Code42 cloud release notes

Features

Enhancements and updates

November 18, 2022

The insider risk agent version now includes two numbers, for example: 1.6.2 (1.7.0). The two numbers better reflect the insider risk agent's architecture, which includes two distinct components: a launcher and a service. 

• The first number is the App version, which indicates the version of the executable used to start the Code42 AAT Service. Some non-Code42 locations, such as third-party deployment tools and properties displayed by a device's operating system, only display this number.
• The second number (in parenthesis) is the Feature pack version, which indicates the features and functionality of the agent. This number is used throughout the Code42 console. In most places, it is displayed alongside the App version.

Previously, the Code42 console only displayed the Feature pack version, which could make it difficult to determine exactly which version was installed on a specific device.

November 17, 2022

• Updated the list of Code42 IP address ranges to allow in firewall rules for Incydr Basic, Advanced, and Gov F1. For the up-to-date list of ranges, see our instructions for IP address-based filtering. If you currently filter using IP addresses, you must do the following:   
  • Continue using the following IP address ranges:
    • 50.93.246.0/23
    • 50.93.255.0/24
    • 64.207.196.0/22
    • 64.207.204.0/23
    • 216.17.8.0/24
  • Change 67.222.248.0/21 to 67.222.248.0/22.
  • Remove the following out-of-date ranges:
    • 64.207.222.0/23
    • 68.65.192.0/21
    • 103.8.239.0/24
    • 149.5.7.0/24
    • 162.222.40.0/21
    • 216.9.196.0/22
    • 216.223.38.0/24
  • Add the following new ranges. (These address ranges will not be used until May 1, 2023. Please update any firewall rules to allow access to the full set of published Code42 network address ranges by that date):
    • 38.127.80.0/24
    • 216.9.199.0/24

November 16, 2022

• Updated third-party library Apache Commons Text to version 1.10.0 to mitigate CVE-2022-42889.
• Improvements to archive maintenance.
• Performance and stability improvements.

November 15, 2022

• Added the option to automatically send Instructor lessons via Slack, in addition to sending via email, when an alert rule is triggered. Additionally, Instructor Lesson details indicate when the lesson was sent via Slack and the message delivery status.

November 9, 2022

• To help you triage a user's activity faster, you can now see the number of alerts the user caused from their User Profile. Other metrics such as the number of critical events and total cases associated with the user for the selected time frame are now more prominent. 

November 3, 2022

• Added a Reset button to Forensic Search to easily clear all filters and results and start a new search.

Bug fixes

November 16, 2022

Fixed issues where:

• An incorrect insider risk agent version could appear in list of App Downloads.
• In the Device Status report, a single device with multiple backup destinations could incorrectly be listed multiple times (once for each destination). 
• When adding a recurring agent delay, the search option in the dropdown menu to select an organization was unavailable. 
• Users with the Cross Org Manager role were unable to view device logs.

November 9, 2022

• Fixed an issue where exporting a case as a PDF could fail if the user notes for the case subject exceeded 250 characters.

November 1, 2022

• Fixed an intermittent issue where some file versions were unexpectedly removed from backup archives during archive maintenance, which could cause files to be unavailable to restore.

Features

Enhancements and updates

October 28, 2022

• Added the following event types to the Audit Log to record when changes are made to a custom watchlist:   
  • Watchlist description changed
  • Watchlist name changed

October 27, 2022

• (Incydr Basic, Advanced, and Gov F1 only) Added the option to migrate Code42 apps to the insider risk agent and preservation agent via agent modernization, providing access to our redesigned, purpose-built agent for insider risk management. To get started with agent modernization, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team. 

