Fixed Issues In Release 114.0.0

Fixed Issues In Release 114.0.0

Here is the list of fixed issues in this release.

Issue NumberCategoryDescription
403126API Data ProtectionFixed an issue where a user failed to restore a quarantined Google Sheets file that had a pivot table inside it.
411666API Data ProtectionFixed an issue in API Data Protection for Microsoft 365 SharePoint Online where the email notification for a DLP match was sent to the last modified user instead of the owner of the file.
417089API Data ProtectionFixed in issue in API Data Protection for Microsoft Office 365 Teams where a DLP incident was generated for a user who had left the organization.
This incorrect user mapping of DLP incidents in Microsoft 365 Teams chat notifications has been fixed.
418122API Data ProtectionFixed an issue related to retroactive scan filters for Microsoft 365 SharePoint. This issue was observed when the site was created under a custom namespace such as /teams/. For example:



424879API Data ProtectionFixed an issue with downloading quarantined files in Microsoft 365 SharePoint Online using REST API v1.
416137Behavior AnalyticsIn UEBA sequence policies, the list of users added as included or excluded in the policy criteria can be intermittently ignored leading to incorrect alerts. As a part of this fix, we have added appropriate control mechanisms to always honor the list of users configured in the policy.
426763CASB Real-time ProtectionFixed an issue with block action failure for Microsoft Live Login Successful activity.
The fix is available as part of the 113.0.5 DD release.
396225CASB Real-time ProtectionAn existing behaviour since R109 is that, whenever there was a block policy on ‘Upload’/’Rename’, Netskope blocked the first attempt and allowed the file to be uploaded/renamed on successive retry attempts by the Sync app. This change was done to avoid repetitive “activity alerts” and “user alerts” for block events that were caused by the successive retries (every 10-40 secs) done by the Microsoft ODFB Sync app.

From this release, the below options are available:

  1. Option 1 (Default): With this option, “Upload” and “Rename” block policies for OneDrive (Sync app), will strictly block first-time as well as successive retries by the Sync app. End-users will receive one alert for the block and admins would see one application event for the same activity. Successive retry attempts done by OneDrive Sync app in the background would also be blocked and no user/app events would be generated for the same.
    This ensures sensitive content is blocked from being uploaded/renamed via the OneDrive Sync app. However, as a result of this ‘strict-blocking’, there is a possibility of the end user’s OneDrive application crash as it continuously re-tries to sync content. This application crash could be avoided if the end-user removes the file/content which is violating the Netskope real-time policy.
    To help communicate the impact to end-users and prevent application crash, administrators are advised to provide an intuitive user notification pop-up that clearly indicates the violating “filename” and educates the end-users to remove the same.

  2. Option 2: With this option, “Upload” and “Rename” “Block” polices for OneDrive (Sync app), blocks the activity for the first time and triggers an alert in SkopeIT. The contents are allowed to go through on subsequent retires by the OneDrive Sync app. If this behaviour is needed, please reach out to Netskope support to have this feature-flag turned ON.

Timeline for Changes: The above changes will be live from 1st May, 2024.
402561CASB Real-time ProtectionAdded coverage for below activities:
  • Create Page

  • Delete Page

  • Restore Page

  • Upload File

  • Download File

  • Clone Page

Removed coverage for Rename page as it cannot be supported due to change in application traffic.
331399CASB Real-time ProtectionAppdetect was not handling “bypass” policy action in response direction. This resulted in streaming-data being held by NSProxy, even though response header policy with bypass action is configured.
Fixed this issue by adding the required workflow to handle “bypass” policy action in response side.


This has to be enabled per tenant. Contact your Netskope sales representative or Netskope support team to enable this for your tenant.

419291Classic ReportsFixed an issue when the report description was incorrectly transformed into an unsupported widget type, causing report downloads to fail.
402222Data ProtectionFile name for Original files downloaded from DLP incidents are derived from Object name given to DLP scan request. Object name is used as-is by replacing special characters are not allowed in common file systems. In previous releases, Object name was treated as file system path, this caused truncation of file names in some situations where `/` is used as part of the file name and not as a path separator.
397197Data ProtectionFixed an issue where FileFilter used in conjunction with advanced profile conditions can produce incorrect DLP results.
432993Endpoint DLP (EPDLP)Fixed a compatibility issue between Endpoint DLP Printer Content Control and Crowdstrike on Windows. This issue previously could prevent certain applications, like Update.exe (part of Microsoft Teams) and Keepass.exe, from starting correctly.
433204Endpoint DLP (EPDLP)On macOS, when files were copied to USB storage devices, users saw the progress dialog telling them that their file was being examined – even if there was no content control policy being enforced. This is fixed. Now the dialog should only be seen if content control policies are being enforced.
426172Endpoint DLP (EPDLP)Previously, in the rare scenarios when a DLP content scan times out, it was categorized as a Network Error, and the agent would go into offline mode for 15 minutes. Now, scanning timeouts are treated as errors and will not cause the agent to go into offline mode.
425846Netskope Public Cloud SecurityFixed an issue where granting access to an IaaS Azure instance with forensics selected was mandating a Reader role to be assigned to the App Registration.
414276Netskope Secure Web Gateway (NG SWG)Fixed a bug where spurious alerts could be generated after a content scan failure. When the TSS or DLP scan failure action is set to alert, an alert is generated with details of the scan failure.

