Monthly Release Notes - April 2025

Jump to:

Agari Alert Logic Automate Beyond Security
Boldon James Bytware CCSS Clearswift
Cobalt Strike Core Security Digital Defense Digital Guardian
Document Management FileCatalyst Fortra Fortra Application Hub
Fortra VM Globalscape GoAnywhere Halcyon
IBM Partnership Insite InterMapper JAMS
Outflank Security Tooling Powertech Robot Safestone
Sequel Showcase Tango/04 TeamQuest  
Terranova Security Titus Vera

 

Core Security

Core Impact

Version: 21.7

April 7, 2025

New Features
  • Agent Transformations: Added the ability to configure hooks in the agent generation process allowing payload customization like signing the implant or processing it with an obfuscator. This feature gives the operator the ability to code the callback they want to run.
  • Added the ability to configure email headers in Client-side Phishing attacks.

  • Upgraded the following Run module parameters dialogs: New Host, New Scenario, New Identitie(s), and Exposure Finder.

Enhancements
  • Bloodhound integration is now supported through their native API.

  • Added the ability to select the ODBC driver when using ODBC-based Identity Verifiers.

  • Added the ability to run Install Agent using SSH on Windows targets.

  • Internet Connection options have been moved from the Network Category to the Software Updates category for an improved user experience.

  • The included version of SQLServer has been updated from 2014 to 2022.

  • Dependencies update: impacket, npcap.

Fixes
  • Fixed a Vulnerability Scanner Validation issue that would occur when importing a TenableSC scan while using a password that contained "&".
  • Fixed an issue where Fortra VM integration was failing when running from a pivoted Linux agent.

  • The WebServer Service now correctly reports if it fails during initialization.

  • Fixed an issue where a race condition would occur during the WebServer Service's initialization when detecting an open port to configure the server on.

  • NetNTLM Identities are now correctly shown in hosts' Quick Information panel.

  • NTLMConnection entities are now correctly shown in MapView.

  • Fixed an issue where modified modules and libraries were not being overwritten when upgrading Core Impact to a new version.

  • Fixed an issue with running the following commands from the Powershell Shell: #import-url and #import-file.

Back to Top

 

Digital Guardian

Agent for Windows

Version: 9.1.0

April, 2025

Fixes

  • An issue occurred where configurations that did not capture USER_ADE_PASTE events were showing partial ADE PASTE data in the forensic report, with the file details row missing. This has been resolved, and the ADE PASTE forensic report now includes both the file details and buffer details rows. If an alert was configured in the rule, it will appear in the file details row, maintaining consistency with behavior in version 7.9.1 and earlier.

  • An issue was encountered in Chrome and Edge, where the agent incorrectly detected any text entered in the address bar (without pressing Enter) as the destination URL during ADE paste events. This caused the event to report the incorrect URL, leading to improper rule activation. This issue has now been resolved, ensuring the agent ignores any unapplied text in the address bar and accurately detects the actual URL. As a result, the rule triggers correctly when a user attempts an ADE paste into an unapproved site.

  • An issue in DG Agent 9.0 and earlier required the ARC server’s FQDN to be resolvable from the Agent endpoint, even when a proxy was used, causing problems in restricted DNS environments. This issue is now resolved. A new configuration parameter, proxyGRPCResolver, now allows hostname resolution to be deferred to the proxy when set to "passthrough", removing the need for local resolution.

  • Microsoft Outlook crashes when dragging and dropping an email with a long subject (around 254 characters) into a subfolder when using DG Agent 8.1, The issue has been resolved.

  • The issue related to browser crashes due to duplicate handles and missing null checks has been resolved.

  • A connection timeout issue was encountered with Zoom meetings when a Windows 10 system wakes from sleep, resulting in delays of up to 5 minutes and an "unknown error" message. This issue has been resolved. Now the default settings has been changed to the following:

    <wipConnectionCheckV4Enable>0</wipConnectionCheckV4Enable>

    <wipConnectionCheckV6Enable>1</wipConnectionCheckV4Enable>

    Refer to Digital Guardian 8.7 Management Console Users Guide for more details.

