Code42 cloud release notes
- Last updated
- Save as PDF
Who is this article for?
Find your product plan in the Code42 console on the Account menu.
Not an Incydr customer? See the release notes for Instructor, CrashPlan Cloud, or CrashPlan for Small Business.
Instructor, yes.
Incydr Professional, Enterprise, Gov F2, and Horizon, yes.
Incydr Basic, Advanced, and Gov F1, yes.
CrashPlan Cloud, yes.
Retired product plans, yes.
CrashPlan for Small Business, no.
Overview
This page lists new features and bug fixes released to the Code42 cloud. Click a month below to expand or collapse the details.
For the Code42 app, see Code42 app version 10.3 release notes.
Subscribe to receive a monthly update of Incydr product enhancements.
June 2022
Features
File event metadata changes
June 13, 2022
Improvements to the file event details data model provide a better focus on insider risk indicators. Changes affect both the Code42 console and Code42 API, though most changes are minor and do not require you to take any action. Changes include:
- Reorganized file event details display order to better highlight insider risk indicators.
- Addition of several new fields to better focus on details of a specific event.
- Removal of outdated, duplicate, and ambiguous/extraneous fields.
- A new
/v2/file-events
Code42 API endpoint, which moved from a flat model to a hierarchical structure with parent objects for each field. - Improved clarity on source and destination fields.
For complete details, see File event metadata changes June 2022.
Populate watchlists using directory groups and departments
June 8, 2022
You can now populate watchlists via your directory groups and departments from your identity management provider. This allows you to automatically control who is on or off a watchlist depending on their directory groups or departments membership.
Enhancements and updates
June 29, 2022
- The Risk Exposure dashboard, Watchlists, User Profile, and All Users list now include the option to view the past 3 days of data (in addition to the existing time filters of 24 hours, 7 days, 30 days, and 90 days).
June 28, 2022
- File event details now include 100s of individual source and destination values in over 35 different categories. These new destination and source category labels help you better identify risk by greatly reducing the number of file events listed as Uncategorized.
June 27, 2022
- The User Profile now shows the current and past cases associated with a user.
June 22, 2022
- Performance and stability improvements.
- Security updates.
- Removed support for Windows 10 version 2004 and Windows 10 version 1909. Devices using these versions will no longer upgrade to newer versions of the Code42 app.
June 21, 2022
- The Destination account name and Destination account type fields are now displayed in the file event details and are available as filters in Forensic Search. For cloud sync apps installed on user devices, these fields can help you better identify risk by indicating if the activity occurred in your corporate cloud account, or in a personal account you don't control.
- The
v2/file-events
API added new fields:event.inserted
: Indicates the date and time the event was received for indexing by Code42. This may differ slightly from the existing@timestamp
field, which indicates the date and time the event was initially observed.destination.domains
: The domain section of the URLs reported indestination.tabs.url
.source.domains
: The domain section of the URLs reported insource.tabs.url
. (Note: Although similar in name, this field has no relation tosource.domain
, which reports the FQDN or IP address of the user’s device.)
June 13, 2022
- File event details now display the Event ID and include a clickable icon to copy a link to these event details to your clipboard. This link enables you to easily share specific events with others (who have the required permissions to access Forensic Search), or to save the URL for your own future reference.
June 8, 2022
- Added event types to the Audit Log to record changes to watchlists:
- Department added to watchlist definition
- Department removed from watchlist definition
- Excluded users added to watchlist definition
- Excluded users removed from watchlist definition
- Groups added to watchlist definition
- Groups removed from watchlist definition
- Included users added to watchlist definition
- Included users removed from watchlist definition
June 6, 2022
- In the Forensic Search CSV export, the column headings Email DLP Subject, Email DLP Recipients, Email DLP Sender, and Email DLP From changed to Email Subject, Email Recipients, Email Sender, and Email From. (DLP integration was deprecated in September, 2021.) If you use customized scripts to parse this CSV export, you may need to update them to account for the new column names.
