Digital Guardian Server

January 2024

Version: 8.6.1

Jan 15, 2024

New Features
Revised Protocol for installing WIP Configuration Files

With this release, you can no longer use the side-by-side installation process to install the WIP configuration files and ZIP archives on the Agent computer. You must unzip the archives and embed the resulting files in an MSI package to deliver and install the files on the Agent computer.

Added Four New Fields for Scanner Information

When you access the Agent Status page for a computer, the Scanner tab now has four new scanner-related fields:

  • Current Scan Info—provides information about an on-going scan.

  • Current Scan Error—provides any errors in the on-going scan.

  • Recent Scan Info—provides information about the most recent completed scan.

  • Recent Scan Error—provide any error from the most recent completed scan.

These are free-form text fields that can contain a variety of information. They are empty until a future Agent sends information for them.

Control Policy Exception Expiration

New optional automated exception expirations that is configurable for policy-wide exceptions. The exception still applies to either Users or Machines as before. Exceptions will be removed automatically when they reach their specified expiration date. This provides a new self-maintained method for managing exceptions. For more information, refer to “Policy Details Page — Policy Deployment Tab” in Digital Guardian Management Console User’s Guide. To support the new option, there is a new job that manages the expiration dates and expiring exceptions.

Added Job to Manage Licenses for Virtual Computers

Added a new job that manages Agent licenses for virtual computers. The job cleans up Agent licenses that are no longer in use so they can be re-used for other computers. For more information, refer to “Cleanup Agents Job” in Digital Guardian Management Console User’s Guide. The job is visible by default on the Job Schedule page in the DGMC.

Processing Improvements for Scheduled Policy Deployments

Incorporated operational processing improvements and optimizations for scheduled maintenance job. Overall, the enhancements increase the scalability and resiliency of DGMC. Improvements include:

  • Revised cleanup on inactive data

  • Revised cleanup method of active data

  • Revised index fragmentation minimizing contention

Fortra Branding of the DGMC

Updated the Digital Guardian Management Console (DGMC) user interface to reflect the Fortra branding theme.

Enhancements
Enhanced LDAP Sync Job Process

The LDAP Sync Job now syncs only active AD (Active Directory) users.

Fixes

  • Resolved a problem where the DGMC failed to load a dynamic group and the dynamic group sync job either ran for hours to finish or failed.

  • Resolved some problems that caused the artifact job and assembly to run long or to fail in a customer’s environment.

  • Resolved a problem in a customer’s enterprise where the Server was exporting only the policy shell for a classification policy. The rules in the policy were not exported as expected.

  • Resolved a problem where the customer could not remove a user from the policy-wide exceptions for a policy. The exception would appear to be removed but would after refreshing the browser window.

  • Resolved a problem where a customer could not remove a group from a policy assignment as a policy exception. The customer was able to remove other groups from the policy-wide exceptions; not this one.

  • Resolved a problem where the Data-at-Rest Inventory report does not show Policy, Rule or Pattern as expected.

  • Corrected a problem where the DGMC did not accept valid wildcard characters in the domain flags file—* and **.

  • Resolved a problem where a Group LDAP filter was not handling deleted groups from Active Directory properly.

  • Resolved a problem where the DGMC did not preserve group filter when the domain credentials are updated.

  • Resolved a problem where a DGMC user assigned to the sysadmin role could not revert rules if the user was added to federation in a user list.

  • Resolved a problem with policy deployment, when the LDAP sync is run against the Active Directory, and Windows Agents are reporting Azure User SID.

  • Resolved an issue where the LDAP filter would go blank in the user interface while running the LDAP sync job.

  • Enhanced the DGMC code to ignore users from Agent virtual domains "Font Driver Host" and "Windows Manager."

  • Revised the policy deployment procedure to overcome a limitation in SQL Server that causes delays in deployment.

  • Resolved an issue where an MSP customer had trouble updating their LDAP group filter. This was related to an AWS limitation with load balancing.

  • Resolved a problem where a customer’s single-sign on (SSO) process and IDP did not work to sign onto the DGMC after enabling ARC Azure Active Directory. Attempting to sign on returned a “Your request could not be completed” error.

  • Modified the Agent registration process to send the registration message for the Agent to the DGMC before sending the message to DGMC. This helps ensure the Agent appears in both consoles, keeping the computer information in the DGMC and in ARC in sync.

  • Resolved a problem with the DGMC login process in a customer’s enterprise.