  • An issue was encountered in Windows Agent 8.0 where it failed to block CD writes when using DG control rule. This issue is now resolved.

  • The issue of differentiating between the new Microsoft Outlook Add-in and an external server has been resolved. A local loopback address check was added to ensure proper distinction.

  • The issue related to skipping RTC requests/responses for meet.google.com has been resolved. A new Lua script was added to manage this behavior, along with handling responses in DGWIP. To apply the fix, update to the latest DG WIP Script Pack Resource File proxy script. Refer to the Digital Guardian 8.7 Installation and Upgrade Guide for more details.

  • The issue where the Agent failed to send the correct machine type string for Windows 11 to the server has been resolved. This issue specifically affected Windows 11 machines that were upgraded from a previous version, such as Windows 10.

Version: 7.9.3.0034

April, 2025

Fixes

  • Resolved an issue where NetOp control rules were not applied when traffic was routed through internal proxies such as Zscaler or Prisma Endpoint (Prisma EP) using explicit proxy configurations. As a result, all traffic was redirected to internal IP addresses, causing NetOp rules to be skipped leading to uninspected data egress. This issue has now been resolved.

    The fix introduces a configuration key, a list of internal ports using the configuration key <InternalPortListForNetop>, ensuring NetOp rules are correctly applied for specified ports.

    Example Configuration: <InternalPortListForNetop>9000,8888-8900,12000-12500,8888</InternalPortListForNetop>

    The value of <InternalPortListForNetop> must be a comma-separated list and can include a single port (e.g., 9000), a range of ports (e.g., 8888-8900), or a combination of both. A maximum of 10 entries can be configured and any entries beyond the first 10 will be ignored. Additionally, if the list contains invalid characters or formatting errors, the entire value will be treated as empty.

Back to Top

 

Fortra

Endpoint Manager

April 21, 2025
Enhancements

  • Updated details drawer action buttons, removing Save option.

Fixes

  • Resolved security vulnerabilities and minor bug fixes.

Fortra platform

April 10, 2025
Enhancements

  • Account selector no longer appears on Add/Edit Roles page if the current tenant has no child tenants.

Fixes

  • Fixed issue with blank banner appearing if banner message is deleted.

  • Resolved security vulnerabilities and minor bug fixes.

Back to Top

 

IBM Partnerhsip

IBM Power HA SystemMirror for IBM i

Version 7.6 HA 6.0.3 PTF SJ05111 (plus language PTFs)
Included in PTF Group SF99686 760 High Availability for IBM i - level 1

April, 2025

New Features

  • Enhanced integration with IBM Powr Virtual Server including:

  • Volume (LUN-Level) Switching enabling high availability within a Power Virtual Server Workspace.

  • Independent ASP (IASP) FlashCopy support, including automation capabilities similar to those currently available with FlashCopy for Spectrum Virtualize (SVC) and FlashSystems environments.

Enhancements

  • Simplified configuration of Global Replication Services with new Configure Power Virtual Server Mirror (CFGPVSMIR) command.

  • Added support for volume IDs up to 9999 for SVC copy descriptions.

Fixes

  • Improved integrated recovery in DS8000 LUN-Level switch environments by enabling improved automated recovery via the Change Cluster Resource Group (CHGCRG) command.

  • Resolved an issue where the F7 position to function key may not appear on the Work with Monitored Resources (WRKCADMRE) screen after returning from the display details or display attributes screens.

  • Improved Configure Geographic Mirroring (CFGGEOMIR) to support automated naming in environments with multiple cluster resource groups. Previously, using automated naming with CFGGEOMIR in environments with multiple cluster resource groups would fail with errors, requiring additional manual steps.

  • Improved diagnostic messages when unable to reach IBM Cloud Services in Power Virtual Server environments. Previously, messages ‘HAE2057 - An error has been returned by the storage subsystem’ and ‘CPE3401 - permission denied could occur in this environments’.

