Code42 cloud 2021 release notes

Last updated
Save as PDF

Instructor, yes.

Incydr Professional, Enterprise, Horizon, and Gov F2, yes.

Incydr Basic, Advanced, and Gov F1, yes.

Overview

This page lists new features and bug fixes released to the Code42 cloud in 2021. Click a month below to expand or collapse the details.

For the most recent updates, see Code42 cloud release notes.

December 2021

Features

New Identity Management Administrator role

December 16, 2021

A new Identity Management Administrator role grants permissions to perform identity management tasks in the Code42 console, but does not grant permissions to access other sensitive data in Incydr.

Assign the Identity Management Administrator role instead of Customer Cloud Admin to users who need to manage single sign-on and provisioning.

Enhancements and updates

December 16, 2021

Updated the Log4j library to version 2.15.0 to mitigate security vulnerability CVE 2021-44228.
Performance and stability improvements.
Improvements to the Identity Management > Authentication screen in the Code42 console:
- Added the option to assign organizations to an authentication provider directly from the Authentication tab. Previously, authentication providers could only be assigned by navigating to a specific organization and editing the organization's details.
- Added the option to set SAML attributes. Previously, SAML attributes could only be set via the Code42 API.
Updates to translations.

December 15, 2021

Released Code42 User Directory Sync version 1.6.3. For details, see the Code42 User Directory Sync release notes.

December 13, 2021

To better align support article content with your Code42 product plan, the Code42 support site now contains separate sections for Incydr and CrashPlan. This change makes it easier for you to view only the information that applies to your Code42 environment.

Many articles throughout the support site have changed URLs, but all old URLs automatically redirect to the new location. These automatic redirects ensure existing links continue to point to the correct article.

Other changes include:

The homepage now prompts you to choose your product before searching or browsing content.
Code42 console and administration articles now have different versions for Incydr and CrashPlan.
Code42 app articles now have different versions for Incydr and CrashPlan.
Updates to search filters and the Who is this article for? section at the top of each article help you better identify which content applies to you.

New support site homepage option to choose your product

December 10, 2021

Alerts adds a new Salesforce download setting to the alert rule builder to alert you when reports are exported from your organization's Salesforce environment to a device that is not monitored by Incydr. These alerts help you respond quickly when vital business data is downloaded to an unmonitored personal device like a home laptop or mobile phone.
During early access, detection of Salesforce report exports to unmonitored personal devices is not supported for Incydr Professional and Enterprise product plans. However, you can still view Salesforce download activity in Forensic Search.

Bug fixes

December 16, 2021

Fixed an issue in the Code42 console where deactivated organizations could display the numeric orgID instead of the organization name.
Fixed an issue introduced with the Code42 cloud release on November 17th where the Code42 API resource AuthToken did not accept requests using basic authentication.
Fixed a rare issue where attempting to manually refresh metadata for a federated identity provider (IdP) via the Code42 API could fail. (Metadata was still refreshed automatically every 8 hours.)
Fixed an issue where using py42 to restore files to a device did not generate restore events in the Audit Log under certain circumstances.

November 2021

Features

API clients

November 17, 2021

Code42 introduces API clients to authenticate access to APIs listed in the Code42 Developer Portal. API clients provide a more secure way to authenticate API interaction than usernames and passwords.

Each API client contains a key (or "secret") uniquely assigned to that client. Submit an API client's ID and secret to obtain an authentication token to be used with an API integration. For more information, see Authentication in the Code42 Developer Portal.

List of API clients

Better visibility into license usage

November 17, 2021

The Code42 console now includes a new License Plan screen to highlight license usage statistics throughout your Code42 environment, including:

Your current product plan
The number of endpoint licenses purchased and in use
Data connector licenses in use
License expiration dates

Early access: Exfiltration detection of exported Salesforce reports

November 1, 2021

Incydr introduces a new data connection for Salesforce. This connection helps secure vital sales, marketing, and customer engagement information by monitoring your Salesforce environment for exported reports.

When a user exports or downloads a report from Salesforce, Incydr determines whether that report was saved to a corporate device monitored by Code42 or to an unmonitored personal device like a home laptop or mobile phone. If a report is exported to a device that is not monitored by Code42, that activity is flagged for further investigation.

This activity appears throughout the Code42 console, including:

During early access, detection of Salesforce report exports to unmonitored personal devices is not supported for Incydr Professional and Enterprise product plans.

Apply trust to specific URL paths

November 1, 2021

Incydr's Trusted activity settings now support specific URL paths, in addition to entire domains. This enables you to only trust a specific portion of a domain. For example, adding the URL path github.com/company trusts uploads only to the "company" repository and not to all of github.com.

Trusting a specific URL path prevents file activity there from appearing in security event dashboards, user profiles, and alerts. This helps focus your investigations on higher risk file activity.

Add trusted activity dialog

Enhancements and updates

November 29, 2021

In Code42 Instructor, added two posters to educate employees about precautions to take when emailing sensitive data.

