- Code42 announces support for Amazon WorkSpaces that run a currently supported Windows operating system. Code42 app version 8.5.1 or above must be installed on the virtual desktop, and additional configuration is required.
- Forensic Search and Cases now display file classification metadata from Microsoft Information Protection (MIP). This metadata can help provide additional risk context if you already use MIP in your organization.
April 6, 2021
- The Incydr Basic product plan now includes additional features:
- Case management for security investigations
- The Departing Employees and High Risk Employees lists for risk detection
- One data connection to monitor files moving to and from cloud services (for example, Box, Google Drive, and OneDrive), or attachments sent through email services (such as Office 365 Outlook)
- Increased the limit of employees that can be on a risk detection list from 5,000 to 10,000 users.
April 5, 2021
Added filters to the risk detection lists:
- The Departing Employees list now allows you to filter the list by department, departure date, and only employees on the list with file events.
- The High Risk Employees list now allows you to filter the list by department, risk factors, and only employees on the list with file events. Previously, you could only filter on risk factors.
Bug fixes
April 28, 2021
- Fixed an issue in Alerts in which default rules created by the Departing Employees or High Risk Employees lists generated alerts when those lists did not contain any Code42 usernames.
April 21, 2021
- Performance and stability improvements.
- Improvements to sync processes between the Code42 cloud and on-premises authority servers.
- Fixed an issue where exporting CSV reports for users and devices in very large Code42 environments could take a very long time to complete.
- Fixed an issue in the Audit Log where zip file download events incorrectly included a value for Device guid data is pushed to. (Zip file downloads occur via web browser, not the Code42 app on a device, so are not associated with a specific device guid.)
- Improved error messaging when minimum password requirements aren't met for new user registrations.
April 7, 2021
- Fixed an issue in OneDrive where usernames and exposure field values were duplicated in Forensic Search. Previously, when a file in OneDrive was shared with Sharepoint users, those users may have been listed in the Shared with users field using this convention: "sharedlinks.<ID>.flexible.<ID>." This value also resulted in duplicate "Outside Trusted Domains" entries for the File exposure changed to and Exposure type fields in Forensic Search.
March 2021
February 2021
Features
Destination-focused dashboard
February 25, 2021
On the User Profile and Risk Exposure dashboard, we've added a destination-focused tile to help you find the most critical information you need, faster. The Destination activity over time graph only shows destinations that have file activity and shows file event details for destinations such as cloud service providers, email, removable media, and source code repositories.
With this change, we transitioned the Endpoint over time and Cloud sharing over time data into the more robust Destination activity over time graph and have expanded the File category breakdown information into its own tile, keeping critical information in the forefront.
Quickly add multiple file events to a case
February 23, 2021
Forensic Search now includes a multi-select option, which enables you to quickly and efficiently add multiple file events to a case.
Improved upload destination detection
February 16, 2021
- When a user accesses more than one browser tab while file uploads are in progress, the event details in Forensic Search, Cases, and Alerts now list all tab titles and URLs visited during that upload. This helps provide a more complete view of user activity. Previously, only one tab was listed and in some cases it may not have accurately represented the upload destination, but instead indicated a tab viewed by the user while a file was being uploaded to a different tab in the background.
- In the Forensic Search API, the
windowTitleandtabURLfields are deprecated and replaced bytabTitlesandtabURLs, respectively. ThewindowTitleandtabURLfields will continue to function normally until February 2022. However, the new fields provide better context for user activity so we recommend updating your scripts and integrations as soon as possible to take advantage of the new information.
Forensic Search usability improvements
February 4, 2021
Forensic Search adds several updates and enhancements to make it easier to review search results, including:
- Event details now slide in from the right instead of expanding within each row of search results.
- File download links now automatically appear if the file is backed up by any user in your Code42 environment. Previously, if there wasn't an exact match in the backup archive of the user who caused the file event, you needed to manually click the Search Other Locations button.
- In the expanded event details, improved display of fields with very long values. For example, long file paths now automatically wrap to the next line and display the entire path (previously, some long values were truncated and could only be viewed in their entirety via the CSV export).
- In the list of search results, improved display when many columns are selected, including pinned columns for common actions when scrolling horizontally.
- Other minor usability updates.
Enhancements and updates
February 19, 2021
- The Cases list is now automatically filtered to only show Open cases by default. This makes it easier to find and access your active investigations. Closed cases are still visible by clicking the filter icon and choosing Closed or Any Status.