Bug fixes
June 22, 2022
- Fixed an issue where the Windows Code42 app did not upgrade to the newest version in some Amazon WorkSpaces instances.
- Fixed a rare issue where searching from the Restore files screen in the Code42 app did not return any results.
June 16, 2022
- Fixed an issue introduced to Forensic Search results on June 13th where the Source name and Destination name fields did not display the device's hostname as expected.
May 2022
Features
Apply trust to specific OneDrive accounts
May 19, 2022
- Trusted activity settings now enable you to trust only specific OneDrive accounts. Trusting specific accounts helps you better identify risk in personal OneDrive accounts you don't control. For example, trusting your corporate OneDrive account prevents that file activity from appearing in security event dashboards, user profiles, and alerts. File activity in other OneDrive accounts, however, remains untrusted and is identified as a greater risk.
Enhancements and updates
May 25, 2022
- The Code42 console sign-in screen and navigation menu are updated to feature the Code42 Incydr logo.
- A new Vectors for untrusted activity panel has been added to the Insider Risk Trends dashboard. This panel shows the vectors by which the most untrusted activity commonly occurs, organized by destination type. When combined with the other panels on the dashboard, this information can help fine-tune your trusted activity settings to better identify risky activity.
May 20, 2022
Added a new version (v2) of File Events APIs and deprecated the previous version (v1). For details, see the Code42 API release notes.
May 19, 2022
- The Destination risk indicator activity over time and the File categories graphs on the Risk Exposure dashboard and User Profile now show file activity by the destination and file risk indicators. Previously, the activity was grouped into broader destination and file categories. Increase the risk score of destinations or files you're most concerned about to ensure those events are prioritized and more visible on the dashboards and User Profile.
- Added event types to the Audit Log to record changes to account names in trusted activity:
- Account name added
- Account name changed
- Account name deleted
- Added support for watchlists in the Code42 command line interface.
May 18, 2022
- Changed the expiration period for deployment secrets from six months to one year.
- Added the ability to grant API client write access to the Org endpoint. Write access enables the API client to perform actions such as blocking, unblocking, deactivating, and reactivating an organization.
- In the Code42 API, removed the
email_promo
parameter from theUser
endpoint, as it was no longer in use. - Deprecated outdated APIs to improve security and enforce the principle of least privilege. If you have Code42 API scripts that use the deprecated APIs, update them to use the new APIs before the end-of-life date one year from deprecation. For more information about the API deprecations, see Code42 API release notes:
- Deprecated
UserBlock
,UserDeactivation
,UserRole
, andUserMoveProcess
APIs. - Deprecated
Org
,OrgBlock
, andOrgDeactivation
APIs.
- Deprecated
May 12, 2022
- Added support for watchlists in py42.
May 5, 2022
- From the user activity details in the Risk Exposure dashboard, All Users list, Watchlists, and User Profile, you can now view all file event metadata without navigating away to Forensic Search. Click the
icon next to an event to quickly assess risk and even view the file contents all without leaving the context of your investigation.
May 2, 2022
- For users who sign in to the US2 cloud, updated the Code42 console sign-in screen with links to sign in to other Code42 products.
Bug fixes
May 18, 2022
- Performance and stability improvements.
- Fixed an issue where a legal hold preservation policy with no file selection defined did not collect files as expected in some situations (though files were still available via the backup archive). Now, the preservation policy collects files according to the backup file selection of the custodian's organization if no file selection is defined.
- Fixed an issue where users with the Security Administrator role were not able to access the File Event Exclusions settings in the Code42 console as expected.
- On Macs, fixed an issue where files could not be restored to the "original location" if the source backup device and target restore device had different processor types. Now, restoring to the original location between devices with M1 and Intel processors works as expected.
- Fixed a rare issue where attempting to restore files from the Code42 console could fail with the message "Status: Error calculating totals. Try it again."