November 17, 2021

Security updates.
Added to the Code42 federal environment the ability to provision users with Azure AD.
Sending a PATCH request to update groups via the SCIM API now returns a 204 response by default, instead of 200.
Added event types to the Audit Log to record actions for:
- API clients
  - API client created
  - API client deleted
  - API client description changed
  - API client name changed
  - API client permissions assigned
  - API client permissions revoked
  - API client secret reset
- Data preferences
  - Domain added
  - Domain changed
  - Domain removed
  - IP address added
  - IP address changed
  - IP address removed
  - Slack Workspace added
  - Slack Workspace changed
  - Slack Workspace removed
  - URL added
  - URL changed
  - URL removed

November 16, 2021

Scoping is now available for the Microsoft Office 365 email service data connection. You can scope the connection to monitor all Office 365 user mailboxes, only the Office 365 mailboxes for specific users, or only the Office 365 mailboxes that are assigned to specific Microsoft 365 groups. To update scoping, deauthorize your existing connection and then add it again as a new connection.
With this change, usage counts indicating the exact number of user mailboxes monitored by the Microsoft Office 365 email connection are now listed in the connection's details. If you want to view these counts, deauthorize and then resume monitoring your existing Microsoft Office 365 email connection.

November 10, 2021

To help you better identify and investigate risky activity, new alert notification details are now organized by event types: Browser and app upload events, Cloud sharing events, Cloud sync events, and External device events. (Previously, details were divided only into cloud or endpoint events. Alert notifications generated prior to November 10, 2021 still use this older organization.)
Because this organization improves your ability to investigate in Forensic Search, links in existing email alert notifications you've already received function slightly differently. Instead of leading directly to the events in Forensic Search, links in existing email notifications open the Review Alerts table, filtered to that notification. Open the alert notification details to access the updated options for investigating events in Forensic Search. Links in new email alert notifications generated after November 10, 2021 use the upgraded organization and lead directly to Forensic Search.

November 3, 2021

In Code42 Instructor, added two new informative letter templates that you can use to explain to your leadership and awareness teams what Code42 Instructor is and how you are using it to help protect your company's data.

Bug fixes

November 17, 2021

Performance and stability improvements.
Fixed an issue introduced on November 16th where the Code42 app version 8.8.0 installer for Macs was not visible on the App Downloads page in the Code42 console.
Fixed a rare issue where some users could not be deactivated.
Fixed an issue where the Code42 console did not correctly report backup statistics for some devices.
Fixed an issue where local backup destinations where not visible in the Code42 console.
Fixed a rare issue where some text in the Code42 console could display unformatted HTML if a language other than English (United States) was selected.

Known issues

Assigning roles to provisioned users based on their SCIM group may generate an error in the Sync Log.

October 2021

Enhancements and updates

October 29, 2021

For Incydr Professional and Enterprise product plans: When you add a new local user, you can now assign roles to the user in the same step.

October 28, 2021

In Code42 Instructor, added new communication templates about sharing files on social media.

October 26, 2021

In Code42 Instructor, added two posters to educate employees about accidental iCloud syncing.

October 20, 2021

To improve data consistency, Code42 API timestamps are now always returned in Coordinated Universal Time (UTC). Prior to this change, timestamps could be in UTC time or local time. If you use the date and time obtained from the Code42 API as a string value that ignores the ISO 8601 time zone, adjust your API scripts so that they include the time zone in the output.
Updates for Incydr Professional and Enterprise product plans:
- Added a new Last check-in column to the Devices list to indicate the last time the device connected to the Code42 cloud.
- Added a deployment policy configuration option to support proxy URL connections.
Security updates.

October 18, 2021

In Code42 Instructor, added three posters to educate employees about storing company data on a USB device.

October 14, 2021

The Forensic Search CSV export added new fields to specify a reason if a tab title or URL is unavailable: Tab URL errors, Tab Title errors, Source Tab URL errors, and Source Tab Title errors. Previously, the reason was visible in the Forensic Search results interface, but not included in CSV export.

October 13, 2021

Scoping is now available for the Gmail data connection. You can scope the connection to monitor all Gmail user accounts, only the Gmail accounts for specific users, or only the Gmail accounts that are included in specific groups. To update scoping, deauthorize the Gmail connection and then add it again as a new connection.

Bug fixes

October 29, 2021

Updates for Incydr Professional and Enterprise product plans:
- Resolved an an error that could appear on the Organization details screen in place of the Local two-factor authentication information.
- Fixed an issue in which only the first 100 devices on the Devices screen were accessible for some users.

October 21, 2021

Fixed an issue introduced with the Code42 cloud release on October 20th which caused some user and device details to be unavailable in the Code42 console.

October 20, 2021

Performance and stability improvements.
Improved support for email addresses with international characters.
Fixed an issue where password reset links were invalid under specific circumstances.
Fixed an issue where a deactivated Code42 support user was not automatically deleted after 60 days under certain circumstances.
Fixed an issue where inviting a new user from the Code42 console could display an "unknown error" message.
Fixed an issue where some users with the Customer Cloud Admin role were unable to view the list of devices on the Administration > Devices > Backup Alerts tab.
Fixed an issue which could cause legal hold archives to be unexpectedly removed under specific circumstances when changing a legal hold custodian's offered destinations.
On the Identity Management page, the Update the organization security settings link now correctly navigates to the Organizations list.
For Incydr Professional and Enterprise product plans, fixed a broken help link on the Administration > Agent Management > Deployment page.