  • Resolved an issue where PowerHA operations could fail with messages CPF9D8D, or CPE3452 on various IFS files appearing in either the user joblog or QHASVR joblog.

  • Corrected the SQL query displayed on the PowerHA web interface when filtering monitored resources by global status. Previously, the displayed SQL query was incorrect and would fail if run manually.

  • Reduced the number and size of PowerHA web interface log files to be kept for a maximum of 30 days.

  • Resolved an issue where Change CRG Primary (CHGCRGPRI) could fail in SVC HyperSwap with LUN-Level switching environments with error 'HAE2057- An error has been returned by the storage subsystem' containing the following message in the second level text: 'CMMVC5804E - The action failed because an object that was specified in the command does not exist.'

  • Resolved an issue where message CPF24B4 could be sent to the joblog when ending a CRG container.

NOTE: PTF updates require one or more associated language PTFs. To determine if additional languages you have installed in your environment require a requisite MRI PTF, consult the table of language PTFs in the release cover letter for SJ05111.
Version 7.4 HA 5.7.3 PTF SJ05052 (plus language PTFs)
Included in PTF Group SF99676 760 High Availability for IBM i - level 10

April, 2025

New Features

  • Enhanced integration with IBM Powr Virtual Server including:

  • Volume (LUN-Level) Switching enabling high availability within a Power Virtual Server Workspace.

  • Independent ASP (IASP) FlashCopy support, including automation capabilities similar to those currently available with FlashCopy for Spectrum Virtualize (SVC) and FlashSystems environments.

Enhancements

  • Simplified configuration of Global Replication Services with new Configure Power Virtual Server Mirror (CFGPVSMIR) command.

  • Added support for volume IDs up to 9999 for SVC copy descriptions.

Fixes

  • Improved integrated recovery in DS8000 LUN-Level switch environments by enabling improved automated recovery via the Change Cluster Resource Group (CHGCRG) command.

  • Resolved an issue where the F7 position to function key may not appear on the Work with Monitored Resources (WRKCADMRE) screen after returning from the display details or display attributes screens.

  • Improved Configure Geographic Mirroring (CFGGEOMIR) to support automated naming in environments with multiple cluster resource groups. Previously, using automated naming with CFGGEOMIR in environments with multiple cluster resource groups would fail with errors, requiring additional manual steps.

  • Improved diagnostic messages when unable to reach IBM Cloud Services in Power Virtual Server environments. Previously, messages ‘HAE2057 - An error has been returned by the storage subsystem’ and ‘CPE3401 - permission denied could occur in this environments’.

  • Resolved an issue where PowerHA operations could fail with messages CPF9D8D, or CPE3452 on various IFS files appearing in either the user joblog or QHASVR joblog.

  • Corrected the SQL query displayed on the PowerHA web interface when filtering monitored resources by global status. Previously, the displayed SQL query was incorrect and would fail if run manually.

  • Reduced the number and size of PowerHA web interface log files to be kept for a maximum of 30 days.

  • Resolved an issue where Change CRG Primary (CHGCRGPRI) could fail in SVC HyperSwap with LUN-Level switching environments with error 'HAE2057- An error has been returned by the storage subsystem' containing the following message in the second level text: 'CMMVC5804E - The action failed because an object that was specified in the command does not exist.'

  • Resolved an issue where message CPF24B4 could be sent to the joblog when ending a CRG container.

NOTE: PTF updates require one or more associated language PTFs. To determine if additional languages you have installed in your environment require a requisite MRI PTF, consult the table of language PTFs in the release cover letter for SJ05052.
Version 7.4 HA 4.13.3 PTF SJ05104 (plus language PTFs)
Included in PTF Group SF99666 760 High Availability for IBM i - level 20

April, 2025

New Features

  • Enhanced integration with IBM Powr Virtual Server including:

  • Volume (LUN-Level) Switching enabling high availability within a Power Virtual Server Workspace.

  • Independent ASP (IASP) FlashCopy support, including automation capabilities similar to those currently available with FlashCopy for Spectrum Virtualize (SVC) and FlashSystems environments.