October 26, 2022

• Added the following Legal Hold APIs to the Code42 Developer Portal. For details, see the Code42 API release notes:   
  • Create a policy
  • Remove a user from a matter 

October 21, 2022

• Incydr Flows adds new flows:
  • The Jira context flow automatically adds employees to the Departing Employees watchlist for additional monitoring based on new offboarding tickets that are created in Atlassian Jira.
  • The MS Teams response flow automatically creates a new message to your security analysts in Teams when a user's activity triggers an alert in Incydr.
  To set up the new flows, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

October 20, 2022

• Added the ability to revoke a cloud storage file's sharing permissions to the file event metadata. If you have the Insider Risk Admin or Insider Risk Respond role, click View and manage sharing when it appears in the Share type field.  
• Added a Sharing permission removed event type to the Audit Log to record when access permissions to cloud storage file are revoked.   
• Changed the IP address used to send email from Code42, including alert notifications. To allow email from Code42, ensure that code42.com is added to your email server's allow-list. If you suspect that email is not arriving from Code42, contact our Customer Champions for support.  
• Changed the download.code42.com URL used to download the Code42 app. You can access the new link from the Downloads screen in the Code42 console. If you reference the URL anywhere, for example in scripts, bookmarks, or installation tools, contact our Customer Champions for support. Update references to the old URL before it is shut down on October 24, 2022.   

October 19, 2022

• When performing a device restore to a target location, the name of the target folder changed. Previously, the restored files were put into a folder named crashplan-restore-<timestamp>. Now, the folder is named code42-restore-<timestamp>.
• Improvements to archive maintenance.
• Performance and stability improvements.

October 18, 2022

• Added a Case archived event type to the Audit Log to record when a case is archived.   

October 13, 2022

• In Forensic Search, improved auto-fill suggestions when manually entering a Filter value, even if there is no exact match for the value entered. For example, typing:
  • "USB" suggests filters related to removable media
  • "Email" suggests filters related to email
  • "Salesforce" suggests filters related to Salesforce reports
  • "Hostname" suggests filters related to the device's name

October 10, 2022

• For Incydr Professional, Enterprise, Horizon, and Gov F2 plans, updated the name of the endpoint app from Code42 app to insider risk agent in support documentation. In the Code42 console, this name was added to the Organizations list screen with a September update.

October 7, 2022

• (Early access) Added new Source settings to the alert rule builder. When you include sources for valuable organizational data in a rule, Incydr generates an alert notification when activity is detected for a file that originated in those sources.

October 6, 2022

• Made the following enhancements in the Code42 Developer Portal. For details, see the Code42 API release notes:
  • Added support for API clients in the Code42 command-line interface (CLI).   
  • Added a new version (v2) of Rules APIs and deprecated the previous version (v1).  
  • Added an Integration Guides section containing guides to integrate with Microsoft Sentinel.
• In Forensic Search, the File acquired from metadata now includes Filename and MD5 hash. These are also available as search filters.
• Improvements to archive maintenance.

October 5, 2022

• In Forensic Search, added a new filter option to quickly search events in the last 90 days. 
• Forensic Search results no longer display the file size as 0 bytes for Salesforce download events when the size is unavailable. Now, the file size displays a dash to indicate it is unknown. 
• Updated cloud storage data connection details to report the number of unique users whose drives are being monitored by Code42. Previously, these details reported the number of drives that Code42 monitored, which made it difficult to accurately assess how many data connector licenses were in use.

October 4, 2022

• Improved experience for viewing and editing risk indicators: 
  • Added a search box to make it easier to find specific risk indicators
  • Improved descriptions for each risk indicator
  • The recommended default score for a risk indicator is more clearly labeled

Bug fixes

October 19, 2022

Fixed issues where:

• The Activity tab of a legal hold matter did not load the timeline of legal hold events.
• In rare cases, if a file was removed from the backup selection and then re-added, it was not actually backed up again.
• File restore counts were reported inconsistently in some cases if the restored files contained alternate data streams (ADS). Previously, ADS files were not always included in restore counts. Now, ADS files are consistently included in the total number of files restored.

Features

Enhancements and updates

September 23, 2022

• Added the ability to manually create an individual user from the Users list screen. Previously, you could only manually add individual users from the Organization details screen (Incydr Professional. Enterprise, Horizon and Gov F2 only).  
• Added an Unmatched cloud usernames lab to show cloud storage usernames that are not associated with a Code42 user. Use this information to match corporate cloud storage usernames with Code42 users. This allows you to see a user's cloud and endpoint file events attributed to the same Code42 user in Incydr.  

