Fixed Issues In Release 101.0.0

Fixed Issues In Release 101.0.0

Here is the list of fixed issues in this release.

Issue NumberCategoryDescription
206530API Data ProtectionFixed an issue in retroactive scan for Microsoft Office 365 OneDrive for Business where the API Data Protection missed triggering a policy for files within a folder.
221773API Data ProtectionFixed an issue for Microsoft Office 365 Teams where Teams was not seen in the UI when filtered with an external user.
228804API Data ProtectionFixed an issue where a retroactive scan got stuck if the creator of a batch of files was suspended. This issue was observed in Box app.
223898API Data ProtectionFixed an issue where CASB-API audit events were incorrectly marked as “Netskope Activity” when inline traffic to the SaaS destination was redirected from Netskope dataplane POPs. This issue was observed in Box app.
217500API Data ProtectionFixed an issue which caused retroactive scans to continue processing a SharePoint site document library despite being excluded from the policy definition. This issue was obsered in Microsoft Office 365 SharePoint Sites.
225215API Data ProtectionIf there are multiple attachments with the same name and downloaded through our webUI, the duplicate filenames will be prefixed with random values. This issue was observed in Gmail.
221006, 215695Behavior AnalyticsFixed an issue in Behavior Analytics policies where application Instance selection clears when a different Scan Type value is selected.
196923CASB Real-time ProtectionNetskope fixed an issue where Download activity was bypassed and not detected.Connector changes were done in order to avoid false positives.
222834CASB Real-time ProtectionFixed an issue by updating logic for Instance ID extraction in ODFB excel.
223615CASB Real-time ProtectionThis fix improved the Instance ID and “from_user” extraction for Microsoft Outlook.
205350CASB Real-time ProtectionFixed a network location issue where the IP range was not working as expected.
207843CASB Real-time ProtectionFixed an issue where maxconn value of 2048 was causing connection failures in the authservicelb. The maxconn value is now updated to 8192 which is the value for maximum connections that authservicelb allows to authservice.
221682CASB Real-time ProtectionA URL access issue where special character failed parsing was fixed by incorporating the special character checks for log-in to SAML > ForwardProxy.
228871CASB Real-time ProtectionMS Outlook introduced a new URL to fetch the download token, that is. “/service?action=GetAttachmentDownloadToken”. The bug was introduced due to the new URL, and as a fix the new URL is added to the system.
222665CASB Real-time ProtectionFixed an issue in O365 Native apps preventing them from getting blocked when both bypassMDM and SAML KVP is configured.
231953CASB Real-time ProtectionFixed the existing extraction logic in Google Cloud Platform to provide accurate instance_ids for users.
224142, 224140CASB Real-time ProtectionEnhanced event detection code for creating a contact and multiple file download detection. Earlier the event was not detected as the traffic was getting changed.
209601CASB Real-time ProtectionFixed an issue by adding a new resource to enhance efficiency for from_user extraction.
209936CASB Real-time ProtectionNetskope fixed an issue where from-user value was missing for some events by improving Instance ID extraction logic for Outlook Native.
220956CASB Real-time ProtectionFixed an issue in Microsoft Power Apps where a file upload was undetected. Adding a new resource to support file uploads fixed the issue.
220445CASB Real-time ProtectionIn this fix, Netskope added file_size for the Upload event. The following policies will not work in Upload Activity:
  • file-size block policy
  • alert policy
224862CASB Real-time ProtectionFixed an issue by enhancing from_user extraction for attaching a file in mail.
202998Cloud Confidence Index (CCI)Netskope fixed an App Tagging failure due to synchronization issue where UI made consecutive calls. With this fix, only one call is made from UI to CCI service and rest of the services are updated on the backend asynchronously and the UI polls the service for the response.
225732Data ProtectionFixed an issue with the Unlikely Matches Filter in which all but the last number in a single-column list of space-delimited numbers was rejected as invalid. For instance, it would only match the second line in the following example:

