Fixed Issues In Release 114.0.0
Fixed Issues In Release 114.0.0
Here is the list of fixed issues in this release.
| Issue Number | Category | Description |
|---|---|---|
| 403126 | API Data Protection | Fixed an issue where a user failed to restore a quarantined Google Sheets file that had a pivot table inside it. |
| 411666 | API Data Protection | Fixed an issue in API Data Protection for Microsoft 365 SharePoint Online where the email notification for a DLP match was sent to the last modified user instead of the owner of the file. |
| 417089 | API Data Protection | Fixed in issue in API Data Protection for Microsoft Office 365 Teams where a DLP incident was generated for a user who had left the organization. This incorrect user mapping of DLP incidents in Microsoft 365 Teams chat notifications has been fixed. |
| 418122 | API Data Protection | Fixed an issue related to retroactive scan filters for Microsoft 365 SharePoint. This issue was observed when the site was created under a custom namespace such as /teams/. For example:
|
| 424879 | API Data Protection | Fixed an issue with downloading quarantined files in Microsoft 365 SharePoint Online using REST API v1. |
| 416137 | Behavior Analytics | In UEBA sequence policies, the list of users added as included or excluded in the policy criteria can be intermittently ignored leading to incorrect alerts. As a part of this fix, we have added appropriate control mechanisms to always honor the list of users configured in the policy. |
| 426763 | CASB Real-time Protection | Fixed an issue with block action failure for Microsoft Live Login Successful activity. The fix is available as part of the 113.0.5 DD release. |
| 396225 | CASB Real-time Protection | An existing behaviour since R109 is that, whenever there was a block policy on ‘Upload’/’Rename’, Netskope blocked the first attempt and allowed the file to be uploaded/renamed on successive retry attempts by the Sync app. This change was done to avoid repetitive “activity alerts” and “user alerts” for block events that were caused by the successive retries (every 10-40 secs) done by the Microsoft ODFB Sync app. From this release, the below options are available:
 Timeline for Changes: The above changes will be live from 1st May, 2024. |
| 402561 | CASB Real-time Protection | Added coverage for below activities:
Removed coverage for Rename page as it cannot be supported due to change in application traffic. |
| 331399 | CASB Real-time Protection | Appdetect was not handling “bypass” policy action in response direction. This resulted in streaming-data being held by NSProxy, even though response header policy with bypass action is configured. Fixed this issue by adding the required workflow to handle “bypass” policy action in response side. Note This has to be enabled per tenant. Contact your Netskope sales representative or Netskope support team to enable this for your tenant. |
| 419291 | Classic Reports | Fixed an issue when the report description was incorrectly transformed into an unsupported widget type, causing report downloads to fail. |
| 402222 | Data Protection | File name for Original files downloaded from DLP incidents are derived from Object name given to DLP scan request. Object name is used as-is by replacing special characters are not allowed in common file systems. In previous releases, Object name was treated as file system path, this caused truncation of file names in some situations where `/` is used as part of the file name and not as a path separator. |
| 397197 | Data Protection | Fixed an issue where FileFilter used in conjunction with advanced profile conditions can produce incorrect DLP results. |
| 432993 | Endpoint DLP (EPDLP) | Fixed a compatibility issue between Endpoint DLP Printer Content Control and Crowdstrike on Windows. This issue previously could prevent certain applications, like Update.exe (part of Microsoft Teams) and Keepass.exe, from starting correctly. |
| 433204 | Endpoint DLP (EPDLP) | On macOS, when files were copied to USB storage devices, users saw the progress dialog telling them that their file was being examined – even if there was no content control policy being enforced. This is fixed. Now the dialog should only be seen if content control policies are being enforced. |
| 426172 | Endpoint DLP (EPDLP) | Previously, in the rare scenarios when a DLP content scan times out, it was categorized as a Network Error, and the agent would go into offline mode for 15 minutes. Now, scanning timeouts are treated as errors and will not cause the agent to go into offline mode. |
| 425846 | Netskope Public Cloud Security | Fixed an issue where granting access to an IaaS Azure instance with forensics selected was mandating a Reader role to be assigned to the App Registration. |
| 414276 | Netskope Secure Web Gateway (NG SWG) | Fixed a bug where spurious alerts could be generated after a content scan failure. When the TSS or DLP scan failure action is set to alert, an alert is generated with details of the scan failure. An example of a scan failure is a file that is too large to scan. These alerts were being properly generated but there could be additional alerts generated for subsequent files sent on the same TCP connection, even if there was no scan failure or profile match for those files. These spurious alerts would have no policy name and no indication of scan failure. |
