This release contains the following component versions:
Windows Agent 26.8.3
Mac Agent 26.12
Web 26.14.3
BI 26.14
Server 26.13
You can read the release blog post here.
New Features
Support for WhatsApp Desktop Now Available
Category: Windows Agent (Monitoring / Behavior Rules)
We have expanded our IM monitoring and behavior rules to include the WhatsApp Desktop app. This update extends visibility beyond the browser, complementing our existing WhatsApp Web coverage to provide deeper oversight into employee communications and enforce automated rules, such as detecting insider risks or preventing data exfiltration.
New Installation Parameter for Clipboard Monitor
Category: Windows Agent
The Windows Stealth Agent installer now supports a TMCLIPMONEXE parameter that lets you set a custom name for the clipboard monitor service (replacing the default “clm.exe”). This makes it easier to obfuscate the process name according to your own preferences.
How to Use the Feature
To set a custom name, include the TMCLIPMONEXE parameter in your installation command:
Syntax:
TMCLIPMONEXE=<custom-name.exe>
Example:
msiexec /i teramind_agent_v24.13.2412_x64.msi TMINSTANCE=test TMCLIPMONEXE=my-name.exe
Flexible Mapping for Imported LDAP Attributes
Category: Web (Integration)
We've enhanced the AD/LDAP integration with a new MAP IMPORTED ATTRIBUTES option. You now have granular control to map each imported AD attribute to either a core Teramind employee field (like Department, Position, Email, Phone, etc.) or retain it as a “Custom field” under the employee’s LDAP attributes section and use in BI report filters.
These persistent mappings are automatically reused on every sync, ensuring employee profile fields remain accurately aligned with your directory and preventing unwanted data overwrites.
For more details, please refer to the Settings > Active Directory section of the Teramind User Guide.
[Mac] Support for Monitoring AI Mode in Google Search
Category: Mac Agent (Monitoring)
We have added support for tracking the AI Mode feature within Google Search. All chat interactions and file uploads are tracked and can be viewed on the LLM BI Report, providing visibility into AI tool usage for compliance and productivity tracking.
How to Use the Feature
1. Add the “GoogleAI Web” option under the LLM monitoring setting.
2. You will be able to view the AI Mode interactions under BI Reports > LLM.
[Mac] Support for ChatGPT Web Monitoring
Category: Mac Agent (Monitoring)
Mac Agent now supports monitoring of ChatGPT Web sessions. This feature tracks all user prompts and the corresponding AI-generated outputs, with data visible in the LLM BI report:
Known Limitations
Monitoring is currently limited to ChatGPT Web only.
Attachment (file uploads) capture is not yet supported but is planned for a future release.
Resources
For more information, please refer to the BI Reports > LLM section of the User Guide.
[Mac] Support Google Drive Web Upload Monitoring
Category: Mac Agent (Monitoring)
The Mac Agent now tracks file uploads to Google Drive across all major browsers, including Safari, Chrome, Firefox, Opera, Brave, and Edge. This provides comprehensive visibility into cloud file transfers, helping organizations monitor data movement and prevent data leaks. You can track these uploads in reports like BI Reports > Web File Events.
[Mac] Support for Google Drive Web Uploads in Files Rules
Category: Mac Agent (Behavior Rules)
You can now create Files Activity rules to detect file uploads made to Google Drive via web browsers. You can use relevant criteria such as File Operation (Upload), Upload URL, Upload File Name, etc. This allows you to enforce policies, trigger alerts, or take automated actions when files are uploaded to this popular cloud repository, enhancing data security and compliance.
[Mac] Support for Screen Recording During Rule Violations Only
Category: Mac Agent (Monitoring, Behavior Rules)
We've enabled support for capturing screen recordings only when a behavior rule is violated. This targeted approach provides several key benefits, including reduced storage needs by avoiding continuous, unnecessary recordings and optimized performance for your system. Additionally, this method enhances user privacy and ensures cleaner evidence by capturing only clear, relevant proof of policy violations without the filler of routine daily activity.
