Fixed Issues In Release 109.0.0

Fixed Issues In Release 109.0.0

Here is the list of fixed issues in this release.

Issue NumberCategoryDescription
244337CASB Real-time ProtectionChanged LinkedIn traffic for Follow and Unfollow activity. Now both the activities have the same traffic, and will be detected as Follow.
310746CASB Real-time ProtectionFixed an issue where Azure Windows Virtual Desktop (WVD) was not working due to recent changes.
312993CASB Real-time ProtectionFixed an issue O365, was not working where domain names were not rewritten due to recent changes .
314569CASB Real-time ProtectionFixed an issue with O365 Planner where incorrect instance ID was detected for multiple activities like Edit, Delete and Create.
314572CASB Real-time ProtectionFixed issue with PDF files Preview in Microsoft OneDrive for Business .
301572CASB Real-time ProtectionFixed incorrect Instance ID detection for MS GCC Azure Download activity.
CASB Real-time ProtectionUpdated Microsoft SharePoint connector to accommodate recent app traffic changes for files larger than 250MB.
313346CASB Real-time ProtectionFixed the issue with ‘From User’ based Upload > Block polices for OneDrive.
280106CASB Real-time ProtectionWhen Netskope tries to block content on Edit activity in OneDrive, the app does multiple re-tries to sync the content and succeeds, even though Netskope blocks it during the first sync attempt. This fix now helps address the re-sync issue.


With this fix, the instance ID for OneDrive would be extracted from the “referrer” uri-param-key. You are advised to add this new instance_id for existing policies related to Edit activity for OneDrive as Netskope plans to make this feature GA soon. Failure to add the new instance ID for existing OneDrive Edit policies would reflect in incorrect matches for OneDrive instance-based policies.

If your referrer has “wopisrc=”, the instance id would be the hostname before “”. (referrer: …wopisrc=… → instance_id: xxxx)

Edit Activity Window
299983CASB Real-time ProtectionAdded executable file type support for downloading Zoom installers.
321276CASB Real-time ProtectionFixed policy match issues during Login Successful and Logout events for OpenDrive application.
306097CASB Real-time ProtectionAdded enhancements to restrict false positive events for Azure blob downloads.
302055Endpoint DLP (EPDLP)Windows Endpoint DLP agent service (“Netskope DLP Service”) will not be registered on the endpoint until the feature is enabled and configured.

Earlier this service was always created, but was disabled. From this release, it will not be visible at all until the feature is enabled.
312519Endpoint DLP (EPDLP)Prior to this release, the Endpoint DLP agent on Windows would leave empty folders under C:\Program Files\Netskope\EPDLP\win\nsvirt-cache, if the folder name was longer than 255 characters.
310631Endpoint DLP (EPDLP)Fixed an issue where the Endpoint Protection page would allow administrators to save filters even if the RBAC permissions made the page read-only.
301763Endpoint DLP (EPDLP)The Windows Endpoint DLP agent would not control printers installed in per-user mode. This release fixes this and per-user printers are now controlled.
298764Endpoint DLP (EPDLP)The MIP Encryption status is now reported in the UI for the DLP Incidents created by Endpoint DLP.
294103Endpoint DLP (EPDLP)The Endpoint Content Control, controls write access to the Check Point Media Encryption unencrypted volume. Typically this volume is controlled by Check Point Media Encryption, but if access is allowed, Endpoint DLP will not control data written to the volume. This issue has now been fixed, and Endpoint DLP will control data written to the volume.
284847Endpoint DLP (EPDLP)Endpoint DLP on macOS blocks the renaming of transferred files until evaluation takes place.
307898Netskope Private Access (NPA)Fixed an issue where users were receiving unexpected re-authentication pop-ups.
298351Netskope Secure Web Gateway (NG SWG)When Inline Large File scanning feature is enabled, a large file download may fail abruptly due to incorrect handling of files downloaded using chunked transfer encoding. In this release, this has been rectified to ensure the download happens successfully.
293307Netskope Secure Web Gateway (NG SWG)Fixed DLP scanning errors that occurred when metadata sent between internal services exceeded a certain limit. This was fixed by removing some unwanted fields from the metadata that were consuming a lot of memory.
291760Netskope Secure Web Gateway (NG SWG)When this feature is enabled, user-generated Page Events will only include Forward to Proxy or RBI information if the main page matches a Forward to Proxy or Isolate policy.
164910Netskope Secure Web Gateway (NG SWG)Fixed an issue which caused connections to sites with certificates soon to be revoked was allowed if a successful connection was made before the OCSP response identifying the certificate as revoked was received.
281743Netskope Secure Web Gateway (NG SWG)Fixed a bug where malware scan exceptions were logged as allow_default. We are now logging the matching real time policy rule name.
289139Netskope Secure Web Gateway (NG SWG)Fixed the following cases where Transaction Event were missing:
  • SSL errors between client device and nsproxy

  • SSL policy lookup result is block.