September 2021

Features

Cloud storage and email service data connectors now available for Incydr Gov

September 28, 2021

Incydr Gov adds cloud storage and email service data connectors to give a comprehensive, holistic view of insider risk in your organization. Now, government agencies and their partners have a FedRAMP-approved, end-to-end solution that detects risky file activity anywhere it occurs:

Endpoint monitoring tools detect file activity on individual devices as users copy files to removable media, sync new or modified files to personal cloud-based storage, or upload files to social media, corporate messaging programs, or personal cloud-based email services.
Cloud storage data connectors monitor files in your cloud storage environments (for example, a corporate Google Drive or Microsoft OneDrive that users sign into using a web browser) that users have shared with other internal and external collaborators.
Email service data connectors watch corporate email user accounts for possible exfiltration by detecting file attachments that are emailed to internal and external recipients.

Announcing Code42 Instructor: Bite-sized, targeted insider risk education

September 14, 2021

We have a new product: Code42 Instructor! Code42 Instructor provides bite-sized employee education that security teams can share with specific users or groups to reduce insider risk. Lessons include proactive, situational, and responsive education content.

With Code42 Instructor, security teams can:

Promote and ensure data use policy compliance
Enable and empower a more risk-aware workforce
Reduce accidental and negligent employee data leaks
Measure, report, and improve organization-wide insider risk posture

To provide easy access to Code42 Instructor video lessons and other materials, we've added a new Instructor tab to the Code42 console.

This functionality is available only if you have a Code42 Instructor product plan. Contact your Customer Success Manager (CSM) for assistance with licensing. If you do not know your CSM, contact our Technical Support Engineers.

For more information, see:

Code42 Instructor can be accessed from within Code42 Incydr

Apply trust to specific Slack workspaces

September 13, 2021

Incydr's Trusted activity settings now enable you to add Slack workspaces, in addition to domains. Trusting a Slack workspace prevents file activity there from appearing in security event dashboards, user profiles, and alerts. This helps focus your investigations on higher risk file activity.

In addition, the previous Trusted domains tab is renamed Trusted activity, and includes an improved interface for managing your list of trusted locations.

Add trusted activity

Enhancements and updates

September 30, 2021

Incydr's Trusted activity settings now include in-product recommendations and examples to help you define the most relevant trusted domains for your environment. The new Recommendations tab also lists common domains you may want to trust, and enables you to add them to your settings with a single click.

Trusted domain recommendations tab

September 22, 2021

Devices using unsupported Windows 10 builds 1809 and 1903 are blocked from upgrading to newer versions of the Code42 app.
Sync Log data is now retained for 90 days. Previously, sync log data was retained indefinitely.
Improved on-screen setup instructions for configuring two-factor authentication for local users.

September 20, 2021

The Alert ID and a new Copy Link button have been added to alert details to help you identify and investigate alerts. Click the button to copy the link to the alert in the Code42 console so that you can share it with others for investigation.

September 15, 2021

Added a new Sent from corporate Microsoft Office 365 risk indicator to highlight files emailed to untrusted users. Requires Microsoft Office 365 email to be configured as a data connection with Code42.

September 14, 2021

Refreshed interface for managing deployment policies in the Code42 console.
Forensic Search now displays Source metadata to provide details about where download file events originated.

September 7, 2021

Added the ability to add and edit notes for a user when you view event details from multiple areas of the Code42 console such as the All users list, the Risk Exposure dashboard, and risk detection lists.

September 2, 2021

Alerts has replaced the "high/medium/low" severity in rules and alert notifications with the risk severity assigned to file events. Risk severity is assigned based on the risk score calculated for a file event, and better helps you identify risky activity throughout the Code42 console.
Previously existing alert notifications display a "-" for the Risk severity in the Review Alerts table. New alert notifications display the risk severity calculated for that activity.

For more information about risk settings and the risk prioritization model, see Risk Settings reference.

September 1, 2021

Added the following event types to the Audit Log that record identity management changes:
- Federation: created, deleted, updated, metadata updated
- Identity provider: created, deleted, updated, assigned to org, metadata updated, removed from org
- SCIM provisioner: created, deleted, credentials changed, configuration updated

Bug fixes

September 22, 2021

In Code42 environments that assign users to Code42 organizations based on their SCIM group, fixed an issue where some users unexpectedly moved Code42 organizations under certain circumstances.
Fixed an issue where some improperly formatted API requests could return error code 500 (internal server error) instead of 415 or 400 (invalid syntax error).
In the Audit Log, fixed an issue where Name change events for SSO users were not attributed to the correct username under certain circumstances.

September 13, 2021

Fixed an issue where file events for ePub files were included in the Zip file category. Now, they're categorized as Documents.

Known issues

September 15, 2021

Due to a security update implemented by Google, links in Forensic Search to files shared in Google Drive may not lead to the target file as expected. New event activity generated after September 13, 2021 contains updated links that allow analysts to access those files.

August 2021

Features

New risk indicators identify anomalous exfiltration activity

August 18, 2021

Two new risk indicators highlight infrequent use of cloud storage destinations, browser uploads, and Airdrop destinations. The First use of destination and Rare use of destination risk indicators identify:

The first time a user moves a file to a specific destination
If it has been more than 90 days since a user moved a file to a specific destination

These risk indicators help you identify new and noteworthy behavior, enabling you to more easily prioritize which file activity may require additional investigation.

New Incydr product plans for insider risk detection

August 2, 2021

New Incydr Professional and Incydr Enterprise product plans use a streamlined version of the Code42 app that is purpose-built for insider risk management.

These plans also introduce:

A simplified experience in the Administration section of the Code42 console
More efficient Code42 app deployment

To accommodate these differences, support articles now contain separate sections for Incydr Professional and Enterprise and Incydr Basic and Advanced, CrashPlan Cloud, and other plans where applicable.