How to Use the Feature
Turn on the RECORD ONLY WHEN BEHAVIOR RULE WAS VIOLATED option in the Screen monitoring settings and then use the RECORD VIDEO rule action with any supported rule to automatically capture a video clip of a rule violation incident. You can specify how many minutes before and after the incident the recording should be.
Resources
For more information check out the documentation for SCREEN monitoring settings and the RECORD VIDEO rule action.
[Mac] Support for Shared Lists in Emails Rules
Category: Mac Agent (Behavior Rules)
Emails Activity rules on Mac now fully support Shared Lists in the To, CC, and From fields. Relevant conditions and logic, such as “Matches list”, “Equals list”, and “Except” are supported. This update allows you to quickly apply rules to multiple email recipients or senders and reuse the same list across different rules without manual duplication.
Known Limitation
Only Gmail (web) and Outlook (web) are supported at this time.
[Mac] Support for Palo Alto GlobalProtect VPN
Category: Mac Agent
We’ve improved the Mac Agent to better support environments that use Palo Alto Networks GlobalProtect VPN for all network access to perform SSL inspection / certificate injection on web traffic. The Agent now includes three configuration parameters that can be used to keep network monitoring working correctly when traffic is forced through the VPN.
How to Use This Feature
Add the following parameters to your
agent.conffile:g-protect-workaround=<1/0>
network-monitored-ports=<port 1>, <port 2>...,<port N>
network-exclude-domains=<domain 1>, <domain 2>...,<domain N>g-protect-workaround:
1= enables GlobalProtect support,0= disables it.network-monitored-ports (Optional): Comma-separated list of ports to monitor (default HTTP/HTTPS). For example,
80, 8080, 443.network-exclude-domains (Optional): Comma-separated list of domains (e.g.,
login.vpn.com, service.ringcentral.com) that should not be intercepted by Teramind’s certificate effectively bypassing the SSL inspection. Adjust this value based on the list of domains from your GlobalProtect configuration or your internal IT/security requirements.
Activate the Teramind Network Extension or reboot the Mac. The Mac Agent should now operate correctly in VPN-enforced environments.
Resources
Check out this article to learn how to activate macOS permissions.
Check out the Agent Installation/Configuration Parameters (Mac) section of the Agent installation article to learn about Agent configuration parameters.
Improvements
Improved Context for Locked Sessions in the Behavior Alerts Report
Category: Windows Agent / Web (Behavior Alerts)
Behavior alert rule description now provides clearer context for rule violations that occur during a locked session. Alerts triggered while a user's device is locked will now be marked with a “(Locked Session)” label.
This enhancement provides analysts with immediate context, enabling faster triage, more accurate risk assessment, and clearer explanations during reviews and audits. It also helps distinguish genuine user activity from background or system processes, improving the signal-to-noise ratio in alert investigations.
Session Recording URLs Added to the Behavior Alerts Report
Category: BI / Web (Behavior Alerts)
This update adds a Session Player Url column to the BI Reports > Behavior Alerts and a corresponding session_player_url field to the /tm-api/wip/tma-query API call response. The column/field links to the exact session playback around the time of the alert.
This means you no longer need to manually search for the right session or scrub through long recordings to find the relevant event. Another critical benefit is seamless integration with external tools, such as SIEM, SOAR, ITSM, or custom systems, where this URL can be surfaced alongside alert details so that you can open the corresponding session directly from those systems.
Streamlined OCR Search: Removal of Legacy “Fulltext” Option
Category: Web (Monitoring)
The legacy Fulltext search option has been removed from the Monitoring > OCR report. This change streamlines the search experience, prevents redundancy with other search capabilities, and ensures consistency with Teramind NextGen.
Why the Change? The "Fulltext" option often duplicated other search functions, could be inconsistent, and added complexity without significant value.
Alternative: You can continue to perform all necessary searches using the more predictable and flexible Contains and Regexp search modes already available in the OCR report.
Support for STIG Compliance in Edge and Chrome
Category: Windows Agent
We’ve introduced support for STIG environments on Edge and Chrome browsers. This is achieved by enhancing how the Agent handles requests to confirm that a certificate has not been revoked. The generated certificates now include all necessary revocation information, which ensures secure and smoother web accessibility while maintaining continuous web traffic monitoring in STIG-compliant environments.