  • SSL handshake between a client and the nsproxy is successful, but client device decides to stop sending traffic (for example, when an application doesn’t allow MITM cert).
297407Netskope Secure Web Gateway (NG SWG)Fixed a bug when a field having only single whitespace was not quoted which resulted in Transaction Events field to shift left.
296013Netskope Secure Web Gateway (NG SWG)Added App Instance tag in user justification events.
256140Netskope Secure Web Gateway (NG SWG)Fixed an issue where field x-cs-dst-port in Transaction Events was incorrect.
311533Netskope Secure Web Gateway (NG SWG)Fixed an issue where pre-defined list of categories was incomplete when creating a category based policy in Real-Time Protection. This was only seen when RBACv2 was enabled on the tenant
302089Netskope Secure Web Gateway (NG SWG)Fixed a message wording to reflect at least a source criterion along with Any Web Traffic should be selected, as that is a system requirement. The message is now updated as “At least one source criterion should be selected” when “Any Web Traffic’ is selected.
295342Netskope AdaptersFixed an issue where users were not deleted due to out-of-order processing for user delete requests.
313681Platform ServicesFixed an issue in RBACv2 where a user was not listed in Real-time Protection Policy Details page, when role scope has user groups with a substantial number of users, such as 70,000 users per user group.
285887Platform ServicesFixed an issue where SCIM clients create users using the same userName but with a different email.
301966Platform ServicesWhen a user delete request is received for a non-existent user from SCIM clients, the SCIM server will return a HTTP Status code of 404.
14016Remote Browser Isolation (RBI)Fixed an issue with RBI standard error pages (e.g. expired session page) presented to users. If users tried to copy text from that page, another unrelated error template was presented. After this fix, the unrelated RBI page is not presented when the user interacts with it.
309386Remote Browser Isolation (RBI)Fixed an issue in (RTP) Real Time Protection Policy creation where “Extended RBI categories” show up as unrecommended if the new policy is created as “Web Access” type with action = isolate. After this fix, Extended RBI customers will not see the unrecommended category warning for any “Extended RBI category” regardless of how they create the RTP Policy, as an “RBI” or “Web Access” type.
14652Remote Browser Isolation (RBI)Fixed an endless loop when connecting and logging into WeTransfer by adding new probes to the communication protocol between 2 internal RBI modules.
300346Remote Browser Isolation (RBI)Fixed an issue in WebUI affecting non-RBI licensed tenants where RBACv2 was enabled, in which the customers would see a warning message related to RBI templates when accessing the Real Time Protection Policies, even though RBI templates is not available for non-RBI tenants. After this fix the validations have been fixed and the message is not shown anymore.
14014Remote Browser Isolation (RBI)Inactive tabs in background were considered expired due to a timeout management issue. Some modern browsers reduce the consumption of idle tabs, impacting the existing timeouts. Timeouts have been adjusted to cover the case of idle tabs in background.
15755Remote Browser Isolation (RBI)In tenants where the DLP/TSS integration with RBI is enabled, the RBI service crashed on performing requests to certain websites, resulting in browsing in isolation stopping with blank screens or introducing delays in isolated navigation.
305319SkopeITFixed an issue where the MIP related information were not showing up in the SkopeIT pages.
296692Traffic SteeringFixed an issue where the inner packet capture stopped completely whenever the pending packet exceeded maximum size.
312152Traffic SteeringNS Android client handles the cert-pinned app differently. If the cert-pinned app is configured to bypass all traffics from this cert-pinned app, it will support protocols, such as, SIP.

To properly configure bypass all traffics for a cert-pinned app, please add a * in the custom domain field for the cert pinned app.
Edit Exception Window
313512Traffic SteeringFixed an issue where Private Access may go down and won’t recover automatically while using nsDiag tool to get status.
317236Traffic SteeringFixed a resource leak issue pertaining to a Linux client socket handle.
301371Traffic SteeringFixed an issue on macOS that when the admin disables and then enables the Client on the WebUI, fail close mode kicks in but do not block traffic.
314946Traffic SteeringResolved a crash issue and fixed a potential deadlock scenario related to usage of mutex (mutual exclusion lock).
302748Traffic SteeringFixed an issue that when WSS was installed and enabled on the same device, the Client cannot tunnel traffic.
301373Traffic SteeringFixed an issue where the IP-based HTTP/HTTPS web accessing traffic leaked for Per-App VPN and the steering mode is SWG or CFW.
315209Traffic SteeringThe Ubuntu “apt-get” command uses a special user account “_apt” with different session id for Ubuntu version 18, 20 and 22.
Since Linux client only supports single user, we will use current logon user tunnel to tunnel the traffic for system user ‘_apt’. The “apt-get’ traffic will be tunnelled to NS Proxy.
302647Traffic SteeringFixed an issue by updating the last_event_timestamp during soft-migration to prevent non-matching timestamps between device and user entries.
298130Traffic SteeringFixed the role permission issue on Users, Devices, and Groups page to only check Settings and not End Users.

Share this Doc

Fixed Issues In Release 109.0.0

Or copy link

In this topic ...