132 465 798

243 576 809

218687Data ProtectionWEB UI is now fixed to display correctly the advanced option selected as “Keywords” or “Regex” while creating or editing entity objects.
215991Data ProtectionAn issue was fixed to select or deselect at least one file attribute which allows to create or modify the File profile.
228051Data ProtectionIncreased DLP backend timeout from 50s to 90s for tenants with increase_dlp_timeout feature flag enabled.
227160Data ProtectionFixed a regression issue with the DLP Entity validation framework which impacted only the previous release. It caused increased false positives with the Belgian National ID Number Entity, as well as any predefined or custom Entities that were configured with Luhn validation. Other validators remained unaffected.
193885Data ProtectionNetskope fixed an issue by adding validation for French INSEE numbers Entity. Earlier the French INSEE number Entity did not have a validation checksum which resulted in false positives.
225627Data ProtectionURL Lists now supports the domain and sub domain that starts or ends with underscore, but the top level domain (.com) does not allow underscore. For example, _rd-dep_._sample_.com.
221824Data ProtectionFixed an issue where Web UI failed to render forensic preview, if the forensic data size was greater than 10 MB.
222620DNS SecurityWith this fix Cloud Firewall applied the default policy rule on the first packet for all the UDP traffic if no explicit policy rule was matched. This avoids any kind of UDP packet leak that was present before.
221660Incident Management (IM)Forensics Files generated by DLP scans and saved to OneDrive and SharePoint, no longer generates DLP incidents of their own.
208021Netskope Secure Web Gateway (NG SWG)Netskope fixed an issue by avoiding policy lookup for achecker URLs.
210254Netskope Secure Web Gateway (NG SWG)Netskope fixed an issue where the Telemetry App Policy Lookup feature was enabled and a transaction had a cloud application associated with both the Host and Referer URLs, CCL policies were evaluated for both applications.

This caused unexpected behavior as any associated application event or alert contained the CCL of the Referer only, but the transaction might match a CCL policy based on the CCL of the Host application instead.

With this fix, only the Referer application will be used for CCL policy evaluation. If a cloud application is associated with both the Host and Referer URLs there is no change in behavior when the Telemetry App Policy Lookup feature is disabled.

212626Netskope Secure Web Gateway (NG SWG)Fixed an issue where in devices page of the site azureiotcentral.com was not loading when tss-scan-v3 was enabled.
156477Netskope Secure Web Gateway (NG SWG)Netskope features a foreground/background detection system which when applied to web traffic enables block alerts for a webpage to be shown only on the main page.

Traffic for all native apps that do not have an app-specific connector are subjected to this detection logic. The background detection logic takes into account the response headers sent back from the server, while the response never reaches the user. This might result in a potential information leakage due to the user’s request being fully transmitted to the destination server.

To fix this issue, a “native_app_access_notification” feature flag was introduced. Which when enabled causes the traffic to be classified as background traffic therefore bypassing the foreground or background detection logic. Enabling this feature, is subject to all native app traffic evaluation resulting in higher rates of user-facing notification pop-ups.