  • Resolved an issue where, after restoring current DG databases to a new SQL server, the database upgrade utility failed with a credentials error—the credential does not exist or the role does not have permissions.

  • Resolved a problem in which Agents were not downloading pending tasks quickly enough, causing other Agents to be blocked getting updates.

  • Resolved a problem in a customer’s enterprise where Agents were sending duplicate registration requests causing the DGMC to regenerate the settings for Agents unnecessarily.

  • Resolved a problem with DG API operation. DG API now adds component list as Active. Only Feed items are set to Immortal.

  • Implemented a SQL Server job to update the statistics on all tables in the DG Collection database.

  • Resolved an issue in which, in a customer’s enterprise, DG Comm runs out of ports and times out.

  • Resolved an issue in which the DGMC does not maintain the Use Custom Group LDAP Filter selection after it is selected. Note that the group filter was selected in the database and the sync uses the group filter.

  • Resolved a problem where Agent computers were failing to register with magnetohydrodynamical is set to an empty GUID, causing time out errors.

  • Resolved an issue in which the customer’s scheduled policy download operations encountered 3-4 time out instances while downloading the policies.

  • Resolved an issue where overlapping policy deployments, in which one deployment does not complete before another one starts, caused multiple problems including slow DGMC response and DGMC login problems.

  • Resolved an issue that caused the schedule processor job to hang, resulting in policies not being deployed as expected. In addition, the hanging job blocked some other jobs, such as collection cleanup.

  • Resolved an issue where a customer’s user decision prompt, one of two, was not properly deploying to endpoints with the policies.

  • Resolved an issue where a cutomer’s IIS Windows Authentication prevented automatic reports notifications from working properly.

August 2023

Version: 8.6.0

Jul 25, 2023

New Features

  • Configuration Settings for MIP Labeling—The Server supports the following new Agent configuration settings, which can be applied when using the MIP labeling feature with DG Agent 7.9 and later for Windows—allowEgressOnFailedMIPLabeling and showAllRecommendedMIPLabel

  • Sample Matching for Content Inspection—When you use Adaptive Context Inspection on your Agents, you get information about where your rules found matches for your keywords in events. But you do not get information or details about the matches. Sample Match requires a Digital Guardian Server 8.6 or later DGMC and Agent for Windows version 7.9 or later.

  • Ability to Assign MIP Labels to DG Tags—DG provides the ability for the Agent to apply MIP labels to files that have DG tags. Perhaps DG tagged a file due to its context and you want the file to have MIP labels. Where DG can perform context tagging, MIP is unable to do that so it cannot provide MIP labels based on file context. Being able to apply MIP labels based on DG tags can help you apply MIP labeling to your classified files.

Fixes

  • The DGMC now updates the Agent state in the database only when the Agent state changes from the state reported previously. Also, increased the timeout periods for Agents sending various data to ARC.

  • Resolved delays in the policy deployment procedure that could lead to users not being able to log in to the DGMC after policy deployment.

  • Resolved a problem where blocking occurred when executing the SQL job to create alert tables.

  • Resolved an issue that caused missing prompts after a policy was deployed.

  • Resolved an issue where the Add to Group and Remove from Group display inaccurate lists of dynamic groups.

  • Resolved an issue at a customer where they encountered delays while exporting data from the DGMC.

  • Resolved an issue where the usersettings element in settings.xml was incorrectly formatted, causing repeated core dumps on Apple macOS computers. The repeated core dumps were filling up disk space.

  • Resolved an issue where the Schedule Processor job was failing after a policy deployment. This failure blocked Scheduled Policy deployment.

  • Resolved an issue where setting the Export Data permission to Read Only in a role allowed users assigned to the role to have read/write/delete access to Export Data. Users with the role could edit and delete existing reports when they should not have had that ability.

  • Resolved an issue where, after a customer changed the regional format in the DGMC, the Cleanup Agents job failed with an error that a string was not recognized as a valid Date and Time string.

  • Resolved an issue where upgrading the Server to version 8.5 from version 7.5 caused DGComm and Bundle Processor error messages.

  • Resolved an issue where the Extract, Transform and Load (ETL) job failed because the column that contained the configuration value was too small to contain the value.

  • Resolved a customer issue where the DGMC stopped responding when trying to display the Enterprise forensic report for a time period of one month or more. The first page displayed but the DGMC stops responding. Eventually the DGMC starts responding again.