• General performance and stability improvements.
• Improvements to archive maintenance.
• Security updates.  
• Removed  the /api/AuthToken/ API for use in cloud storage. For details, see the Code42 API release notes.  

September 22, 2022

• Added summary information to the Risk Exposure dashboard showing the number of open alerts, users with critical events, users leaving your company today, and open cases you have for your organization during the selected time frame.  

• Deprecated Legal Hold APIs that do not support pagination. For details, see the Code42 API release notes.

September 21, 2022

• Managing multiple watchlists is easier now with a new watchlist homepage and an overview of watchlist settings.  
• Added event types to the Audit Log to record actions for managing trusted activity with Git repositories:    
  • Git repository added
  • Git repository changed
  • Git repository removed

September 20, 2022

• For data connections, removed "inventory in progress" from status labels and details statistics. When a cloud storage data connection is first authorized, it automatically starts monitoring your cloud storage environment for file activity and simultaneously completes an inventory of the environment's drives and files. This inventory process does not impact or hinder the detection of ongoing activity. By removing inventory statistics and the related status, the data connection more clearly describes its health in monitoring for any ongoing activity that increases your risk exposure.

September 14, 2022

• Version 3.0 of the Code42 app for Cortex XSOAR is now available. This update includes: 
  • API client authentication. To continue ingesting data, update your instance configuration to use an API client.  
  • Watchlist support  
  • Updated alerts filtering by risk severity  
  • Improved handling of file event information when fetching alert details  
  • Updated Code42 Incydr logo  

September 13, 2022

• On the Organizations list screen, the agents column header is now labeled Insider risk agents (Incydr Professional, Enterprise, Horizon, and Gov F2 only).
• Security updates.

September 9, 2022

• Added support for API clients in py42. For details, see the Code42 API release notes.     

September 8, 2022

• Now excluding certain temporary files and system files from backups. On a quarterly basis, Code42 reevaluates and adjusts exclusions to ensure that unnecessary files are excluded from backups. To see the full list of file exclusions, as well as additional global exclusions you can set, see Files excluded from backup by default.

September 7, 2022

• Added new User APIs to the Code42 Developer Portal to perform the following tasks. For details, see the Code42 API release notes:   
  • Get the roles associated with a user
  • Update the roles associated a user
  • Activate a user
  • Deactivate a user
  • Move a user to a specified organization

September 1, 2022

• Renamed the Temporary access button in the event details to View file. The button's functionality is unchanged: it requests temporary view access to shared cloud storage files so that you can open and view them. 
• Removed the Audit (Premium) license requirement from the Microsoft Office 365 email data connection. Code42 can now monitor all email attachments where the only requirement is that senders have a Microsoft Exchange Online mailbox.

Bug fixes

September 23, 2022

• Resolves an issue where an "Error saving organization" message incorrectly appeared when saving changes to an organization. The changes saved, the message was a display issue only. 

September 14, 2022

• Fixed an issue where Windows devices using the User State Migration Tool (USMT) failed to apply settings during device replacement.  

September 13, 2022 

• Fixed an issue where the Microsoft Office 365 license count on the License Plan screen inaccurately displayed 0.

Known issues

• In the Code42 console, the Activity tab of a legal hold matter does not load the timeline of legal hold events. However, events are still searchable via the Code42 CLI. 

Features

Enhancements and updates

August 31, 2022

• Greatly improved performance when exporting a large list of devices to a CSV file.
• Performance and stability improvements.
• Security updates.  
• Removed support for the v3_user_token scheme. For details, see the Code42 API release notes.  

August 30, 2022

• The First use of destination and Rare use of destination risk indicators now apply to removable media activity. Previously, they only applied to browser upload activity. Highlighting anomalous behavior on removable media destinations helps you better identify and prioritize risk. 
• File event metadata for activity on removable media now reports the Destination category as Device and Destination name as Removable media. Previously, these destination fields only applied to browser upload and AirDrop activity. 