The Who is this article for section at top of each article now also includes a separate indicator for the new Incydr product plans.

Support article product plan indicator

Enhancements and updates

August 27, 2021

In Forensic Search, the Source field is now labeled Event observer.
In the Forensic Search event details, the Executable name and Process user fields moved to a new Process section. Previously, these fields were included in the Exposure and Event sections. This is a display layout change only. There is no change to the metadata collection process.
In Alerts, the filename criteria used in the Salesforce report exfiltration recommended rule template is updated. The updated criteria now accounts for the default file names Salesforce suggests for both "Formatted" and "Details only" reports that users can generate.

August 18, 2021

Security updates.
All Code42 API documentation is now centrally located in the Code42 Developer Portal at https://developer.code42.com. API documentation at https://console.us.code42.com/apidocviewer and https://console.us.code42.com/swagger is no longer visible.
Devices using unsupported Windows 10 build 1803 and Ubuntu 16.04 will not upgrade to newer versions of the Code42 app.

August 16, 2021

Added the following new destinations to the Risk Exposure dashboard and User Profiles to show when files are shared from your corporate cloud services or sent from your corporate email. These new destinations require you to configure Code42 to monitor your cloud and email data connections:
- Box corporate data connector
- Google Drive corporate data connector
- OneDrive corporate data connector
- Gmail corporate data connector
- Microsoft Office 365 corporate data connector

August 6, 2021

To ensure the security and integrity of the Code42 cloud, Code42 implemented networking updates in our US2 cloud that changed the server address URL from www.crashplan.com to console.us2.crashplan.com, and changed the client address URL from central.crashplan.com to clients.us2.crashplan.com. The previous URLs automatically redirect to the new URLs, and all bookmarks, settings, and scripts that use the previous URLs continue to work without intervention on your part. However, we recommend that you change the old URLs to the new URLs in your Code42 environment to ensure uninterrupted service going forward. For more information, see Changes to US2 server URLs in August 2021.

August 5, 2021

Added quick filters to the All Users, Departing Employees, and High Risk Employees lists to help you more easily see file events for each level of severity.
The User file activity details now show the risk indicators associated with the user's file activity.

August 3, 2021

A new Departing risk indicator is now automatically applied to file activity for users on the Departing Employees list. Since departing employees are both a high risk user group and an urgent priority, incorporating their activity into the risk scoring model makes it easier to review the riskiest file activity in a timely manner.
The Account menu in the Code42 console now lists your product plan and the cloud name for your Code42 environment (for example, US1). This account information makes it easier for you to identify which support articles apply to you, and also assists our Customer Champions if you need to contact us for support.

Bug fixes

August 18, 2021

Performance and stability improvements.
Fixed an issue where users with the Security Administrator role could not view some deployment policy details, such as the name of the SSO provider for an organization, the client visibility setting, and whether an organization is deactivated.
Fixed an issue where restoring a file with an alternate data stream (ADS) could result in multiple ADS files being restored under certain circumstances.
Fixed an issue where the Code42 console did not support some international characters in username email addresses.
Fixed an issue where assigning the Insider Risk Admin role did not generate a New Code42 administrator role assignment email notification.
Fixed an issue where the Sync Log did not display some user attributes for Azure SCIM providers (for example, City, State, Country, Manager, Title, and Department).
Fixed an issue for Code42 environments using Okta provisioning: if a group membership is out-of-sync between Okta and Code42, initiating a manual sync from Okta now correctly removes users from Code42 who have been removed from the Okta group.
Fixed several issues only affecting Incydr Professional and Enterprise product plans:
- Users with the Security Administrator role can now access the Agent Downloads screen.
- Agent logs are now available to download from the Code42 console.
- The Code42 console CLI is now accessible.
Fixed an issue where the Retrieve Logs option in the Code42 console was not working under certain circumstances.
Fixed an issue where the Code42 console account menu could incorrectly display the product plan Code42 Gold in environments with Code42 Diamond, Code42 Platinum, or Incydr Gov product plans.
Fixed an issue introduced on August 3rd where some SSO providers were unable to connect to the Code42 cloud.

August 17, 2021

Fixed an issue introduced in Code42 app version 8.7.0 where some Forensic Search results displayed a blank Event type.

July 2021

Features

Improved file upload risk detection

July 29, 2021

In addition to Incydr's existing list of user-defined trusted domains, trust is now also automatically inferred for any cloud data connections configured for monitoring by Code42. This enables you to better identify untrusted activity in cloud services that use the same domain for both personal and corporate accounts (this is most often an issue for Google Drive, Gmail, and Box).

Inferred trust is determined by comparing events on Code42-managed endpoints with events from your cloud service data connection. For example, if a file uploaded to Google Drive from a Code42-managed endpoint appears as a new file in your corporate Google Drive, the upload is trusted. But if there's no matching cloud activity, the upload is not trusted because the file was uploaded to an unsanctioned cloud account.

Since trusted activity is excluded from security event dashboards, detection lists, user profiles, and alerts, the addition of inferred trust reduces noise and false positives, enabling you to focus on the activity that poses the greatest exfiltration and exposure risk to your data.

New comprehensive risk prioritization model

July 28, 2021

Incydr introduces a new numeric scoring framework to identify and prioritize insider risk. Based on over 60 individual risk indicators, Incydr highlights the file activity and user behaviors that create the greatest file exfiltration and exposure risk, helping you quickly identify and respond to the most critical risks to your data.