- Fixed a rare issue where users could not sign in to the Code42 app via Shibboleth single sign-on (SSO).
- Using the Code42 API to add security event and backup exclusions for Windows devices now automatically converts backslashes (\) in file paths to forward slashes (/). This fixes an issue where some exclusions were not applied properly.
- Fixed an issue where the Off hours risk indicator was not visible in some circumstances.
- For environments using single sign-on (SSO) authentication, fixed a rare issue where the Code42 app could repeatedly open prompts in a web browser to sign in to SSO.
April 2022
Enhancements and updates
April 26, 2022
- After determining that either a user's activity in Microsoft OneDrive or a user's report export activity in Salesforce is trusted, Code42 now assumes that any file activity by that same user in the same session is also trusted. This allows you to better focus investigations on untrusted file sharing and report downloads to devices that are not monitored by Code42.
April 25, 2022
- If an exfiltrated file could not be collected, the file event details now provide a more specific reason the file is unavailable to better assist with troubleshooting.
- Added arrow icons at the top of the event details to enable easier navigation between events.
- Renamed the Report section of the file event details Salesforce report.
- For users who sign in to the US1 cloud, updated the Code42 console sign-in screen with links to sign in to other Code42 products.
April 8, 2022
- Added the ability to add a saved search to a file exposure input in the Code42 Insider Threat app for Splunk.
March 2022
Features
Discover trends with the Insider Risk Trends dashboard
March 28, 2022
The Insider Risk Trends dashboard shows how your organization's risk profile changes over time. Whether you're just starting to develop an insider risk program or already have a robust program in place, this dashboard helps identify where to focus controls, training, and engagement to improve risk. To view it, select Insider Risk Trends from the new Dashboards menu.
The dashboard tracks fluctuations in these metrics:
- The number of users causing critical or high severity file events
- The departments in your organization that cause the most untrusted events
- The types of files involved in exfiltration events
Enhancements and updates
March 31, 2022
- Improved capture and retention of file contents within Cases. File contents are now collected in more situations and are retained for the duration of the investigation for all Incydr product plans. (Previously, Incydr Basic, Advanced, and Gov F1 required the file to be included in the backup file selection, and Incydr Professional, Enterprise, Horizon, and Gov F2 retained file contents according to the data retention policy for your product plan).
March 29, 2022
- Added event types to the Audit Log to record changes to alert rules and alerts:
- Alert note edited
- Alert rule created
- Alert rule deleted
- Alert rule disabled
- Alert rule edited
- Alert rule enabled
- Alert state changed
- All users removed from alert rule
- Users added to alert rule
- Users removed from alert rule
- Watchlist removed from alert rule
March 28, 2022
- To help you focus on legitimate exfiltration events, the Code42 Salesforce data connection no longer collects information about reports exported from your environment by third-party applications and no longer displays those events in Forensic Search. The data connection continues to monitor for any reports that are downloaded from Salesforce to either corporate or personal endpoints.
March 21, 2022
- Alerts adds corporate email destinations to the alert rule builder to notify you when files are sent as attachments to untrusted recipients. These alerts help you respond quickly when vital business data is emailed to external recipients from your organization's email service.
March 16, 2022
- Security updates.
- Devices using unsupported macOS 10.14 Mojave will not upgrade to newer versions of the Code42 app.
March 4, 2022
- Starting March 31, 2022, alert notifications that are older than your product plan's retention period are removed from the Review Alerts list and are unavailable. To save any alert notifications prior to the end of the retention period, use the Code42 API to export alert notification details to an external file or your security information and event management (SIEM) tool. See th Code42 Developer's Portal for more information on the Code42 API.
