Fixed Issues In Release 119.0.0

Fixed Issues In Release 119.0.0

Here is the list of fixed issues in this release

Issue NumberCategoryDescription
465148CASB Real-time ProtectionImproved detection efficacy for image files in HubSpot. The object name for valid image files can be detected now.
The filetypes belonging to background traffic will not be detected and the list of filetypes excluded are listed below:

  • .css

  • .ico

  • .swg

  • .woff

  • .woff2

  • .gif

  • .js

  • .ttf

    489356CASB Real-time ProtectionFixed an issue where Microsoft Whiteboard cannot be accessed via Reverse Proxy.
    479134CASB Real-time ProtectionCorrect form post activity are triggered for “Ansarada” application. This was done by improving the content body traffic from the application.
    465844CASB Real-time ProtectionThe FormPost activity is meant for content inspection (DLP/TSS). However, it was noticed that the FormPost was getting generated even for the NON-DLP/TSS-based policies.
    As a fix, if the backend processing resulted in the FormPost activity with the NON-DLP/TSS policy invocation, the activity in the said application event is converted to Browse from FormPost.
    424066CASB Real-time ProtectionAdded tenant feature flag to apply traffic action if content Inspection is not enabled via connector.
    For example, Google Drive with couple characters might not enable Content Inspection. If the flag is disabled, traffic action of DLP won’t be enforced, else DLP rule is respected. Please reach out to support in case the flag needs to “enabled”.
    482185Cloud TAPFixed a crash in Cloud TAP Stitcher by enhancing validation of input data blobs.
    470596Cloud TAPEnhanced Cloud TAP Stitcher to handle the scenario of multiple clients with same IP address and same port connecting to the same server simultaneously.
    493377Data ProtectionUpdated the following predefined Password Entities to reduce false positives:


    • “Password Terms (English)” no longer matches certain abbreviated terms (like, “sqlp/w” and “mYP/w”), but still allows variations such as “p/w”, “mypw”, and “sqlPwd”.

    • “Passwords (Common)” no longer matches several common words, including, but not limited to, “admin”, “basketball”, “chocolate”, “superman”, and “welcome”.

    • “Passwords (Contextual)” reduces matches for variable substitutions that resemble passwords within source code, such as “default_password=$default_password”.

    488297Data ProtectionFixed an issue wherein the download of subfiles was unavailable in Incidents for non-container files because the file name of the scanned file was unknown.
    489395Data ProtectionThe validation criteria for file hashes within a File profile have been updated to be case-insensitive.
    490382Email DLPEnhanced the MIME decoding logic for the email subject field in events, incidents, or alerts related to Email DLP, now supporting both UTF-8 and ISO-8859-1 encodings.
    488386Endpoint DLP (EPDLP)For macOS, the visibility of the file-scanning progress dialog can now be controlled by the end-user (via a checkbox on the dialog), or by the administrator (via a backend option). If you would like to enable/disable this dialog across your entire organization, please contact the support team.
    461782Endpoint DLP (EPDLP)Fixed an issue where EPDLP upgrades from old versions (R102-R108) failed to correctly install the new epdlp.exe.
    322097Netskope Private Access (NPA)Fixed an issue when the traffic steering mode is set to None, the macOS users are unable to disable NPA tunnel since the option to disable Client gets disabled.
    322094Netskope Private Access (NPA)Fixed an issue where the NPA Block notification was not displayed to the end users when Client was configured as NPA only mode, or traffic steering mode is set to ‘None’.
    459268Netskope Secure Web Gateway (NG SWG)Cross-site request to RBI were failing with access method Explicit Proxy + SAML due to RBI “probe” requests not steered. This is fixed by properly identifying such requests and always forwarding those to RBI.
    493139Netskope Secure Web Gateway (NG SWG)When the non-persistent connection feature is enabled for a domain, proxy sends a connection close header to signal the client to not use persistent connection. It was also sent for a 101 upgrade response. After the fix, it is not sent for informational messages.
    479184Netskope Secure Web Gateway (NG SWG)Fixed a Page Events issue where the conn_endtime field failed to reflect correct endtime of the last transaction associated with the Page Event. This gave the illusion that the page event was completed earlier than it actually was.

    The conn_endtime field is now updated when any transaction associated with the page event completes. The conn_endtime field now accurately reflects the time as which the page event completed.
    479385Netskope Secure Web Gateway (NG SWG)Netskope adds the ns.js into all HTML responses. After this fix, Netskope no longer adds the json file if the Content-Disposition header is present in the response with a value other than “inline”.
    457975Netskope Secure Web Gateway (NG SWG)For transactions matching a Real-time Protection rule that includes a category condition, the “category” field in application events, alerts, and user notification messages is expected to be a category that is both associated with the transaction and part of the matched policy rule.

