Skip to main content

Netskope Help

Fixed Issues In Release 99.0.0

Here is the list of fixed issues in this release.

Issue Number




API Data Protection

Fixed an issue where the exposure type of some files was incorrect. This was due to an incorrect exposure calculation of a user in Microsoft Teams. Netskope miscalculated the users that were part of a sub-domain as ‘external’.


API Data Protection

Fixed an issue where Netskope API Data Protection failed to create a quarantine folder for OneDrive. This issue was observed when the primary email value was different from User Principal Name (UPN).


API Data Protection

Fixed an issue in Microsoft Office 365 Teams ongoing flow where incorrect cache locking logic adversely impacted end-to-end notification processing time.


API Data Protection

Fixed an issue where Netskope made a large number of webhook subscription refresh calls in a short period of time for Outlook resulting in a rate limit. The webhook subscription refresh API calls are now spread over a 4 hour window.


API Data Protection

Netskope fixed an issue where All External Domains Except type policy was failing in SharePoint. The issue was caused due to the miscalculation of the domains a file shares.


API Data Protection

Fixed an issue where restoring the quarantined file was failing for Google Drive due to an auto mimeType conversion from application/msdosxprogram to Google native files (Google Sheets, Google Docs).


API Data Protection

Fixed an issue in retroactive scan for OneDrive on Active Directory groups having email ID with uppercase characters.


Behavior Analytics

Fixed an issue where UCI score was not updated in some cases for UBA alerts.


CASB Real-time Protection

Fixed an issue by implementing "from_user validation". If the validation fails then the "from_user" value is incorrect and the data is dumped in logs for further analysis.


CASB Real-time Protection

Updated the connector to fix an issue where due to the filetype, nspolicy_lookup was not applied properly.


CASB Real-time Protection

Added Webex Meeting to the Netskope Cert-pinned application list.


CASB Real-time Protection

With this fix, the start and end times for time based policies are shown in the end user's local time zone, providing a clearer understanding of when the policy will be activated and deactivated.


CASB Real-time Protection

Fixed an issue where file uploads from cloud location was not detected. The fix provided Attach activity support for file uploads through the cloud.


CASB Real-time Protection

Fixed an activity detection issue in Gmail by introducing coverage for send, delete, and create activity.


CASB Real-time Protection

Netskope fixed Google user-account-settings screen not loading issue in reverse proxy deployment.


CASB Real-time Protection

Netskope fixed an issue to display the names of renamed user groups in the Real-time Protection policy detail view.


CASB Real-time Protection

Fixed a page reload issue in block policy encountered while uploading images to Google Docs.


Cloud Confidence Index (CCI)

Updated the app location information to reflect the correct country.


Data Protection

Netskope fixed an issue by validating regex entered for a new entity using the new Entity Modifier UI.


Data Protection

Netskope fixed an issue where an error message was thrown when looking at DLP Incidents created by the File Classifier or a File Filter match in a DLP Profile.


Data Protection

Netskope fixed an issue where UI throws error on clicking the next and previous buttons, when the workflow of an incident inside a filtered list is changed.


Data Protection

Netskope fixed an issue by updating the datatype to overcome the assumption of maximum length for an entity name.

191303, 214959

Endpoint DLP

Netskope fixed the following issues:

  • Configuration and Policy value updates.

  • File paths displayed with mixed delimiters in the events and alerts UI.

  • Content control events in certain scenarios did not showed device information. Missing Forensic data for DLP Incidents in some incidents.

  • The Do not display this message again in device control block messages did not work to prevent messages from being shown again.

  • On the Alerts page, the User Alert in the Action column was not filtered correctly, and the Device field names in Events, Alerts, and Incidents was not matching the names used in Device Constraints.

  • Alerts not containing a Name value.

  • Endpoint Events only contained the device Vendor ID and not the manufacturer name.

  • For some endpoints, USB port blocking was not reset after removing the disallowed USB device.

  • In order to perform device control, both the Device Control and Content Control policies had to be present.

  • Other minor fixes on the Alerts page related to Endpoint DLP alerts.


Incident Management (IM)

An issue was fixed by providing a distinctive identification to Incident-Lookup ClickHouse Queries through request headers.


Platform Services

Fixed an issue when using a Microsoft Active Directory (AD) group that was renamed before deletion caused stale entries. This prevented new user creation in a new AD group using the same group name.


Netskope Secure Web Gateway (NG SWG)

Netskope fixed an issue by increasing the maximum connections to avoid connection failures when performing SAML forward proxy authentication.


Netskope Secure Web Gateway (NG SWG)

When the API based HTTP Redirect feature was moved to the UI, the API based solution failed. This is now fixed.


Netskope Secure Web Gateway (NG SWG)

Fixed an issue where malware alert transaction ID did not match with CTEP alert transaction ID in the web session.


Netskope Secure Web Gateway (NG SWG)

Netskope fixed a parser behavior error in the URI by escaping whitespaces to "%20" for cs-uri-query and cs-uri.

For example, "/some bad uri" would become "/some%20bad%20uri".


Netskope Secure Web Gateway (NG SWG)

Netskope fixed an issue where the byte counts in Page Events might not include data for all transactions if it takes longer than 60 seconds to complete. For example, if a user browses to a OneDrive folder and downloads a very large file, the file is correctly associated with the Page Event but the bytes transferred for the download might not be included in the page event byte count.

With this fix, Page Event generation is delayed until all associated transactions are completed to include accurate byte counts in the Page Event.


Netskope Secure Web Gateway (NG SWG)

Netskope fixed an issue by including native application support for Microsoft BITS user agent. From this release Microsoft BITS application OS is detected as Windows.


Netskope Secure Web Gateway (NG SWG)

Activity changes were not displayed in the Pending Changes modal, this issue is fixed.