- Improved additional event details for the File download event type in the Audit Log:
- Added the File name field
- Renamed File name in storage to File path
- Renamed File size in archive to File size
March 2, 2022
- Older Google Drive files that inherited the deprecated "Public on the web" sharing permission are now identified as "Public via direct link" for the File exposure changed to and Exposure type fields in Forensic Search. Google deprecated its "Public on the web" sharing permission in April 2020 to increase security, and this change makes Forensic Search's identification of sharing activity for publicly available files consistent across all cloud service vendors.
Bug fixes
March 30, 2022
- For devices backing up to new storage destinations as part of recent changes to Code42 cloud infrastructure, fixed several issues, including:
- Backups did not complete under certain circumstances.
- Devices with a backup alert for no recent activity could remain in an alert state even after backup activity resumed.
- Other performance and stability improvements.
- Security updates.
March 16, 2022
- On the Administration > Environment > Devices > Backup Alerts screen, fixed an issue where clicking a column heading to sort results did not work correctly.
- Fixed a very rare issue where moving a user to a different organization could cause backup archives in cold storage for that user to use the retention period of the original organization. Now, archives in cold storage correctly use the retention period of the user's current organization.
- Fixed an issue affecting Incydr Basic and Advanced product plans where changes to file event exclusions were not applied until after the Code42 service or the device restarted. Now, changes to exclusions are applied immediately.
- Fixed a rare issue where a deployment policy could redirect user devices to the wrong Code42 URL, which caused device registration to fail.
- Fixed an issue where removing permissions from an API client did not properly save the new permissions.
- Performance and stability improvements.
February 2022
Features
Monitor risky users with watchlists
February 26, 2022
Code42 introduces watchlists to help you more closely monitor employees that may have higher risk of exfiltration due to their current role or past behaviors.
Watchlists provide you with special views that help cut through the noise of all the file activity across your organization by focusing on the users you are the most concerned about. For any watchlist, you can build alerts that notify you when any users on your watchlist require your attention.
Previously, you could monitor departing and high-risk employees on our lenses. Those lenses have been replaced with more robust and varied watchlists including the New hire watchlist. If you were previously using lenses, we have recreated them for you in the new watchlists. For a full list of the types of watchlists you can create, see Manage watchlists.
Customize scope of trusted domains
February 16, 2022
Trusted domain settings now enable you to individually choose whether or not to trust different types of activity on a domain, including:
- Files uploaded to the domain via a web browser
- Files synced to cloud storage by desktop apps
- Files shared from cloud storage or email services monitored by Incydr
In addition, you can also fine tune trust settings within each category to better identify risk in unmonitored locations. For example, if your company's approved cloud storage solution is OneDrive, now you can choose to not trust activity in other cloud storage services, even when the username accessing those services is on a trusted domain.
Previously, adding a trusted domain trusted all activity on that domain.
Respond to insider risks within the Code42 console
February 9, 2022
A new Actions option is available in the Code42 console for manually running Incydr Flows. This option enables you to choose how to respond to insider risks using third-party tools, based on your investigation in Incydr. The Actions menu is available from the User Profile and when you investigate a user's activity. Work with Code42 Professional Services to set up Incydr Flows to appear as options from the Actions menu.
New Insider Risk Respond role
February 9, 2022
A new Insider Risk Respond role provides granular permissions that allow an individual to use the Actions menu to respond to insider risk events. This role is intended to augment the Insider Risk Analyst role.
Enhancements and updates
February 28, 2022
- Improved detection of Microsoft Office 365 email users that have Advanced Audit turned on. This may cause more users to be monitored by the Microsoft Office 365 email data connection.
- To support building integrations with watchlists, added Watchlists APIs and deprecated Detection Lists APIs.
February 26, 2022
- Added event types to the Audit Log to record changes to watchlists:
- Risk profile end date changed
- Risk profile start date change
- User added to watchlist membership
- User removed from watchlist membership
- Watchlist created
- Watchlist definition changed
- Watchlist deleted
- Watchlist name changed
February 17, 2022
- Adds operating system icons to the Devices screen (Incydr Professional, Enterprise, and Horizon product plans only).