For example, if a user uploads source code outside their normal hours to an untrusted cloud service, that file event would contain three risk indicators, each with its own risk score:

A File risk indicator for the heightened risk of source code file activity (+3)
A User risk indicator for the off hours file activity (+1)
A Destination risk indicator for the upload to an untrusted cloud service (+5)

The sum of all three risk indicators produces a risk score of 9. This indicates a critical severity event, signaling it should be prioritized for more investigation. Learn more about severity levels and how risk scores are calculated.

This new risk severity scoring is incorporated throughout Incydr, including the Risk Exposure dashboard, Forensic Search, Cases, and Alerts. For more details:

Risk prioritization throughout the Code42 console

New Security Administrator role

July 22, 2021

A new Security Administrator role grants permissions to manage the infrastructure of your Incydr environment, but not view the user activity details of insider risk investigations.

We recommend assigning the Security Administrator role instead of Customer Cloud Admin to administrators who need to manage items like data connections, integrations, and client installations, but who do not need access to Incydr features (such as the Risk Exposure dashboard, Forensic Search, Alerts, and the High Risk and Departing Employees lists).

New Microsoft Office 365 email service data connection to monitor all attachments

July 20, 2021

Code42 has added a new email service data connection for Microsoft Office 365. This new data connection differs from Code42's existing Microsoft Office 365 DLP data connection:

The existing Microsoft Office 365 DLP data connection collects information about an email attachment only when that attachment violates an existing data loss prevention (DLP) policy set up in the Microsoft Office 365 Security & Compliance Center.
Like Code42's Gmail data connection, the new Microsoft Office 365 data connection collects information about all email attachments sent by monitored accounts, not just the attachments that violate DLP rules. This new data connection gives you more flexibility in monitoring the movement of important files while simplifying configuration by eliminating reliance on policies set up in other environments.
LIke all Code42 data connections, this new connection also collects the file classification metadata from Microsoft Information Protection (MIP) that's applied to attachments. This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.

Due to permissions and reporting, Microsoft Office 365 email accounts monitored by Code42 must have a subscription that includes Advanced Audit.

Enhancements and updates

July 28, 2021

Added the Risk setting changed event type to the Audit Log to record when the severity score of risk indicators are updated.

July 21, 2021

For organizations with two-factor authentication for local users enabled, the Code42 console sign-in screen now requests both the password and two-factor code in the same step.
Added User role assigned and User role revoked event types to the Audit Log to record when an administrator assigns or removes roles from a user.

Bug fixes

July 27, 2021

Fixed an issue introduced on July 21st where some users experienced problems signing in to the Code42 console or accessing the Code42 app.

July 21, 2021

Performance and stability improvements.
Fixed an issue where users with the User Modify role were not able to update the username and email address for users in organizations using SSO authentication.
Fixed a rare issue where a Customer Cloud Admin was unable to assign the Customer Cloud Admin role to another user.
In the Code42 API, fixed an issue where an invalid request could return an incorrect error code under certain circumstances.

Known issues

The Sync Log may not display some user attributes for Azure SCIM providers (for example, City, State, Country, Manager, Title, and Department). This is a display issue only; the attributes are still associated with the user, but do not appear in the Sync Log.
Users with only the new Security Administrator role cannot view some deployment policy details, such as the name of the SSO provider for an organization, the client visibility setting, and whether an organization is deactivated.
For Code42 environments using Okta provisioning, if a group membership is out-of-sync between Okta and Code42, initiating a manual sync from Okta does not remove users from Code42 who have been removed from the Okta group.

June 2021

Enhancements and updates

June 28, 2021

In the Departing Employees list and High Risk Employees list, increased the character limit of the Notes field from 250 to 1000.
To improve initial indexing performance and limit vendor throttling, the Google Drive cloud service connector now monitors a shared drive only when at least one of its members is an in-scope user.

June 16, 2021

Security updates.

Bug fixes

June 16, 2021

Performance and stability improvements.
Fixed an issue where backup exclusions were not applied properly under certain circumstances.
Fixed an issue where changing a username in the Code42 console unnecessarily prompted users to also update their password under certain circumstances.
Fixed a broken link on the Subscriptions page.
Fixed a broken link in the directory sync notification email.
Improved accuracy of restore statistics and Audit Log events if an error during a push restore prevented all files from being restored.
Fixed an intermittent issue where Code42 app logs retrieved from the Code42 console were not downloaded as a .zip file as expected.
In the Edit User Roles dialog:
- Fixed an issue where some permission descriptions only displayed the name of the permission, instead of a descriptive explanation.
- Fixed an issue where some roles displayed the same permission twice.
- Fixed an issue where some permissions were not sorted alphabetically.
Fixed an issue with Code42 User Directory Sync (UDS) and Azure provisioning where entering a country code with lowercase characters could prevent changes to other fields from saving properly.
In the Sync Log, fixed a very minor issue where unmapped role names did not display correctly (for example, "Desktop User" was displaying as "desktop-user").

June 7, 2021

Fixed an issue where trusted domains were not properly applied to OneDrive events under specific circumstances.

May 2021

Enhancements and updates

May 25, 2021

Added support for a single SSO identity provider to be used in more than one Code42 environment. This enables large organizations and universities that use the same identity management infrastructure across multiple divisions or departments to maintain separate Code42 environments.
The Code42 API Org resource and the organizations CSV export now return two new unique identifier fields: orgGuid and parentOrgGuid.