August 19, 2022

• File event details now give you the choice to Copy event ID or Copy link to event details. Previously, it was only possible to copy the complete link, and there was not an easy way to copy the string value of the Event ID itself.

August 11, 2022

• Added many new options to the Destination settings in the Alerts rule builder. These correspond to the expanded destination risk indicators to notify you when matching activity occurs on these destinations.

August 4, 2022

• You can now set a custom date range on the Risk Exposure dashboard, Watchlists, User Profile, and All Users list. Previously, you could only select pre-set date ranges. 
• Added more details to the Vectors for untrusted activity panel on the Insider Risk Trends dashboard.
  • Click a category name (or its graph) to view details about the specific vectors in that category that have untrusted activity.
  • After drilling down, click Back to return to the top-level category view.

August 3, 2022

• The Organizations screen now includes an Agents column with the number of devices in each organization. Click the value in the Agents column to view the list of devices. (Incydr Professional, Enterprise, Horizon, and Gov F2 only.)  
• On the License Plan screen, endpoint licenses now reflect the number of backup licenses or file event monitoring licenses (whichever is greater). Previously, backup licenses and file event monitoring licenses were listed separately. (Incydr Basic, Advanced, and Gov F1 only.)  
• The initial inventory of files in Box, Google Drive, and OneDrive that occurs upon enabling a cloud storage data connection now generates file events with an Event action of Inventoried. Previously, these file events were reported with the Event action of Created. 

August 1, 2022

• Added Department and Watchlist filters to the activity over time tiles on the Risk Exposure dashboard to help assess risk across specific user groups. Previously, you could only filter by Event severity and Risk indicator.  
• Added an API to the Code42 Developer Portal to export some or all components of a case. For details, see the Code42 API release notes.   

Bug fixes

August 31, 2022

Fixed issues where:

• Using the replace device wizard for a Windows device with a USMT profile backup could fail with the message "Unknown error has occurred."
• Some administrators could not restore files from the Code42 console.
• In rare cases, files could not be restored from a device that was deactivated and then later reactivated.
• Some administrators could not view the list of active organizations.
• In rare cases, navigating to Administration > Environment > Devices could redirect an administrator to the Code42 console sign-in screen.

August 15, 2022

• For Gmail and Office 365 email file events, fixed an issue where attached files were not available for download in some circumstances.  
• Fixed an issue where the list of legal hold matters or custodians did not sort consistently upon clicking a column header. Now matters and custodians are shown in descending chronological order without any additional sorting available.   

August 2, 2022

• Improved performance for devices with intermittent network connections attempting to download an upgrade to the latest Code42 app version.
• Fixed an issue where changes to Code42 console settings were not saved under certain circumstances.

Features

Enhancements and updates

July 21, 2022

• Added organization APIs to the Code42 Developer Portal to perform the following actions. For details, see the Code42 API release notes.   
  • Get a list of organizations
  • Create an organization
  • Get a specific organization
  • Update a specific organization
  • Activate a specific organization
  • Deactivate a specific organization

July 20, 2022

• The agent.command command in the Code42 console command-line interface (CLI) now supports sending CLI commands to Incydr Basic, Advanced, and Gov F1 clients, even if the device is offline. (This command is already supported for Incydr Professional, Enterprise, Gov F2, and Horizon product plans.) 
• Performance and stability improvements.
• Security updates.

July 18, 2022

• Added Departments and Directory Groups APIs in the Code42 Developer Portal to support building integrations with watchlists. For details, see the Code42 API release notes.  

July 14, 2022

• Exporting a case now includes the option to include all file contents. 

July 11, 2022

• Added many new destination risk indicators for files uploaded via a web browser. The new risk indicators help you better identify risk by listing the specific upload destination, which greatly reduces the number of file events listed as Other uploads. You can also customize the risk score for each new destination to match your specific risk tolerance.
  