220068Netskope Secure Web Gateway (NG SWG)Netskope matched the encoding format HTTP response body sent to Client with the one received from server.
206541Netskope Secure Web Gateway (NG SWG)Fixed an issue by creating category based block policy which now displays alert with correct justification usage or false positives.
222710Netskope Secure Web Gateway (NG SWG)Fixed an issue where a Page Event incorrectly indicated a page as isolated inspite of taking correct actions.
222073Netskope Secure Web Gateway (NG SWG)Fixed an issue where bypass Page Events were occasionally generated with Synthetic access method. These are internally generated connections and events that are not expected to be generated for these types of connections.
226528Netskope Secure Web Gateway (NG SWG)Netskope fixed an issue where certain POST requests of type form-data was not working when DLP rules where enabled.
228171Netskope Secure Web Gateway (NG SWG)Netskope fixed an issue where custom URL category was temporarily missing during custom URL Lists or custom category update.
177723Netskope Secure Web Gateway (NG SWG)Fixed an issue where the names of renamed user groups were not displayed in the Real-time Protection policy detail view.
180546Netskope Secure Web Gateway (NG SWG)An issue where user was unable to click and edit on a policy even when other related data was loading and the issue was fixed by optimizing policy table.
218755Netskope Secure Web Gateway (NG SWG)Fixed a bug where earlier a user from an older customer clicked edit and no tunnel option popped.
229655Netskope Private Access (NPA)Prior to restarting NPA service, Netskope Client checks and factors in all conditions such as, user disable, admin disable, on-prem status, and so on.
217624Netskope Private Access (NPA)Fixed an issue to display appropriate error message  if the user has access to more application hosts than permitted with the “host limit”.
221563Platform ServicesIf Role has manage and apply permission for App Definitions then New Certificate Pinned App is disabled. A workaround is to create a role which has manage permission for App Definitions.
221540Remote Browser Isolation (RBI)Fixed an RBAC V1 issue with view only permission, where the user could not see the list of RBI template names for filterRBITemplate and it was throwing a Permission denied message in Skope IT pages. The RBAC V1 helper code has been updated to prevent the issue.
221749Remote Browser Isolation (RBI)Fixed an issue in Skope IT > Applications page and Users page where users were seeing an incorrect Filter by RBI template option.
209042Remote Browser Isolation (RBI)Netskope fixed a known issue where cookies generated in isolation were not stored by default in the end user’s local browser when the “private navigation” was disabled in their RBI template. You can discard the workaround proposed in the previous release.
213114Risk InsightsFixed an issue where some information related to user agent was not extracted properly. The issue was resolved using the agent-parse library. The information is now parsed properly.
222441Skope ITFixed an issue in Skope IT >Events > Application Events where content was hidden as the page cannot be scrolled.
206907SaaS Security Posture Management (SSPM)Fixed an issue where muting all the SSPM raw findings failed. This issue was observed in Netskope SaaS Security Posture Management’s compliance dashboard.
203522Traffic SteeringFixed an issue where AirDrop was not working when the Client was enabled.
215837Traffic SteeringFixed an issue where traffic was not going through the tunnel for a macOS v13 virtual machine. Apple has fixed this with their recent beta Builds 13.1 22C65 and 13.2 22D5027D.
222401Traffic SteeringNetskope fixed an issue where incorrect Windows OS version was displayed on the WebUI device page.
192513Traffic SteeringNetskope Client respond to route changes only when the Netskope Tunnel IP and user IP are of same address family (v4 or v6).
206071Traffic SteeringNetskope fixed the Windows Client agent service hang and timeout issue caused by internal lock mechanism.
222646Traffic SteeringIoCreateDeviceSecure() is used to control access to the driver for every IOCTL. By using this with security descriptors, only system or admin processes are allowed to open a handle.
219888Traffic SteeringFixed a Client installer issue on domain joined Linux machine when login-formats is {domain}{user_name}.
211384Traffic SteeringWith this release non-admin users are incapable to stop Windows Client service.
222645Traffic SteeringIf autoupgrade is disabled, remove any STAgent.msi package which is left in the programdatanetskopestagentdata cache. Rename m_isInstallationHelperFlow to m_isSvcFlow and set it to true only for stAgentSvc service process.
208985Traffic SteeringFixed an issue that the macOS Client sometimes automatically is enabled under some circumstances.
209132Traffic SteeringLegacy device classification component doesn’t support multi cert, newer version will support this function. Netskope rolls out newly refactored service that include this feature.
211697Traffic SteeringNetskope fixed an enrolment issue for Microsoft Teams on Android when ADFS was configured.
219886Traffic SteeringFixed an OpenDevice issue on IPv4 only device. With this fix, IPv6 was enabled by default on all Linux distros.
224893Traffic SteeringFixed a crash issue that occurred while handling log message.
224832Traffic SteeringFixed an issue that existing bypass TCP connection was blocked when failClose was activated on tunnel disconnection.
223954Traffic SteeringFixed a bypass-by-tunnel issue when app domain and tunnel domain was “*”  in certificate pinned app exception.
209646Traffic SteeringNetskope fixed a fail close not working issue for un-provisioned user under multiple user mode on Windows.
226299Traffic SteeringClient enforcement fails due to invalid ELF header, the root cause is that libxmljs ARM version library in Enforcer is incompatible with prod server intel CPU. The libxmljs Intel version is redeployed to repair Client enforcement.
228009Traffic SteeringFixed a log rotation issue when the log size was greater than 25 MB.
225979Traffic SteeringFixed an issue where Netskope certificate cannot be imported into Firefox certificate store when self-protection was enabled on Windows.
228523Traffic SteeringThe traffic to that destination exception should be bypassed locally, when an exception is marked as Treat like local IP.
228693Traffic SteeringNetskope fixed an fail close mode failure issue by fixing the process crash so fail close can block all internet access.
229981Traffic SteeringFixed an issue where Client cross process connection on some Windows machine failed between UI and service after waking up from sleep.
228009Traffic SteeringNetskope fixed an issue where Client notifications were not working in Explicit Proxy over IPSec or GRE Tunnels mode.
228523Traffic SteeringThe traffic to that destination exception should be bypassed locally, when an exception is marked as “Treat like local IP”.
228693Traffic SteeringNetskope fixed an fail close mode failure issue by fixing the process crash so fail close can block all internet access.
224443Traffic SteeringNetskope fixed an issue to improve WebUI performance for Search OU/Group from Client Configuration was improved.
229981Traffic SteeringFixed an issue where Client cross process connection on some Windows machine failed between UI and service after waking up from sleep.
230229Traffic SteeringNetskope fixed an issue where Client notifications were not working in Explicit Proxy over IPSec or GRE Tunnels mode.
179238Traffic SteeringAn issue where client package cannot be downloaded through IDP authentication is fixed now.
230341Traffic SteeringFixed a UDP data handling issue which caused tunnel to disconnect from Netskope Client for Mac users. This was observed when Cloud Firewall mode was enabled.
221336Traffic SteeringThe Steering Exception added by user should retain when User switches from Cloud App to Web Traffic, Web Traffic to All Traffic, and All Traffic to Cloud App or vice-versa.
224209 , 223752Traffic SteeringFixed an issue where server returned error response when trying to fetch user groups, and database that has large user groups dataset for example, around or above 1 million records.
219492UI PlatformFixed a drag and drop control issue by providing a workaround of refreshing browser and then dragging and dropping.
Share this Doc

Fixed Issues In Release 101.0.0

Or copy link

In this topic ...