May 20, 2021

In Forensic Search, the off hours risk indicator now applies to cloud and email file activity. Previously, off hours activity was only evaluated for endpoint events.
Code42's Gmail data connection now collects the file classification metadata from Microsoft Information Protection (MIP) that's applied to attachments. This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.

May 18, 2021

Added the option to permanently delete a case.
Added a Case deleted event type to the Audit Log to record when cases are deleted.

May 14, 2021

Added event types to the Audit Log that record changes in the High Risk Employees list or Departing Employees list:
- Cloud alias added
- Cloud alias removed
- Departing employee added
- Departing employee alert settings changed
- Departing employee departure date changed
- Departing employee removed
- High risk employee added
- High risk employee alert settings changed
- High risk employee removed
- Risk factor added
- Risk factor removed
- Risk profile notes changed

May 11, 2021

In Forensic Search, the Source filter option for Office 365 changed to Office 365 Email to more clearly indicate it applies only to email activity in Office 365.

May 5, 2021

Released Code42 User Directory Sync version 1.6.2. For details, see the Code42 User Directory Sync release notes.

May 3, 2021

Added new recommended rules to Alerts. These additional rules make it easier than ever to create rules that identify suspicious activity, notifying you about file events involving earnings reports, archive or Zip files, source code files, reports generated from Salesforce, and more. In the recommended rules list, click View all recommendations for details about these new templates.

Bug fixes

May 25, 2021

Performance and stability improvements.
Fixed an issue where the descriptions in the Code42 console for two permissions were reversed: dataconnections.settings.read incorrectly listed edit capabilities and dataconnections.settings.write incorrectly listed read-only capabilities. This was only an issue with the description text. Users with the read permission could only view settings and were never able to add, edit, or remove data connection settings. Users with the write permission were always able to edit settings.
When creating or updating a SCIM user, improves error messaging when using a full country name instead of the required 2 letter country code.
Fixed an issue where creating a new user over an IPv6 connection could fail under certain circumstances.
Fixed an issue where exporting large CSV files from the Code42 console could take several seconds to start downloading in the web browser. Now, the download progress is visible immediately.
Improved accuracy of restore statistics and Audit Log events if a restore is canceled before it completes.

April 2021

Features

New criteria-based Alert rule builder

April 26, 2021

Alerts now includes a rule builder that thinks the way you do. You can now build alerts by easily mixing and matching rule settings based on the file activity your organization has identified as risky. This allows you to build more targeted, meaningful rules that reduce noise and increase fidelity. Use Alerts to watch for the movement of specific files (either by filename or extension) or file categories to a variety of exfiltration destinations.

New Alerts rule builder

New roles for Incydr

April 21, 2021

New roles for Incydr simplify role assignment and enable you to grant more granular permissions to users responsible for managing, detecting, and responding to insider risks. New roles include:

Insider Risk Admin: Assign to the administrator responsible for managing the team of insider risk analysts. This role provides read and write access to all Incydr functionality.
Insider Risk Analyst: Assign to analysts who investigate and respond to insider risks, but who you do not want to maintain users in the High Risk Employees list or the Departing Employees list.
Insider Risk Read Only: Assign to people who need to be kept informed about insider risks, but who you do not want creating alert rules, cases, or saved searches. This role provides read-only access to Incydr functionality.

New roles for device management

April 21, 2021

New Org Computer Modify and Cross Org Computer Modify roles provide more granular control over managing devices. For example, assign in conjunction with a help desk role to enable support personnel to add and deactivate user devices.

Integrate with Slack for insider risk response

April 2, 2021

Use automated integrations to send alerts to Slack, from which you can review and respond to them.

Slack_integration

The automated Slack message about the alert provides the following options:

Click the Actor link to view the user's profile.
Click the Review Alert in Incydr link to view more details about the alert.
Click Generate DM template to generate customizable direct message content to then copy and paste into a message to send to the actor.
Click Close Alert to close the alert from within Slack.

See more information about automated integrations.

Enhancements and updates

April 28, 2021

Code42's cloud services now collect file classification metadata from Microsoft Information Protection (MIP). This metadata, which appears in Forensic Search, can help provide additional risk context if you already use MIP in your organization.

April 27, 2021

In Forensic Search, a simplified design for the Saved Searches screen is now more consistent with other areas of the Code42 console. Highlights include fewer columns and details that slide in from the right instead of expanding within each row.

April 22, 2021

Added automated integrations options to take action when new file events appear in the results of a saved search, for example, automatically send an email to a specified address or open a new Case.

April 20, 2021

On the Risk Exposure dashboard, added indicators to the Top users by file activity to show when an employee is on a risk detection list such as the Departing Employees or High Risk Employees list.

April 16, 2021

On the Risk Exposure dashboard and User Profile, AirDrop is now listed as a separate destination. Previously, AirDrop events were listed in the "Other" destination.

April 13, 2021

On the Risk Exposure dashboard and User Profile, the date selector now appears in the upper-right corner and applies to all items on both screens. Previously, each area had a separate date selector.

April 12, 2021

Code42 announces support for Amazon WorkSpaces that run a currently supported Windows operating system. Code42 app version 8.5.1 or above must be installed on the virtual desktop, and additional configuration is required.
Forensic Search and Cases now display file classification metadata from Microsoft Information Protection (MIP). This metadata can help provide additional risk context if you already use MIP in your organization.