February 17, 2021
- Security updates.
- Performance and stability improvements.
- Devices using unsupported macOS 10.13 High Sierra will not upgrade to newer versions of the Code42 app.
- When initiating a device restore from the Code42 console for a large number of files, files now start restoring to the target device more quickly than before.
- Updated the on-screen setup instructions for local two-factor authentication to more clearly list additional options for generating the Time-based One-Time Password (TOTP) than only the Google Authenticator mobile app.
February 9, 2021
- In the Forensic Search API, some
fileCategoryoutput values have updated strings (for example, SOURCE_CODE changed to SourceCode). If you use customized scripts or integrations that expect a specific string value in thefileCategoryresponse, you may need to update them to account for the new category names.
February 4, 2021
Bug fixes
February 17, 2021
- In Forensic Search, fixed a rare issue where a file could be unavailable for download if the capitalization of the filename or file path changed after the file was backed up.
- The confirmation dialog to deactivate a user now indicates that the backup archive will be placed into cold storage (according to the cold storage settings for the organization). Previously, the message implied the archive would be deleted immediately.
- On the Restore History screen, values in the Restore To column are no longer clickable links. This fixes an issue where clicking a value in that column caused an error.
- In the Forensic Search and Cases file event details, fixed an issue where the File exposure changed to field was temporarily labeled Sharing Type Added.
January 2021
Features
Code42 Developer Portal
January 11, 2021
The Code42 Developer Portal is a new resource site for those who want to write scripts to automate Incydr tasks and set up integrations.
Benefits of the portal include:
- A single access point for documentation of methods for Incydr, including Code42's REST API, Python SDK py42, and command-line interface (CLI)
- A single request URL for Code42 API calls to each cloud instance
- Code42 API reference documentation as well as articles that describe how to use the APIs
- Open-source contributions to the portal using GitHub
For help using the resources in the Code42 Developer Portal, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.
Enhancements and updates
January 26, 2021
- Adds the URL of files involved in activity on cloud services (when available) to the "File events" list in alert details and emails, giving you more context and information for investigations.
January 25, 2021
- Enhancements to the Audit Log:
- Organized event types into categories to make it easier to filter and search for events.
- Added event types to log when Code42 support user access is enabled and disabled.
January 20, 2021
- The Code42 console now displays a message when updates to device settings are in progress. This information provides visibility to administrators to confirm updates are processing, which reduces the chance of inadvertently submitting duplicate changes.
- For provisioning provider synchronization, increased the maximum deactivation delay to 90 days. Previously, the limit was 24 hours.
- The Identity Management > Provisioning list view now includes a Type column to differentiate between SCIM providers and Code42 User Directory Sync. Previously, the provisioning type was only displayed in the provider's details.
- Security updates.
January 8, 2021
- Case details now display additional risk context to provide a more holistic view of the user being investigated. Details include:
- If the user is on the High Risk Employees or Departing Employees lists.
- Other risk factor attributes in the user's profile (for example, High impact employee or Flight risk).
- Added a Code42 support user type to the Audit Log search filter. Employ this user type to search for events triggered by Code42 support users who are given support access to your Code42 environment.
Bug fixes
January 20, 2021
- Performance and stability improvements.
- Fixed an issue where the Device details screen in the Code42 console could display the wrong Code42 app version.
- Improved error messaging if a keystore migration fails.
- Fixed an issue with Azure SCIM Provisioning where removing one user from a group could unintentionally move all users in the group to the "default" Code42 organization.
- In the Administration section of the Code42 console, fixed an issue where previously-entered search terms could unexpectedly re-appear in the search box under certain circumstances.
- Fixed an issue where some users with special characters or accent marks in their usernames were unable to sign in to the Code42 app via SSO (single sign-on).
- Fixed a broken link in the Code42 for Enterprise Backup Status Alert email.
- Removed the prompt to download the CrashPlan app from the Administration section of the Code42 console.
January 13, 2021
- Fixed an issue where permissions changes to folders in Box and OneDrive cloud services could be incorrectly attributed to the wrong actor in Forensic Search. In some cases, this fix may result in a blank value for File exposure changed to in Forensic Search for activity detected in Box and OneDrive.
Previous release notes
For release notes prior to January 2021, see Previous version release notes.