Netskope Secure Web Gateway (NG SWG)

Netskope fixed an issue that caused inconsistent URL lookup results for certain URLs between each query.


Netskope Secure Web Gateway (NG SWG)

Netskope fixed an 'unable to load a site' issue by disabling HTTP2 server push promise frames.


Netskope Secure Web Gateway (NG SWG)

Netskope fixed an issue when the Client IP (c-ip) field in Transaction Events is empty whenever the Netskope Proxy received an empty machine IP from the Client.

The issue was resolved by validating the received machine IP on the Netskope Proxy and using the email address or original IP as fallback mechanism when the machine IP field is empty.


Netskope Secure Web Gateway (NG SWG)

Fixed an issue when downloading a file on Box sometimes resulted in truncated file sizes when DLP policies are enabled.


UI Platform

Netskope fixed a session timeout issue which caused users to logout randomly.


Netskope Private Access (NPA)

Fixed a REST APIv2 issue when API calls failed to deploy for a URL list that contained special characters such as %A8 or %ED.


Netskope Private Access (NPA)

Netskope fixed an issue where API throws generic exceptions when invalid parameters are supplied to API Gateway.


Netskope Private Access (NPA)

Netskope fixed an issue by making system DNS configuration changes when NPA was connected or disconnected, to notify third-party applications about NPA tunnel On/Off.

  • When NPA was connected, a dummy resolver was included by using setResolver(). Supplemental resolver is

  • When NPA was disconnected dummy resolver was removed.


Netskope Private Access (NPA)

Netskope fixed an issue of incorrect NPA Private App over proxy detection in macOS Client.


Netskope Private Access (NPA)

Additional debug logging was added to detect enrollment failure. Netskope supports NPA enrollment by using email ID, Electronic Data Interchange Personnel Identifier (EDIPI), and Department of Defense ID (DODID).


Netskope Private Access (NPA)

Netskope fixed an issue where  NPA prelogon tunnel was unable to connect, when client-disable feature was also enabled.


Netskope Private Access (NPA)

Netskope fixed a timing sequence issue that blocked a user from enrollment in 'per user mode'


Remote Browser Isolation (RBI)

Netskope fixed an issue that prevented customers to identify the RBI template applied to any isolate Real Time Protection Policy in the security admin audit logs. Prior to this fix, an audit log activity was visible if a template was applied to an RBI policy, but the RBI template was not identified.


Remote Browser Isolation (RBI)

RBI fixed an issue with the identification of some RBI supported browsers in Linux. Prior to this fix RBI users were being shown the “browser has not been extensively tested” warning message for supported browsers. The warning message did not prevent users from browsing in isolation.


Remote Browser Isolation (RBI)

RBI fixed an issue that prevented users from seeing RBI user notifications in some pages that use “ephemeral” new tabs to perform the operation, such as printing. With this fix, user notifications are now transported to the parent isolated tab so RBI users can acknowledge the notification (e.g. printing has been disabled)


Traffic Steering

IPSec employs a pool of threads to serve tenant traffic. However, due to uneven load sometimes traffic from all tenants land on the single thread causing severe reduction in service capacity.

This fix updated the load balancing algorithm IPsec GW uses to distribute between threads.


Traffic Steering

The fix addressed an issue where the DNS bypass did not support IPv6. This happened when Dynamic Steering is enabled along with Off-Prem Web mode and NPA.


Traffic Steering

To eliminate wrongly attributed user issues , the Client must examine the error handling when handling SYNC packets. The Client cannot report any wrongly attributed user information during steering as long as the Client never steers packet with the existing tunnel when the process ID or session ID of the packet is unavailable. This is fixed now.


Traffic Steering

Fixed an issue where the Unenroll menu is in enabled state even when disabled from the tenant configuration.


Traffic Steering

Fixed issues related to invalid applink data and race conditions for service task readiness check.

216474, 214890

Traffic Steering

Netskope fixed a network traffic bypassing issue with cert pinned apps using AppIDs consisting of both lowercase and uppercase letters. For example, the Slack app for Android.


Traffic Steering

Fixed an issue where the Netskope Client crashed whenever encrypt config is enabled on macOS Ventura 13.0.


Traffic Steering

Fixed an issue where the Netskope Client was not reporting installation time if the user was not provisioned during install time.


Traffic Steering

Netskope fixed a Blue Screen Of Death (BSOD) issue due to DNS processing. This fixes unnecessary DNS processing in rx path and also avoids anything other than A, AAAA, SRV parsing, if only NPA is enabled.


Traffic Steering

Netskope fixed a socket connection issue between UI and main service after resuming from hibernation on Windows. The issue was fixed by introducing code to recheck and reset the connection after resuming from the hibernate event.


Traffic Steering

The certificate pinned application rules should not be applied when the destination hostname is empty.


Traffic Steering

Netskope fixed an issue where the Client was getting incorrect process names for processes running in Windows Subsystem for Linux (WSL). Use another API that supports the process name on WSL to get the correct process name.


Traffic Steering

This fix addressed an issue where Mac users were unable to enroll through IdP with Okta Verify. The WebView API used in the authentication mini-browser does not call custom URL schemes automatically. The Okta Verify was relying on "com-okta-authenticator:/" URL scheme . The fix added required code to handle cases like this one.


Traffic Steering

IPsec Gateway had aggressive timers for the endpoints and peer re-authentication. This issue was fixed by updating the timers.


Traffic Steering

Netskope fixed a recurring tunnel tearing down issue on Windows. The issue occurred when Windows network driver returned 1214 error code when a network packet was sent.



Netskope resolved an issue where the CTEP alerts message URL field did not include the web traffic port steered over non standard HTTP ports.



An issue where CTEP domain allowlist and signature overrides could not be applied is now resolved.