  To see a complete list of all risk indicators, sign in to the Code42 console and select Risk Settings, then select a destination category to view individual destinations and risk scores.

July 8, 2022

• Improved the experience for viewing and editing risk indicators. The refreshed Risk settings interface includes additional categories, which makes it easier to find and edit individual risk indicators. 

July 7, 2022

• Added a Resource ID field to the Audit Log filter to search for events related to a specific resource's ID. Resources whose IDs you can search for include:  
  • Affected user
  • Alert
  • Alert rule
  • Archive source compute GUID
  • Case
  • Client
  • Federation
  • Identity provider
  • Provisioner
  • User
  • Watchlist

Bug fixes

July 20, 2022

• Greatly improved performance when exporting a large list of users to a CSV file.
• Fixed a very rare issue where archive maintenance did not complete, which caused back up and restore to be unavailable.
• Fixed an issue where the list of Trusted activity entries did not sort correctly upon clicking a column header.

Known issues

July 20, 2022

• When performing a zip file restore from the Code42 console, selecting files from multiple backup sets only restores the files in the default backup set. To restore from multiple backup sets, select a specific backup set from the restore dialog, then select the files to restore from that backup set. Repeat this process for each backup set.

Features

Enhancements and updates

June 29, 2022

• The Risk Exposure dashboard, Watchlists, User Profile, and All Users list now include the option to view the past 3 days of data (in addition to the existing time filters of 24 hours, 7 days, 30 days, and 90 days). 

June 28, 2022

• File event details now include 100s of individual source and destination values in over 35 different categories. These new destination and source category labels help you better identify risk by greatly reducing the number of file events listed as Uncategorized.

June 27, 2022

• The User Profile now shows the current and past cases associated with a user.

June 22, 2022

• Performance and stability improvements.
• Security updates.
• Removed support for Windows 10 version 2004 and Windows 10 version 1909. Devices using these versions will no longer upgrade to newer versions of the Code42 app.

June 21, 2022

• The Destination account name and Destination account type fields are now displayed in the file event details and are available as filters in Forensic Search. For cloud sync apps installed on user devices, these fields can help you better identify risk by indicating if the activity occurred in your corporate cloud account, or in a personal account you don't control.
• The v2/file-events API added new fields:
  • event.inserted: Indicates the date and time the event was received for indexing by Code42. This may differ slightly from the existing @timestamp field, which indicates the date and time the event was initially observed.
  • destination.domains: The domain section of the URLs reported in destination.tabs.url. 
  • source.domains: The domain section of the URLs reported in source.tabs.url. (Note: Although similar in name, this field has no relation to source.domain, which reports the FQDN or IP address of the user’s device.)

June 13, 2022

• File event details now display the Event ID and include a clickable icon to copy a link to these event details to your clipboard. This link enables you to easily share specific events with others (who have the required permissions to access Forensic Search), or to save the URL for your own future reference.

June 8, 2022

• Added event types to the Audit Log to record changes to watchlists:  
  • Department added to watchlist definition
  • Department removed from watchlist definition
  • Excluded users added to watchlist definition
  • Excluded users removed from watchlist definition
  • Groups added to watchlist definition
  • Groups removed from watchlist definition
  • Included users added to watchlist definition
  • Included users removed from watchlist definition

June 6, 2022

• In the Forensic Search CSV export, the column headings Email DLP Subject, Email DLP Recipients, Email DLP Sender, and Email DLP From changed to Email Subject, Email Recipients, Email Sender, and Email From. (DLP integration was deprecated in September, 2021.) If you use customized scripts to parse this CSV export, you may need to update them to account for the new column names.

Bug fixes

June 22, 2022

• Fixed an issue where the Windows Code42 app did not upgrade to the newest version in some Amazon WorkSpaces instances.
• Fixed a rare issue where searching from the Restore files screen in the Code42 app did not return any results. 

June 16, 2022

• Fixed an issue introduced to Forensic Search results on June 13th where the Source name and Destination name fields did not display the device's hostname as expected.  

