Skip to main content

Netskope Help

Fixed Issues In Hotfix Release 90.1.0

Here is the list of issues fixed in this release.

Issue Number



Issue Description


API Protection

Delay to load page

Previously, there was a delay to load the Settings page of API-Enabled Protection. The issue is fixed.


API Protection

Acting User in Google Team Drive

Previously, if the Google Team Drive had multiple managers, the alert generated randomly picks a Team Drive manager as the "acting user".

The "acting user" is now correctly calculated based on the user performing the action.


API Protection

Google Team Drive owner name

Previously, the Google Team Drive name was not displayed in the alerts generated. The issue is fixed now and the alerts generated display the Team Drive name.


API Protection

Incorrect external collaborator information

Previously, the Incident page was displaying incorrect external collaborator information for Microsoft Teams. The issue is fixed.


API Protection

Microsoft Office 365 OneDrive and SharePoint Webhook subscriptions renewal

Previously, Microsoft Office 365 OneDrive and SharePoint webhook subscriptions were not renewed correctly in the event of an update in the personal URL of an organizational user.


API Protection

File download activity ingestion

Previously, API Data Protection activities such as "File Download" were also ingested into Netskope Anomaly Detection. The issue is fixed.


CASB Inline Protection

Access Restriction

Fixed an issue where access to corporate instance was restricted for GitLab and Bitbucket.


Netskope for IaaS

Wrapper rule evaluation

Fixed an issue in Security Posture where the AWS services did not work in wrapper rules (Rules that apply to the entire AWS instance) For example, AWS cannot have ElasticIp with [ ... ]`.


Netskope for IaaS

Incorrect Network Watcher rule logic

Previously, the logic in the Azure rule, ensure_that_network_watcher_is_enabled, was incorrect. The issue is now fixed and the Azure rule, ensure_that_network_watcher_is_enabled, verifies whether NetworkWatcher is enabled or not.


Netskope for IaaS

GCP rule for databases

Fixed the GCP rule, sql_inst_no_root_login_any_host, to match the Center for Internet Security audit procedure.


Netskope for IaaS

GCP rule for VCP LogMetrics

Fixed the GCP rule, log_metric_filter_alerts_vpc_net, to match the Center for Internet Security audit procedure.


Netskope for IaaS

GCP rule for retention policies on log buckets

Fixed the GCP rule, sink-bucket-log, to detect logging for a bucket.


Netskope for IaaS

Enabled/Disabled state of NetworkWatcher

Previously, the enabled and disabled state of the NetworkWatcher feature for Azure subscription was incorrectly detected. This issue is fixed.


Netskope for IaaS

Azure disk encryption status

The encrypted property of disks for the security posture in Microsoft Azure was incorrectly determined. The issue is fixed now.


Netskope for IaaS

Missing rule for CIS GCP 1.2

The CIS GCP 1.2 profile was missing a rule for recommendation number 6.3.5. This issue is fixed.


Netskope for IaaS

Missing rule: networking_vpc_flow_logs_for_vpc_net_subnets for CIS GCP 1.2

The CIS GCP 1.2 profile did not include the rule, networking_vpc_flow_logs_for_vpc_net_subnets, for recommendation 2.9 of the CIS benchmark. The issue is fixed.


Netskope for IaaS

Missing rule: key_vault_logging for CIS Azure 1.3

The CIS Azure 1.3 profile did not include recommendation 5.1.5 (Rule name: key_vault_logging). The issue is fixed.


Netskope for IaaS

The missing rule for CIS GCP 1.2

The CIS GCP 1.2 profile was missing a rule for recommendation number 5.5.3. The issue is fixed.


Netskope for IaaS

Issues with security posture and GCP integration

The rules for compute instances failed for Google Kubernetes Engine (GKE) instances to which they are not applicable. The issue is fixed.



Office 365 Native App Blocked

Previously in the Office 365 Auth Reverse Proxy service, the Outlook native apps did not block Windows 10 devices. The issue is fixed.


If the Block Native Outlook Apps feature is enabled, it blocks all native Office 365 for security reasons.



Transaction log parsing

Certain fields are not parsing quotes correctly. This issue is fixed.



Deprecate REST API tokens

Netskope client deprecated the REST API token for Netskope client deployment. The client will use the existing API for Org ID to download the branding file using an email address.



Blocked and Disconnected State in Netskope Client

The delay in the automatic proxy detection leads the Netskope client to go into a blocked and disconnected state. To fix this issue, a timeout value of 10 seconds is introduced in the automatic proxy detection.



Network Traffic not processing correctly

When NPA is enabled on a tenant, the Netskope client the network traffic is intermittently dropped. The issue is fixed.



Intermittent disconnections in the Client

Earlier, the Netskope client failed to read the correct configuration and establish a tunnel. The issue is now fixed by synchronizing the configuration initialization when the tunnel is established.



Client blocks macOS Big Sur traffic intermittently

Bypass traffic is intermittently blocked when the client is running macOS Big Sur. This issue is fixed.

131406, 138326


Upload Failure in and Slack

There was an intermittent failure while uploading files using and Slack and the upload progress bar displayed incorrect progress when running macOS Big Sur. The issue is fixed.



Internet Connection Issue

In this release, we fixed the issue where the internet connection was blocked intermittently due to packet loss.



ICMP requests

When the Netskope Client fails to close in 'All Traffic' steering mode, ICMP requests are not dropped.


Web UI

File Size Constraint option for one category

You can now select the Constraint option: File Size if there is at least one category to support the constraint. Previously, you cannot add the File Size option unless it supports all categories.


Web UI

Requires Source Criteria

In Inline Policy configuration, whenever you select the "Any Web Traffic" option, at least one Source Criteria is required.