April 6, 2021

The Incydr Basic product plan now includes additional features:
- Case management for security investigations
- The Departing Employees and High Risk Employees lists for risk detection
- One data connection to monitor files moving to and from cloud services (for example, Box, Google Drive, and OneDrive), or attachments sent through email services (such as Office 365 Outlook)
Increased the limit of employees that can be on a risk detection list from 5,000 to 10,000 users.

April 5, 2021

Added filters to the risk detection lists:

The Departing Employees list now allows you to filter the list by department, departure date, and only employees on the list with file events.
The High Risk Employees list now allows you to filter the list by department, risk factors, and only employees on the list with file events. Previously, you could only filter on risk factors.

Bug fixes

April 28, 2021

Fixed an issue in Alerts in which default rules created by the Departing Employees or High Risk Employees lists generated alerts when those lists did not contain any Code42 usernames.

April 21, 2021

Performance and stability improvements.
Improvements to sync processes between the Code42 cloud and on-premises authority servers.
Fixed an issue where exporting CSV reports for users and devices in very large Code42 environments could take a very long time to complete.
Fixed an issue in the Audit Log where zip file download events incorrectly included a value for Device guid data is pushed to. (Zip file downloads occur via web browser, not the Code42 app on a device, so are not associated with a specific device guid.)
Improved error messaging when minimum password requirements aren't met for new user registrations.

April 7, 2021

Fixed an issue in OneDrive where usernames and exposure field values were duplicated in Forensic Search. Previously, when a file in OneDrive was shared with Sharepoint users, those users may have been listed in the Shared with users field using this convention: "sharedlinks.<ID>.flexible.<ID>." This value also resulted in duplicate "Outside Trusted Domains" entries for the File exposure changed to and Exposure type fields in Forensic Search.

March 2021

Features

Unified username search across endpoints, cloud, and email

March 4, 2021

In Forensic Search, the Username search filter now returns results for endpoint, cloud, and email file events. Previously, there were separate fields for each data source. Specific updates include:

The Username (Code42) field is renamed Username.
The Username metadata now appears in the Event section of the file event details. Previously, it appeared in the Device section.
The Username field continues to search endpoint file events, but now also returns cloud and email events for that user. Previously, searching cloud and email events required entering a username in the Actor and Sender fields, respectively.

Enhancements and updates

March 18, 2021

Added event types to the Audit Log that record when an administrator or user restored files from the Code42 console, or a user restored files from the Code42 agent:
- Restore started
- Restore ended
- ZIP file downloaded

March 17, 2021

Updated the Departing Employee Manager role to include permission to view and modify alert settings for departing employees.
Updated the High Risk Employee Manager role to include permission to view and modify alert settings for high risk employees.

March 15, 2021

In the rare case where the Active tab title and URLs are not available for a file upload event, the file event details now include a more specific description of why those values are unavailable. Requires Code42 app version 8.6 or later.

March 9, 2021

Adds Chinese, Korean, Thai, and Japanese to the supported languages for exporting a case summary PDF.

March 5, 2021

Released Code42 User Directory Sync version 1.6.1. For details, see the Code42 User Directory Sync release notes.

Bug fixes

March 17, 2021

Performance and stability improvements.
Fixed an issue on Windows devices where restoring a very large PDF file could result in duplicate files being restored.
Fixed an issue where some users with special characters or accent marks in their usernames were unable to sign in.
Fixed a rare issue where password resets could fail if the new password contained certain combinations of special characters.
Fixed an issue that only occurred in the Code42 federal environment on Windows devices backing up files with alternate data streams (ADS): restoring a previous version of a file now also correctly restores the associated ADS files.
In Forensic Search, fixed an issue where the detailed reason was missing for why a SHA256 or MD5 hash value is unavailable.

March 10, 2021

In Forensic Search, fixed an issue where clicking anywhere in the file event details unexpectedly closed them. Now, event details only close upon clicking the "x" icon in the upper right.

February 2021

Features

Destination-focused dashboard

February 25, 2021

On the User Profile and Risk Exposure dashboard, we've added a destination-focused tile to help you find the most critical information you need, faster. The Destination activity over time graph only shows destinations that have file activity and shows file event details for destinations such as cloud service providers, email, removable media, and source code repositories.

With this change, we transitioned the Endpoint over time and Cloud sharing over time data into the more robust Destination activity over time graph and have expanded the File category breakdown information into its own tile, keeping critical information in the forefront.

Quickly add multiple file events to a case

February 23, 2021

Forensic Search now includes a multi-select option, which enables you to quickly and efficiently add multiple file events to a case.

Forensic search - select multiple events to add to a case

Improved upload destination detection

February 16, 2021

When a user accesses more than one browser tab while file uploads are in progress, the event details in Forensic Search, Cases, and Alerts now list all tab titles and URLs visited during that upload. This helps provide a more complete view of user activity. Previously, only one tab was listed and in some cases it may not have accurately represented the upload destination, but instead indicated a tab viewed by the user while a file was being uploaded to a different tab in the background.
In the Forensic Search API, the windowTitle and tabURL fields are deprecated and replaced by tabTitles and tabURLs, respectively. The windowTitle and tabURL fields will continue to function normally until February 2022. However, the new fields provide better context for user activity so we recommend updating your scripts and integrations as soon as possible to take advantage of the new information.