Features

Enhancements and updates

May 25, 2022

• The Code42 console sign-in screen and navigation menu are updated to feature the Code42 Incydr logo.  
• A new Vectors for untrusted activity panel has been added to the Insider Risk Trends dashboard. This panel shows the vectors by which the most untrusted activity commonly occurs, organized by destination type. When combined with the other panels on the dashboard, this information can help fine-tune your trusted activity settings to better identify risky activity.

May 20, 2022

Added a new version (v2) of File Events APIs and deprecated the previous version (v1). For details, see the Code42 API release notes. 

May 19, 2022

• The Destination risk indicator activity over time and the File categories graphs on the Risk Exposure dashboard and User Profile now show file activity by the destination and file risk indicators. Previously, the activity was grouped into broader destination and file categories. Increase the risk score of destinations or files you're most concerned about to ensure those events are prioritized and more visible on the dashboards and User Profile.
• Added event types to the Audit Log to record changes to account names in trusted activity:  
  • Account name added
  • Account name changed
  • Account name deleted
• Added support for watchlists in the Code42 command line interface.   

May 18, 2022

• Changed the expiration period for deployment secrets from six months to one year.  
• Added the ability to grant API client write access to the Org endpoint. Write access enables the API client to perform actions such as blocking, unblocking, deactivating, and reactivating an organization. 
• In the Code42 API, removed the email_promo parameter from the User endpoint, as it was no longer in use.  
• Deprecated outdated APIs to improve security and enforce the principle of least privilege. If you have Code42 API scripts that use the deprecated APIs, update them to use the new APIs before the end-of-life date one year from deprecation. For more information about the API deprecations, see Code42 API release notes:
  • Deprecated UserBlock, UserDeactivation, UserRole, and UserMoveProcess APIs.  
  • Deprecated Org, OrgBlock, and OrgDeactivation APIs.  

May 12, 2022

• Added support for watchlists in py42.   

May 5, 2022

• From the user activity details in the Risk Exposure dashboard, All Users list, Watchlists, and User Profile, you can now view all file event metadata without navigating away to Forensic Search. Click the  icon next to an event to quickly assess risk and even view the file contents all without leaving the context of your investigation.

May 2, 2022

• For users who sign in to the US2 cloud, updated the Code42 console sign-in screen with links to sign in to other Code42 products.  

Bug fixes

May 18, 2022

• Performance and stability improvements.
• Fixed an issue where a legal hold preservation policy with no file selection defined did not collect files as expected in some situations (though files were still available via the backup archive). Now, the preservation policy collects files according to the backup file selection of the custodian's organization if no file selection is defined.
• Fixed an issue where users with the Security Administrator role were not able to access the File Event Exclusions settings in the Code42 console as expected.
• On Macs, fixed an issue where files could not be restored to the "original location" if the source backup device and target restore device had different processor types. Now, restoring to the original location between devices with M1 and Intel processors works as expected. 
• Fixed a rare issue where attempting to restore files from the Code42 console could fail with the message "Status: Error calculating totals. Try it again."
• Fixed a rare issue where users could not sign in to the Code42 app via Shibboleth single sign-on (SSO).
• Using the Code42 API to add security event and backup exclusions for Windows devices now automatically converts backslashes (\) in file paths to forward slashes (/). This fixes an issue where some exclusions were not applied properly.
• Fixed an issue where the Off hours risk indicator was not visible in some circumstances.
• For environments using single sign-on (SSO) authentication, fixed a rare issue where the Code42 app could repeatedly open prompts in a web browser to sign in to SSO. 

Enhancements and updates

April 26, 2022

• After determining that either a user's activity in Microsoft OneDrive or a user's report export activity in Salesforce is trusted, Code42 now assumes that any file activity by that same user in the same session is also trusted. This allows you to better focus investigations on untrusted file sharing and report downloads to devices that are not monitored by Code42.