    Previously, when content inspection (DLP, threat scan, or file detection) is required to make the final policy determination, the category field would be one of the categories associated with the transaction but might not be one of the categories associated with the matched policy rule. The “category” field now reflects a category for the transaction that is also part of the matched policy rule.

    Note that this change does not apply to DLP alerts and the category field in DLP alerts will not necessarily reflect a category that is included in the matched policy rule. This limitation will be addressed in a future release.
    22378, 17170Remote Browser Isolation (RBI)Fixed an issue with RBI isolation indicators (visual cues) presented to the user. These indicators were rendered before the isolated webpage was fully loaded, which could lead to some of these indicators disappearing after the isolated page was fully loaded and the page title set. Isolation indicators are now rendered after the isolated webpage is fully available.
    21885Remote Browser Isolation (RBI)Fixed an issue with Read-Only feature where users could type in certain webpage elements when RBI could not get their properties and determine if they were editable. With this fix, Read-only is now applied to all editable elements and elements where the properties could not be evaluated.
    20421Remote Browser Isolation (RBI)Fixed an issue around cookie handling when Private navigation is disabled. Expired cookies were not properly deleted from storage at user’s browser, so wrong cookies were being retrieved by RBI in the next session, incorrect cookie parsing and login details lost.
    447177SaaS Security Posture Management (SSPM)Fixed errors faced when filtering by rule names with comma (,) in it.
    482990Traffic SteeringWith this fix, Netskope Client Captive Portal feature now supports meta refresh element HTTP redirection.
    492545Traffic SteeringFixed an issue where the UI logs were missing in Netskope Client for macOS log bundle if collected remotely.
    489520Traffic SteeringFixed Netskope Client for macOS crash issue caused by the Client trying to bypass IPv6 mDNS packets.
    487939Traffic SteeringFixed an issue where the Netskope Client cannot auto upgrade when self-protection and per user mode are both enabled.
    470467Traffic SteeringFixed an issue where the Docker pull failed as the Docker proxy process is unable to handle a force reset in a closing connection. The fix is released as part of mainstream release version 119.0.0 and is back ported to versions such as 114, 117, and 118.
    495212Traffic SteeringFixed a crash issue by enhancing DEM exception handling.
    351919Traffic SteeringFixed an issue where installation time was not getting displayed on Mac device installed with IDP mode.
    392768Traffic SteeringFixed an issue where Device Posture change event always displayed Client Status as disabled.
    473189, 465601Traffic SteeringFixed an issue where the Netskope Client failed to establish a tunnel due to the Client cert validation issue in OpenSSL for Chromebook devices running ChromeOS version 125.
    486408, 351919Traffic SteeringFixed an issue where the Netskope Client installed in IDP mode did not display the correct Installation Time on the Device webUI.
    492785Traffic SteeringFixed an outer packet capture issue where it took longer time to stop the packet capture. With this fix, the outer packet capture stops immediately for Netskope Client for Windows.

    504328Traffic SteeringFixed an issue on the macOS devices that resulted in the Netskope Client to crash on a network change.
    453717Traffic SteeringAfter the”TLS 1.3 hybridized Kyber support” feature was enabled by Google Chrome in version 124, the “Client Hello” packet of the TLSv1.3 negotiation became bigger than the normal MTU, and required fragmentation. Netskope Client failed to fetch the hostnames when SNI check is enabled in Client Configuration. This issue is now fixed.

    With this fix, the Netskope Client can fetch the SNI from the packets when the SNI Check feature is enabled. You will have to enable a feature flag to enable this fix. Contact Netskope Support to enable this feature flag.

    If the feature flag is disabled and the SNI Check feature is enabled, Netskope Client instead gets the hostname from DNS query.
    503501Traffic SteeringFixed an issue where if the Netskope Client fails to establish DTLS connection and did not fallback to TLS.
    467283Traffic SteeringFixed an issue where deleting certificate-pinned applications in App Definitions > Certificate Pinned Apps did not remove the corresponding certificate pinned exceptions under the Steering Exceptions page. With this fix, Netskope deletes related app exceptions in Steering Configuration while deleting custom cert-pinned apps.
    493685Traffic SteeringFixed an issue that caused losing the tenant name configured by the MDM server.
    484812Traffic SteeringWith this fix, Client automatically reloads when system reports irrecoverable kernel memory errors.
    492851Traffic SteeringFixed an issue where traffic is getting bypassed for off-premises mode after enabling dynamic steering in the steering configuration and removing all category exceptions.

    Share this Doc

    Fixed Issues In Release 119.0.0

    Or copy link

    In this topic ...