Forensic Search usability improvements

February 4, 2021

Forensic Search adds several updates and enhancements to make it easier to review search results, including:

Event details now slide in from the right instead of expanding within each row of search results.
File download links now automatically appear if the file is backed up by any user in your Code42 environment. Previously, if there wasn't an exact match in the backup archive of the user who caused the file event, you needed to manually click the Search Other Locations button.
In the expanded event details, improved display of fields with very long values. For example, long file paths now automatically wrap to the next line and display the entire path (previously, some long values were truncated and could only be viewed in their entirety via the CSV export).
In the list of search results, improved display when many columns are selected, including pinned columns for common actions when scrolling horizontally.
Other minor usability updates.

Updated Forensic Search interface

Enhancements and updates

February 19, 2021

The Cases list is now automatically filtered to only show Open cases by default. This makes it easier to find and access your active investigations. Closed cases are still visible by clicking the filter icon and choosing Closed or Any Status.

February 17, 2021

Security updates.
Performance and stability improvements.
Devices using unsupported macOS 10.13 High Sierra will not upgrade to newer versions of the Code42 app.
When initiating a device restore from the Code42 console for a large number of files, files now start restoring to the target device more quickly than before.
Updated the on-screen setup instructions for local two-factor authentication to more clearly list additional options for generating the Time-based One-Time Password (TOTP) than only the Google Authenticator mobile app.

February 9, 2021

In the Forensic Search API, some fileCategory output values have updated strings (for example, SOURCE_CODE changed to SourceCode). If you use customized scripts or integrations that expect a specific string value in the fileCategory response, you may need to update them to account for the new category names.

February 4, 2021

Added event types to the Audit Log to record case actions:
- Case assignee changed
- Case closed
- Case created
- Case file event added
- Case file event removed
- Case subject changed

Bug fixes

February 17, 2021

In Forensic Search, fixed a rare issue where a file could be unavailable for download if the capitalization of the filename or file path changed after the file was backed up.
The confirmation dialog to deactivate a user now indicates that the backup archive will be placed into cold storage (according to the cold storage settings for the organization). Previously, the message implied the archive would be deleted immediately.
On the Restore History screen, values in the Restore To column are no longer clickable links. This fixes an issue where clicking a value in that column caused an error.
In the Forensic Search and Cases file event details, fixed an issue where the File exposure changed to field was temporarily labeled Sharing Type Added.

January 2021

Features

Code42 Developer Portal

January 11, 2021

The Code42 Developer Portal is a new resource site for those who want to write scripts to automate Incydr tasks and set up integrations.

Benefits of the portal include:

A single access point for documentation of methods for Incydr, including Code42's REST API, Python SDK py42, and command-line interface (CLI)
A single request URL for Code42 API calls to each cloud instance
Code42 API reference documentation as well as articles that describe how to use the APIs
Open-source contributions to the portal using GitHub

Code42 Developer Portal

Get help
For help using the resources in the Code42 Developer Portal, contact your Customer Success Manager (CSM) to engage the Code42 Professional Services team.

Enhancements and updates

January 26, 2021

Adds the URL of files involved in activity on cloud services (when available) to the "File events" list in alert details and emails, giving you more context and information for investigations.

January 25, 2021

Enhancements to the Audit Log:
- Organized event types into categories to make it easier to filter and search for events.
- Added event types to log when Code42 support user access is enabled and disabled.

January 20, 2021

The Code42 console now displays a message when updates to device settings are in progress. This information provides visibility to administrators to confirm updates are processing, which reduces the chance of inadvertently submitting duplicate changes.
For provisioning provider synchronization, increased the maximum deactivation delay to 90 days. Previously, the limit was 24 hours.
The Identity Management > Provisioning list view now includes a Type column to differentiate between SCIM providers and Code42 User Directory Sync. Previously, the provisioning type was only displayed in the provider's details.
Security updates.

January 8, 2021

Case details now display additional risk context to provide a more holistic view of the user being investigated. Details include:
- If the user is on the High Risk Employees or Departing Employees lists.
- Other risk factor attributes in the user's profile (for example, High impact employee or Flight risk).
Added a Code42 support user type to the Audit Log search filter. Employ this user type to search for events triggered by Code42 support users who are given support access to your Code42 environment.

Bug fixes

January 20, 2021

Performance and stability improvements.
Fixed an issue where the Device details screen in the Code42 console could display the wrong Code42 app version.
Improved error messaging if a keystore migration fails.
Fixed an issue with Azure SCIM Provisioning where removing one user from a group could unintentionally move all users in the group to the "default" Code42 organization.
In the Administration section of the Code42 console, fixed an issue where previously-entered search terms could unexpectedly re-appear in the search box under certain circumstances.
Fixed an issue where some users with special characters or accent marks in their usernames were unable to sign in to the Code42 app via SSO (single sign-on).
Fixed a broken link in the Code42 for Enterprise Backup Status Alert email.
Removed the prompt to download the CrashPlan app from the Administration section of the Code42 console.

January 13, 2021

Fixed an issue where permissions changes to folders in Box and OneDrive cloud services could be incorrectly attributed to the wrong actor in Forensic Search. In some cases, this fix may result in a blank value for File exposure changed to in Forensic Search for activity detected in Box and OneDrive.

Previous release notes

For release notes prior to January 2021, see Previous version release notes.