April 25, 2022

• If an exfiltrated file could not be collected, the file event details now provide a more specific reason the file is unavailable to better assist with troubleshooting. 
• Added arrow icons at the top of the event details to enable easier navigation between events.
• Renamed the Report section of the file event details Salesforce report.
• For users who sign in to the US1 cloud, updated the Code42 console sign-in screen with links to sign in to other Code42 products.  

April 8, 2022

• Added the ability to add a saved search to a file exposure input in the Code42 Insider Threat app for Splunk.  

Features

Enhancements and updates

March 31, 2022

• Improved capture and retention of file contents within Cases. File contents are now collected in more situations and are retained for the duration of the investigation for all Incydr product plans. (Previously, Incydr Basic, Advanced, and Gov F1 required the file to be included in the backup file selection, and Incydr Professional, Enterprise, Horizon, and Gov F2 retained file contents according to the data retention policy for your product plan).

March 29, 2022

• Added event types to the Audit Log to record changes to alert rules and alerts:  
  • Alert note edited
  • Alert rule created
  • Alert rule deleted
  • Alert rule disabled
  • Alert rule edited
  • Alert rule enabled
  • Alert state changed
  • All users removed from alert rule
  • Users added to alert rule
  • Users removed from alert rule
  • Watchlist removed from alert rule

March 28, 2022

• To help you focus on legitimate exfiltration events, the Code42 Salesforce data connection no longer collects information about reports exported from your environment by third-party applications and no longer displays those events in Forensic Search. The data connection continues to monitor for any reports that are downloaded from Salesforce to either corporate or personal endpoints. 

March 21, 2022

• Alerts adds corporate email destinations to the alert rule builder to notify you when files are sent as attachments to untrusted recipients. These alerts help you respond quickly when vital business data is emailed to external recipients from your organization's email service. 

March 16, 2022

• Security updates. 
• Devices using unsupported macOS 10.14 Mojave will not upgrade to newer versions of the Code42 app. 

March 4, 2022

• Starting March 31, 2022, alert notifications that are older than your product plan's retention period are removed from the Review Alerts list and are unavailable. To save any alert notifications prior to the end of the retention period, use the Code42 API to export alert notification details to an external file or your security information and event management (SIEM) tool. See th Code42 Developer's Portal for more information on the Code42 API.
• Improved additional event details for the File download event type in the Audit Log:
  • Added the File name field
  • Renamed File name in storage to File path
  • Renamed File size in archive to File size  

March 2, 2022

• Older Google Drive files that inherited the deprecated "Public on the web" sharing permission are now identified as "Public via direct link" for the File exposure changed to and Exposure type fields in Forensic Search. Google deprecated its "Public on the web" sharing permission in April 2020 to increase security, and this change makes Forensic Search's identification of sharing activity for publicly available files consistent across all cloud service vendors.

Bug fixes

March 30, 2022

• For devices backing up to new storage destinations as part of recent changes to Code42 cloud infrastructure, fixed several issues, including:
  • Backups did not complete under certain circumstances.
  • Devices with a backup alert for no recent activity could remain in an alert state even after backup activity resumed. 
• Other performance and stability improvements.
• Security updates.

March 16, 2022

• On the Administration > Environment > Devices > Backup Alerts screen, fixed an issue where clicking a column heading to sort results did not work correctly. 
• Fixed a very rare issue where moving a user to a different organization could cause backup archives in cold storage for that user to use the retention period of the original organization. Now, archives in cold storage correctly use the retention period of the user's current organization. 
• Fixed an issue affecting Incydr Basic and Advanced product plans where changes to file event exclusions were not applied until after the Code42 service or the device restarted. Now, changes to exclusions are applied immediately. 
• Fixed a rare issue where a deployment policy could redirect user devices to the wrong Code42 URL, which caused device registration to fail.
• Fixed an issue where removing permissions from an API client did not properly save the new permissions. 
• Performance and stability improvements.

Features

Enhancements and updates

February 28, 2022

• Improved detection of Microsoft Office 365 email users that have Advanced Audit turned on. This may cause more users to be monitored by the Microsoft Office 365 email data connection.  
• To support building integrations with watchlists, added Watchlists APIs and deprecated Detection Lists APIs. 