Enhancements

  • Simplified configuration of Global Replication Services with new Configure Power Virtual Server Mirror (CFGPVSMIR) command.

  • Added support for volume IDs up to 9999 for SVC copy descriptions.

Fixes

  • Improved integrated recovery in DS8000 LUN-Level switch environments by enabling improved automated recovery via the Change Cluster Resource Group (CHGCRG) command.

  • Resolved an issue where the F7 position to function key may not appear on the Work with Monitored Resources (WRKCADMRE) screen after returning from the display details or display attributes screens.

  • Improved Configure Geographic Mirroring (CFGGEOMIR) to support automated naming in environments with multiple cluster resource groups. Previously, using automated naming with CFGGEOMIR in environments with multiple cluster resource groups would fail with errors, requiring additional manual steps.

  • Improved diagnostic messages when unable to reach IBM Cloud Services in Power Virtual Server environments. Previously, messages ‘HAE2057 - An error has been returned by the storage subsystem’ and ‘CPE3401 - permission denied could occur in this environments’.

  • Resolved an issue where PowerHA operations could fail with messages CPF9D8D, or CPE3452 on various IFS files appearing in either the user joblog or QHASVR joblog.

  • Corrected the SQL query displayed on the PowerHA web interface when filtering monitored resources by global status. Previously, the displayed SQL query was incorrect and would fail if run manually.

  • Reduced the number and size of PowerHA web interface log files to be kept for a maximum of 30 days.

  • Resolved an issue where Change CRG Primary (CHGCRGPRI) could fail in SVC HyperSwap with LUN-Level switching environments with error 'HAE2057- An error has been returned by the storage subsystem' containing the following message in the second level text: 'CMMVC5804E - The action failed because an object that was specified in the command does not exist.'

  • Resolved an issue where message CPF24B4 could be sent to the joblog when ending a CRG container.

NOTE: PTF updates require one or more associated language PTFs. To determine if additional languages you have installed in your environment require a requisite MRI PTF, consult the table of language PTFs in the release cover letter for SJ05104.

Back to Top

 

Robot

Robot HA

Version 13.09

April 22, 2025

NOTE: If you are using DDM, after updating Robot HA from 13.08 or before to the latest version on both systems, you must run RHACHGDDM to reconfigure DDM. This is needed due to the switch to use RBTADMIN instead of QSECOFR.
New Features

  • Robot HA now supports IBM i 7.6.

  • Added support for synchronizing new MFA-related user profile fields at IBM i 7.6 including authentication methods and user TOTP key. This enables users to sign in on backup systems with the same MFA configuration that was configured on the source.

Enhancements:

  • Changed Robot HA to swap to RBTADMIN instead of QSECOFR for improved auditing and in support for MFA changes for IBM i 7.6.

Fixes

  • Improved error message during a product update when the license code is invalid.

  • Fixed issue where synchronizing certain user profiles failed with RSF9896.

  • Improved the handling of system values to decrease the number of errors received.

  • Fixed issue where Robot HA encountered CPF22E6 indicating the maximum number of profile handles have been generated.

  • Improved performance of deleting records that contained a BLOB object. Previously, if the file was not already opened and contained a blob object the delete would fail resulting in a refresh of the file.

Back to Top

 

Terranova Security

Version: 1.113

April 16, 2025

Enhancements

  • The phishing simulation now includes a new feature called Stop and Complete. Earlier, the Stop option (now renamed to Stop and Cancel) would cancel the simulation, and the collected data would not be saved. With the new Stop and Complete option, the simulation ends, but the data collected until that point is saved and displayed.

  • The pop-up message displayed when a user clicks the 'Stop and Cancel' or 'Stop and Complete' buttons in a phishing simulation has been updated to reflect the accurate behavior of these features.

  • The course completion widget has been updated with a new option to include or exclude inactive users from the data displayed.

  • The platform web app was earlier integrated with Azure AD for SSO only. Now, SCIM support has been added as well, simplifying the setup process for clients.