| 416174 | Netskope Secure Web Gateway (NG SWG) | Adobe app sends metadata about file, along with actual file during Upload activity. This metadata was processed as separate file and subjected to DLP check. With the fix, this metadata will be skipped and unwanted events will not be generated. |
| 426764 | Netskope Secure Web Gateway (NG SWG) | Added connection close header when closing non-persistent connections that were used to address an issue seen with Apple AppProxy on Mac NSClient during multipart uploads to S3. |
| 330738 | Netskope Secure Web Gateway (NG SWG) | Fixed an issue with trailer header handling in HTTP2 that caused the end stream flag to be incorrectly set on header frame when the content is held for inspection by proxy. |
| 403389 | Netskope Secure Web Gateway (NG SWG) | Fixed a bug with group based policy matching when a tenant has both an organizational unit (OU) and a group that have the same name and both are used in policies. If a tenant was configured with policies that included an OU and a group of the same name then group based policies might not match as expected or might fail to match. Note that the group and OU would have to appear in the same policy rule to trigger this issue. Group and OU based policies using any group or OU (not just the ones with the same name) were also affected. With this fix, groups and OUs with the same name are supported. |
| 233625 | Netskope Secure Web Gateway (NG SWG) | Fixed an issue in certain combined use scenarios (for example, NSClient with IPS enabled or RBI use case), transaction event records incorrect information, leading to a mismatch between cs-uri-scheme and x-cs-sni information. |
| 409232 | Netskope Secure Web Gateway (NG SWG) | Updated the correct cs-host value while domain fronting event was logged in transaction event. |
| 417308 | Netskope Secure Web Gateway (NG SWG) | Fixed an issue by improving the payload mechanism to allow files smaller or less than 7MB, a warning message is displayed for files larger than 7MB. |
| 414123 | Netskope Secure Web Gateway (NG SWG) | Fixed an issue by adding validation to create policy and API’s to validate excludedUserGroupObjects and userGroupObjects against non empty name and id. |
| 421398 | Netskope Private Access (NPA) | Private application host names can now be defined using multiple hyphens. |
| 414964 | Netskope Private Access (NPA) | An issue with Private Access client re-enrollment when UPN of the user changes has been resolved. |
| 414782 | Platform Services | Fixed an issue when the ‘deleteADDisabled’ feature is enabled and any request using the `/adsync` API is not deleting the user. As a result the user is visible in the UI. |
| 355417 | Real-Time Policy | User Alert action is no longer supported for the following real-time policy combinations:
Action is determined by the selected categories and their respective activities. Therefore, existing policies with Security Risk as a chosen category and User Alert as an action will default to Alert upon policy edit. As a best practice we recommend policies for Security Risk categories should be kept separate from other categories, and the block action is reccomended. |
| 14897 | Remote Browser Isolation (RBI) | Fixed an issue with Gmail when opening an attachment in Google Docs that leveraged about:blank pages before connecting to the URL. With this fix, Gmail attachments are opened correctly in Google docs. |
| 17986,18593,17514,18724,16203,18593 | Remote Browser Isolation (RBI) | Fixed a Google SSO login race condition that hindered the behaviour of the different browsing mechanisms used by login to perform SSO correctly. With this fix, Google SSO login is supported in all apps. |
| 20397 | Remote Browser Isolation (RBI) | Fixed an issue on file extensions missing for some intermediate files on RBI file uploads which is required by some cloud apps to work, causing file uploads to not work. |
| 429064 | Traffic Steering | Fixed a bug that caused the Netskope Client app to stop sending out Client status messages to “addonman” host when the Digital Experience Management(DEM) Client Status is enabled and no tenant ID is provided during the Netskope Client provisioning. |
| 425429 | Traffic Steering | Fixed an issue that prevented Netskope client from blackholing the device(loss of network access) due to intermittent ERROR_OPERATION_ABORTED(995) error. |
| 432691, 428536 | Traffic Steering | Earlier the old uid device entry was cleared. This is now fixed by adding a condition to prevent a rare case where the device gets deleted due to same `nsdeviceuid` and `old_nsdeviceuid` values. |
| 422599 | Traffic Steering | When connected to an open network, you need to connect over a VPN to your corporate network for access and hence GRE is used for steering. Netskope Client disables itself after detecting other steering methods. Fail close gets activated after configuration update and the traffic is dropped even if other steering method is present. This issue is now fixed. |
| 401367 | Traffic Steering | Fixed an issue where default exceptions of the Steering Configurations regenerated after the configurations are modified but not the traffic type. |
| 433333 | Traffic Steering | Fixed an issue where the Netskope Client auto-upgrade failed when “Protect Client configuration and resources” is enabled while using version 113.0.0. |
| 422894, 419284 | Tunnel Steering | Mark the IPSec/GRE tunnel as down if the data plane PoP (selected for the tunnel) is going through auto-failout (AFO) or manual-failout (MFO). |