February 26, 2022

• Added event types to the Audit Log to record changes to watchlists:   
  • Risk profile end date changed
  • Risk profile start date change
  • User added to watchlist membership
  • User removed from watchlist membership
  • Watchlist created
  • Watchlist definition changed
  • Watchlist deleted
  • Watchlist name changed

February 17, 2022

• Adds operating system icons to the Devices screen (Incydr Professional, Enterprise, and Horizon product plans only).  

February 16, 2022

• A new purge.path command in the Code42 console command line interface (CLI) enables you to remove specific files and paths from a backup archive. Removals are tracked in Audit Log with the event type Path purged. 
• In the Code42 API, removed the lastLoginDate parameter from the User resource.

February 9, 2022

• In Data Connections, adding a new connection now opens a panel that slides in from the right to maximize screen use and allow for future expansion.

February 2, 2022

• Added support for the Off hours risk indicator to the Incydr Enterprise, Horizon, and Gov F2 product plans.  
• Released Code42 User Directory Sync version 1.6.4. For details, see the Code42 User Directory Sync release notes.   

Bug fixes

February 16, 2022

• Performance and stability improvements.
• Fixed an issue where the Code42 app replace device wizard could fail to transfer settings to the new device. 
• Fixed a rare issue where trying to view a user's details or get files from a legal hold in the Code42 console resulted in an error. 
• Fixed an issue where using an API client to retrieve device information resulted in an unexpected 403 error in some situations.
• File event exclusions entered into the Code42 console now only accept a backslash (\) as a Windows path separator. This fixes an issue where paths entered with a forward slash (for example, C:/) were not properly excluded. 

Features

Enhancements and updates

January 26, 2022

• Updated the Log4j library from version 2.15.0 to version 2.17.1 to further mitigate CVE-2021-45105, CVE-2021-44832, and CVE- 2021-45046.
• To improve security and enforce the principle of least privilege, Code42 announces deprecation of outdated API features. If you have Code42 API scripts that use the deprecated items, update them to use the new methods before the end-of-life date one year from deprecation. For more information about these API deprecations, see Code42 API release notes:
  • Basic authentication is deprecated for authentication of APIs in the Code42 Developer Portal, and is replaced by API clients.
  • Inconsistent Code42 API URL paths are deprecated, and are replaced by simplified paths to provide consistency across all APIs. 
  • The v3_user_token scheme is deprecated, and is replaced by the Bearer scheme. 
  • The /c42api/v3/auth/jwt  endpoint is deprecated as a method for obtaining an OAuth token, and is replaced by API clients. 
  • APIs that do not support API clients are deprecated.  

• Removed the www-authenticate header from the Code42 API. As a result, making an API call with basic authentication is no longer supported in a web browser (for example, to download a CSV file). To make API calls, use programming, or tools like Postman or cURL. Also as a result of this change, basic authentication of Code42 APIs is no longer supported in PowerShell unless you set a request header for authentication.  

January 21, 2022

• Added a Case exported event type to the Audit Log to record when case information is exported to a PDF (contains only a case summary) or CSV file (includes file metadata details for all file events in the case).
• Version 1.2.0 of the Code42 Insider Threat App for Splunk is now available. This update includes: 
  • API client authentication. To continue ingesting data, update your account configuration to use an API client.
  • Proxy support
  • Alerts filtering by risk severity 
  • File exposure filtering by risk score
  • For full release information, see the release notes in Splunkbase.  

January 12, 2022

• Browser uploads and downloads from www.office.com are now correctly categorized as cloud storage activity in OneDrive.

Bug fixes

January 27, 2022

• Fixed an issue introduced with the Code42 cloud release on January 26th where some users were temporarily unable to back up or restore files. 

January 26, 2022

• Performance and stability improvements.
• Un-offering a backup destination no longer removes legal hold archives on that destination.
• Fixed an issue where the Code42 console only displayed the first page of legal hold matters.