February 16, 2022
- A new
purge.path
command in the Code42 console command line interface (CLI) enables you to remove specific files and paths from a backup archive. Removals are tracked in Audit Log with the event type Path purged. - In the Code42 API, removed the
lastLoginDate
parameter from theUser
resource.
February 9, 2022
- In Data Connections, adding a new connection now opens a panel that slides in from the right to maximize screen use and allow for future expansion.
February 2, 2022
- Added support for the Off hours risk indicator to the Incydr Enterprise, Horizon, and Gov F2 product plans.
- Released Code42 User Directory Sync version 1.6.4. For details, see the Code42 User Directory Sync release notes.
Bug fixes
February 16, 2022
- Performance and stability improvements.
- Fixed an issue where the Code42 app replace device wizard could fail to transfer settings to the new device.
- Fixed a rare issue where trying to view a user's details or get files from a legal hold in the Code42 console resulted in an error.
- Fixed an issue where using an API client to retrieve device information resulted in an unexpected 403 error in some situations.
- File event exclusions entered into the Code42 console now only accept a backslash (\) as a Windows path separator. This fixes an issue where paths entered with a forward slash (for example, C:/) were not properly excluded.
January 2022
Features
Manage Incydr exclusions in the Code42 console
January 26, 2022
The Code42 console now enables you to manage Incydr monitoring exclusions. Navigate to Administration > Environment > File Event Exclusions to prevent activity for specific files and folders from generating file events. Adding exclusions can improve performance, reduce noise, and help maintain user privacy. Previously, file event exclusions were managed exclusively via the Code42 API.
Enhancements and updates
January 26, 2022
- Updated the Log4j library from version 2.15.0 to version 2.17.1 to further mitigate CVE-2021-45105, CVE-2021-44832, and CVE- 2021-45046.
- To improve security and enforce the principle of least privilege, Code42 announces deprecation of outdated API features. If you have Code42 API scripts that use the deprecated items, update them to use the new methods before the end-of-life date one year from deprecation. For more information about these API deprecations, see Code42 API release notes:
- Basic authentication is deprecated for authentication of APIs in the Code42 Developer Portal, and is replaced by API clients.
- Inconsistent Code42 API URL paths are deprecated, and are replaced by simplified paths to provide consistency across all APIs.
- The
v3_user_token
scheme is deprecated, and is replaced by theBearer
scheme. - The
/c42api/v3/auth/jwt
endpoint is deprecated as a method for obtaining an OAuth token, and is replaced by API clients. - APIs that do not support API clients are deprecated.
-
Removed the
www-authenticate
header from the Code42 API. As a result, making an API call with basic authentication is no longer supported in a web browser (for example, to download a CSV file). To make API calls, use programming, or tools like Postman or cURL. Also as a result of this change, basic authentication of Code42 APIs is no longer supported in PowerShell unless you set a request header for authentication.
January 21, 2022
- Added a Case exported event type to the Audit Log to record when case information is exported to a PDF (contains only a case summary) or CSV file (includes file metadata details for all file events in the case).
- Version 1.2.0 of the Code42 Insider Threat App for Splunk is now available. This update includes:
- API client authentication. To continue ingesting data, update your account configuration to use an API client.
- Proxy support
- Alerts filtering by risk severity
- File exposure filtering by risk score
- For full release information, see the release notes in Splunkbase.
January 12, 2022
- Browser uploads and downloads from www.office.com are now correctly categorized as cloud storage activity in OneDrive.
Bug fixes
January 27, 2022
- Fixed an issue introduced with the Code42 cloud release on January 26th where some users were temporarily unable to back up or restore files.
January 26, 2022
- Performance and stability improvements.
- Un-offering a backup destination no longer removes legal hold archives on that destination.
- Fixed an issue where the Code42 console only displayed the first page of legal hold matters.
Previous release notes
For release notes prior to January 2022, see Previous version release notes.