An example of a scan failure is a file that is too large to scan. These alerts were being properly generated but there could be additional alerts generated for subsequent files sent on the same TCP connection, even if there was no scan failure or profile match for those files. These spurious alerts would have no policy name and no indication of scan failure.
416174Netskope Secure Web Gateway (NG SWG)Adobe app sends metadata about file, along with actual file during Upload activity. This metadata was processed as separate file and subjected to DLP check.
With the fix, this metadata will be skipped and unwanted events will not be generated.
426764Netskope Secure Web Gateway (NG SWG)Added connection close header when closing non-persistent connections that were used to address an issue seen with Apple AppProxy on Mac NSClient during multipart uploads to S3.
330738Netskope Secure Web Gateway (NG SWG)Fixed an issue with trailer header handling in HTTP2 that caused the end stream flag to be incorrectly set on header frame when the content is held for inspection by proxy.
403389Netskope Secure Web Gateway (NG SWG)Fixed a bug with group based policy matching when a tenant has both an organizational unit (OU) and a group that have the same name and both are used in policies. If a tenant was configured with policies that included an OU and a group of the same name then group based policies might not match as expected or might fail to match. Note that the group and OU would have to appear in the same policy rule to trigger this issue. Group and OU based policies using any group or OU (not just the ones with the same name) were also affected. With this fix, groups and OUs with the same name are supported.
233625Netskope Secure Web Gateway (NG SWG)Fixed an issue in certain combined use scenarios (for example, NSClient with IPS enabled or RBI use case), transaction event records incorrect information, leading to a mismatch between cs-uri-scheme and x-cs-sni information.
409232Netskope Secure Web Gateway (NG SWG)Updated the correct cs-host value while domain fronting event was logged in transaction event.
417308Netskope Secure Web Gateway (NG SWG)Fixed an issue by improving the payload mechanism to allow files smaller or less than 7MB, a warning message is displayed for files larger than 7MB.
414123Netskope Secure Web Gateway (NG SWG)Fixed an issue by adding validation to create policy and API’s to validate excludedUserGroupObjects and userGroupObjects against non empty name and id.
421398Netskope Private Access (NPA)Private application host names can now be defined using multiple hyphens.
414964Netskope Private Access (NPA)An issue with Private Access client re-enrollment when UPN of the user changes has been resolved.
414782Platform ServicesFixed an issue when the ‘deleteADDisabled’ feature is enabled and any request using the `/adsync` API is not deleting the user. As a result the user is visible in the UI.
355417Real-Time PolicyUser Alert action is no longer supported for the following real-time policy combinations:
  • Policies where the category begins with “Security Risk” and no profile is selected.

  • Category based policies with threat profile.

Action is determined by the selected categories and their respective activities. Therefore, existing policies with Security Risk as a chosen category and User Alert as an action will default to Alert upon policy edit.
As a best practice we recommend policies for Security Risk categories should be kept separate from other categories, and the block action is reccomended.
14897Remote Browser Isolation (RBI)Fixed an issue with Gmail when opening an attachment in Google Docs that leveraged about:blank pages before connecting to the URL. With this fix, Gmail attachments are opened correctly in Google docs.
17986,18593,17514,18724,16203,18593Remote Browser Isolation (RBI)Fixed a Google SSO login race condition that hindered the behaviour of the different browsing mechanisms used by login to perform SSO correctly. With this fix, Google SSO login is supported in all apps.
20397Remote Browser Isolation (RBI)Fixed an issue on file extensions missing for some intermediate files on RBI file uploads which is required by some cloud apps to work, causing file uploads to not work.
429064Traffic SteeringFixed a bug that caused the Netskope Client app to stop sending out Client status messages to “addonman” host when the Digital Experience Management(DEM) Client Status is enabled and no tenant ID is provided during the Netskope Client provisioning.
425429Traffic SteeringFixed an issue that prevented Netskope client from blackholing the device(loss of network access) due to intermittent ERROR_OPERATION_ABORTED(995) error.
432691, 428536Traffic SteeringEarlier the old uid device entry was cleared. This is now fixed by adding a condition to prevent a rare case where the device gets deleted due to same `nsdeviceuid` and `old_nsdeviceuid` values.
422599Traffic SteeringWhen connected to an open network, you need to connect over a VPN to your corporate network for access and hence GRE is used for steering. Netskope Client disables itself after detecting other steering methods. Fail close gets activated after configuration update and the traffic is dropped even if other steering method is present. This issue is now fixed.
401367Traffic SteeringFixed an issue where default exceptions of the Steering Configurations regenerated after the configurations are modified but not the traffic type.
433333Traffic SteeringFixed an issue where the Netskope Client auto-upgrade failed when “Protect Client configuration and resources” is enabled while using version 113.0.0.
422894, 419284Tunnel SteeringMark the IPSec/GRE tunnel as down if the data plane PoP (selected for the tunnel) is going through auto-failout (AFO) or manual-failout (MFO).
Share this Doc

Fixed Issues In Release 114.0.0

Or copy link

In this topic ...