[Mac] Support for Local CID Storage
Category: Mac Agent
The macOS Agent now stores the Computer ID (CID) locally at:
/usr/local/teramind/agent/db/computer_id
It also includes it in ping requests, bringing it to parity with Windows Agent behavior. This provides a reliable, static identifier for scripts and API calls, simplifying Agent health validation and check-in tracking.
Other Improvements & Updates
Windows Agent
Improved Reliability for Blazor-Based Websites: We addressed network handling issues affecting certain sites built with the Blazor framework. These websites should now load and function normally when the Agent is active.
Support for New WhatsApp Web Protocol: We have updated the Agent to adapt to recent WhatsApp web protocol changes, successfully restoring IM tracking visibility that was temporarily disrupted.
Support for New Teams Service Domains: We have updated support for the latest Microsoft Teams (Business) web service domains and APIs. This addresses a recent change on the Microsoft side that caused the Agent to miss some Teams web chat activity. This update restores continuous visibility into Teams conversations for monitoring and behavior rules.
Support for New ChatGPT File Upload API: We've updated our LLM parser to fully support the new ChatGPT file upload API. Previously, non-ZIP files and videos uploaded were not being captured on the LLM dashboard. This update ensures all supported file uploads are now correctly captured and reported, working seamlessly with both old and new ChatGPT URL formats.
Improved Agent Auto-Restart Behavior: We've resolved a rare issue that could cause the login window to become unresponsive following an automatic Agent restart after an update; specifically when a network issue was present. The login UI now correctly recovers and remains fully usable after an auto-restart, ensuring a smoother experience.
More Reliable Offline Video Upload: We've addressed an issue that prevented the Agent from uploading offline videos following a configuration error. The Agent now skips problematic files and continues uploading the rest of the recordings.
Web
Improved Schedule Rule Creation: We’ve resolved an issue where creating an Agent Schedule rule with Login criteria for all days selected was not possible. Selecting all days now correctly indicates that the criteria "does not apply".
Accurate Session/Work Time Reporting: Session and work time in reports now accurately account for login information and overlapping session, providing more precise time tracking.
Recording Unavailable Message: The Session Player now accurately displays a “Can’t load video” message when screen recording is disabled, replacing the incorrect message regarding retention periods.
Hardened Security & Stability: Security has been hardened, alongside further stability and performance improvements across the platform to enhance reliability and user experience.
Real-time Behavior Rule Targeting: Behavior rules now refresh automatically and immediately when an employee's department is changed, eliminating the previous need to open and save the rule manually.
Reduced New Device Warning Emails: Device recognition accuracy has been improved to significantly reduce unnecessary “Sign-in detected from a new device” notifications, while critical security alerts for genuinely new devices remain in effect.
Security Enhancements: This release includes key improvements to account validation and other updated security measures to strengthen the protection of your Teramind environment.
BI
Improved Geo-coordinate Filters: Filtering by Geolocation > COORDINATES now works accurately and as expected, preventing previous failures or empty query results.
Improved Analytics Reliability: We've resolved an issue where certain BI reports and dashboards, particularly those using specific dimensions (like location, behavior alert tags, or file activity groupings), would occasionally fail to load or display an error. Your key analytics widgets now load reliably, ensuring continuous and accessible data when you need.
Faster and More Efficient Classification Resets: We have redesigned the process of reclassifying historical records. These operations are now performed more efficiently, consuming fewer system resources, which results in smoother and faster updates, especially in large environments. Overall, classifications have become more efficient for rules based on regular expressions.
Boosting Performance of BI Data Pipelines: Key underlying BI data pipelines for activity, communication, network, and behavior-rule analytics have been optimized. As a result, the (Extract, Transform, Load) process will be faster, especially in high-volume data environments.
Stronger Protection of Your Data: The underlying BI data engine has been enhanced to provide better protection for your data. While these improvements are entirely behind the scenes and don't change your product experience, they contribute to increased overall security and platform resilience.
Security and Stability Improvements: This release also includes important security fixes and enhancements to improve overall system stability and performance.