Fixed Issues In Release 109.0.0
Fixed Issues In Release 109.0.0
Here is the list of fixed issues in this release.
Here is the list of fixed issues in this release.
|244337||CASB Real-time Protection||Changed LinkedIn traffic for Follow and Unfollow activity. Now both the activities have the same traffic, and will be detected as Follow.|
|310746||CASB Real-time Protection||Fixed an issue where Azure Windows Virtual Desktop (WVD) was not working due to recent changes.|
|312993||CASB Real-time Protection||Fixed an issue O365, was not working where domain names were not rewritten due to recent changes .|
|314569||CASB Real-time Protection||Fixed an issue with O365 Planner where incorrect instance ID was detected for multiple activities like Edit, Delete and Create.|
|314572||CASB Real-time Protection||Fixed issue with PDF files Preview in Microsoft OneDrive for Business .|
|301572||CASB Real-time Protection||Fixed incorrect Instance ID detection for MS GCC Azure Download activity.|
|225268||CASB Real-time Protection||Updated Microsoft SharePoint connector to accommodate recent app traffic changes for files larger than 250MB.|
|313346||CASB Real-time Protection||Fixed the issue with ‘From User’ based Upload > Block polices for OneDrive.
|280106||CASB Real-time Protection||When Netskope tries to block content on Edit activity in OneDrive, the app does multiple re-tries to sync the content and succeeds, even though Netskope blocks it during the first sync attempt. This fix now helps address the re-sync issue.
With this fix, the instance ID for OneDrive would be extracted from the “referrer” uri-param-key. You are advised to add this new instance_id for existing policies related to Edit activity for OneDrive as Netskope plans to make this feature GA soon. Failure to add the new instance ID for existing OneDrive Edit policies would reflect in incorrect matches for OneDrive instance-based policies.
If your referrer has “wopisrc=”, the instance id would be the hostname before “.sharepoint.com”. (referrer: …wopisrc=https://xxxx.sharepoint.com/… → instance_id: xxxx)
|299983||CASB Real-time Protection||Added executable file type support for downloading Zoom installers.|
|321276||CASB Real-time Protection||Fixed policy match issues during Login Successful and Logout events for OpenDrive application.
|306097||CASB Real-time Protection||Added enhancements to restrict false positive events for Azure blob downloads.|
|302055||Endpoint DLP (EPDLP)||Windows Endpoint DLP agent service (“Netskope DLP Service”) will not be registered on the endpoint until the feature is enabled and configured.
Earlier this service was always created, but was disabled. From this release, it will not be visible at all until the feature is enabled.
|312519||Endpoint DLP (EPDLP)||Prior to this release, the Endpoint DLP agent on Windows would leave empty folders under C:\Program Files\Netskope\EPDLP\win\nsvirt-cache, if the folder name was longer than 255 characters.|
|310631||Endpoint DLP (EPDLP)||Fixed an issue where the Endpoint Protection page would allow administrators to save filters even if the RBAC permissions made the page read-only.|
|301763||Endpoint DLP (EPDLP)||The Windows Endpoint DLP agent would not control printers installed in per-user mode. This release fixes this and per-user printers are now controlled.|
|298764||Endpoint DLP (EPDLP)||The MIP Encryption status is now reported in the UI for the DLP Incidents created by Endpoint DLP.|
|294103||Endpoint DLP (EPDLP)||The Endpoint Content Control, controls write access to the Check Point Media Encryption unencrypted volume. Typically this volume is controlled by Check Point Media Encryption, but if access is allowed, Endpoint DLP will not control data written to the volume. This issue has now been fixed, and Endpoint DLP will control data written to the volume.|
|284847||Endpoint DLP (EPDLP)||Endpoint DLP on macOS blocks the renaming of transferred files until evaluation takes place.|
|307898||Netskope Private Access (NPA)||Fixed an issue where users were receiving unexpected re-authentication pop-ups.|
|298351||Netskope Secure Web Gateway (NG SWG)||When Inline Large File scanning feature is enabled, a large file download may fail abruptly due to incorrect handling of files downloaded using chunked transfer encoding. In this release, this has been rectified to ensure the download happens successfully.|
|293307||Netskope Secure Web Gateway (NG SWG)||Fixed DLP scanning errors that occurred when metadata sent between internal services exceeded a certain limit. This was fixed by removing some unwanted fields from the metadata that were consuming a lot of memory.|
|291760||Netskope Secure Web Gateway (NG SWG)||When this feature is enabled, user-generated Page Events will only include Forward to Proxy or RBI information if the main page matches a Forward to Proxy or Isolate policy.|
|164910||Netskope Secure Web Gateway (NG SWG)||Fixed an issue which caused connections to sites with certificates soon to be revoked was allowed if a successful connection was made before the OCSP response identifying the certificate as revoked was received.|
|281743||Netskope Secure Web Gateway (NG SWG)||Fixed a bug where malware scan exceptions were logged as allow_default. We are now logging the matching real time policy rule name.|
|289139||Netskope Secure Web Gateway (NG SWG)||Fixed the following cases where Transaction Event were missing:
|297407||Netskope Secure Web Gateway (NG SWG)||Fixed a bug when a field having only single whitespace was not quoted which resulted in Transaction Events field to shift left.|
|296013||Netskope Secure Web Gateway (NG SWG)||Added App Instance tag in user justification events.|
|256140||Netskope Secure Web Gateway (NG SWG)||Fixed an issue where field x-cs-dst-port in Transaction Events was incorrect.|
|311533||Netskope Secure Web Gateway (NG SWG)||Fixed an issue where pre-defined list of categories was incomplete when creating a category based policy in Real-Time Protection. This was only seen when RBACv2 was enabled on the tenant|
|302089||Netskope Secure Web Gateway (NG SWG)||Fixed a message wording to reflect at least a source criterion along with Any Web Traffic should be selected, as that is a system requirement. The message is now updated as “At least one source criterion should be selected” when “Any Web Traffic’ is selected.|
|295342||Netskope Adapters||Fixed an issue where users were not deleted due to out-of-order processing for user delete requests.|
|313681||Platform Services||Fixed an issue in RBACv2 where a user was not listed in Real-time Protection Policy Details page, when role scope has user groups with a substantial number of users, such as 70,000 users per user group.|
|285887||Platform Services||Fixed an issue where SCIM clients create users using the same userName but with a different email.|
|301966||Platform Services||When a user delete request is received for a non-existent user from SCIM clients, the SCIM server will return a HTTP Status code of 404.|
|14016||Remote Browser Isolation (RBI)||Fixed an issue with RBI standard error pages (e.g. expired session page) presented to users. If users tried to copy text from that page, another unrelated error template was presented. After this fix, the unrelated RBI page is not presented when the user interacts with it.|
|309386||Remote Browser Isolation (RBI)||Fixed an issue in (RTP) Real Time Protection Policy creation where “Extended RBI categories” show up as unrecommended if the new policy is created as “Web Access” type with action = isolate. After this fix, Extended RBI customers will not see the unrecommended category warning for any “Extended RBI category” regardless of how they create the RTP Policy, as an “RBI” or “Web Access” type.|
|14652||Remote Browser Isolation (RBI)||Fixed an endless loop when connecting and logging into WeTransfer by adding new probes to the communication protocol between 2 internal RBI modules.|
|300346||Remote Browser Isolation (RBI)||Fixed an issue in WebUI affecting non-RBI licensed tenants where RBACv2 was enabled, in which the customers would see a warning message related to RBI templates when accessing the Real Time Protection Policies, even though RBI templates is not available for non-RBI tenants. After this fix the validations have been fixed and the message is not shown anymore.|
|14014||Remote Browser Isolation (RBI)||Inactive tabs in background were considered expired due to a timeout management issue. Some modern browsers reduce the consumption of idle tabs, impacting the existing timeouts. Timeouts have been adjusted to cover the case of idle tabs in background.|
|15755||Remote Browser Isolation (RBI)||In tenants where the DLP/TSS integration with RBI is enabled, the RBI service crashed on performing requests to certain websites, resulting in browsing in isolation stopping with blank screens or introducing delays in isolated navigation.|
|305319||SkopeIT||Fixed an issue where the MIP related information were not showing up in the SkopeIT pages.|
|296692||Traffic Steering||Fixed an issue where the inner packet capture stopped completely whenever the pending packet exceeded maximum size.|
|312152||Traffic Steering||NS Android client handles the cert-pinned app differently. If the cert-pinned app is configured to bypass all traffics from this cert-pinned app, it will support protocols, such as, SIP.
To properly configure bypass all traffics for a cert-pinned app, please add a * in the custom domain field for the cert pinned app.
|313512||Traffic Steering||Fixed an issue where Private Access may go down and won’t recover automatically while using nsDiag tool to get status.|
|317236||Traffic Steering||Fixed a resource leak issue pertaining to a Linux client socket handle.|
|301371||Traffic Steering||Fixed an issue on macOS that when the admin disables and then enables the Client on the WebUI, fail close mode kicks in but do not block traffic.|
|314946||Traffic Steering||Resolved a crash issue and fixed a potential deadlock scenario related to usage of mutex (mutual exclusion lock).|
|302748||Traffic Steering||Fixed an issue that when WSS was installed and enabled on the same device, the Client cannot tunnel traffic.|
|301373||Traffic Steering||Fixed an issue where the IP-based HTTP/HTTPS web accessing traffic leaked for Per-App VPN and the steering mode is SWG or CFW.|
|315209||Traffic Steering||The Ubuntu “apt-get” command uses a special user account “_apt” with different session id for Ubuntu version 18, 20 and 22.
Since Linux client only supports single user, we will use current logon user tunnel to tunnel the traffic for system user ‘_apt’. The “apt-get’ traffic will be tunnelled to NS Proxy.
|302647||Traffic Steering||Fixed an issue by updating the last_event_timestamp during soft-migration to prevent non-matching timestamps between device and user entries.|
|298130||Traffic Steering||Fixed the role permission issue on Users, Devices, and Groups page to only check Settings and not End Users.