Fixes

  • There was an issue where the “Phishing Template Overview” section failed to load and returned an error when configured with specific time zones. This issue has been fixed.

  • There was an issue with the "Edit Global CSS/JavaScript" feature on phishing simulation landing and feedback pages. Users without the required permissions could not see the JavaScript section, but clicking Save would still erase its content. This issue has been fixed, only users with the proper permissions can view or edit it.

  • There was an issue with the New User Flag Duration feature where users remained marked as "New User" even after the set number of days had passed. As a result, they continued to be available in the New User filter. This issue has been fixed.

  • Whenever a user tries to add an IP address to the exclusion list using the Add button, the IP is not added and returns an error. This issue has been fixed.

  • There was an issue with the saved reports where specific columns were misplaced when downloaded in Excel format, while they appeared in the correct place when viewed on the platform. This issue has now been fixed.

  • The course completion widget was displaying incorrect data by including inactive users by default, which was not supposed to happen. This issue has been fixed.

  • There was an issue where the PDF data exported from the phishing simulation widgets' Web Browser and Operating System did not match and were inconsistent. This issue has been fixed.

  • The contents in the catalog, when filtered by language, were displaying items that were not available in the selected language. This issue has been fixed.

  • The Total Education Time column in the Simulation Results and Simulation Results - Events Log reports was showing different values, whereas they should be consistent. This issue has been fixed.

  • The emails scheduled using the later or recurring option were sent multiple times instead of being sent only once at the scheduled time. This issue has been fixed.

  • When the Manager Escalation - Phishing Simulation email was selected using the Add Email feature, a 500 error message was returned. This issue has been fixed.

Version: 1.112.2

April 01, 2025

Fixes

  • There was an issue with the Simulation Results widget where users were marked as passed if they reported the simulation first but later performed a failed action (clicking a link, filling out a form, or opening an attachment). They should have been marked as failed instead. This issue has been fixed.

Back to Top

 

Titus

DCS for Data at Rest (DaR)

Version 6.0

April 4, 2025

IMPORTANT:

This release of DCS for DaR only supports TCPG Configuration files that are published in DCS

Policy Manager (Cloud). For more information on how to import and export Configuration files and

author new Configurations, see the DCS Policy Manager (Cloud) documentation.

 

If you are still using the DCS Administration Console with DCS for Windows, you must install DCS

for DaR 5.0 or an earlier version.

New Features

  • You must use DCS Policy Manager (Cloud) to create Configurations for each DCS for DaR scanner.

  • Added support for new actions in DCS Policy Manager (Cloud):

    • Add SharePoint managed metadata

    • Apply date offset

Enhancements

  • Confirmed support for SharePoint Server Subscription Edition.

Fixes

  • Fixed issue where DCS for DaR was unable to classify files in SharePoint Online folders that included the percentage symbol (%) in the folder name.

  • Fixed token access issue for SharePoint Server Subscription Edition.

  • Fixed issue that led to this error: “Object reference not set to an instance of an object on server. The object is associated with property Author.”

Considerations

  • DCS for DaR 6.0 cannot support the following features because they are not supported in the DCS Policy Manager (Cloud) 2025.01 release:

    • Custom Actions

    • Smart Regex Dynamic Property

    • Vera integration

  • For copy and move actions for SharePoint, DCS for DaR 6.0 requires a full path for the "Destination" parameter. Relative paths were allowed in previous releases, but this is unreliable. Confirm you are providing the full path if you configured these actions for SharePoint scans. You can find the full path in the "Details" of a SharePoint folder or file.

Version 2025.04

April 25, 2025

New Features

  • DCS One now uses Microsoft’s Nested App Authentication (NAA) to enable single sign-on (SSO) authentication for applications such as Outlook. This update is in response to Microsoft turning off legacy Exchange Online tokens and ensures the DCS web add-in will work as expected.

  • Added support for applying data classification labels to custom document properties in Microsoft PowerPoint Online. In previous releases, DCS One could only read and write metadata in the custom document properties of Word Online and Excel Online.

Back to Top