Skip to main content
Windows Agent 23.41.1211 (2023-10-31)
A
Written by Arick Disilva
Updated over 10 months ago

New Features

New Monitoring Option to Exclude Processes from the File Driver

We have added a new option, EXCLUDE PROCESSES FROM FILE DRIVER on the Monitoring Settings > Monitoring Profile > Advanced panel:

This is an extension of the existing FILE DRIVER toggle feature. While the the toggle allowed you to completely disable the file driver for all processes, now you can enter specific processes to exclude. For example, winword.exe will exclude Microsoft Word from the file driver.

This could be helpful for troubleshooting purposes. Also, with this option, you can ignore processes you don't want to capture while still keeping the file transfers monitoring active.

When this option is used:

  • Local file activities such as access, read, write, etc. for that process/app will not be reported on the BI Reports > File Events and Monitoring > File Transfers reports.

  • Any Files rules to detect local file operations will be ignored for the app.

  • Any Content rules involving local files and the app will be ignored.

However, note that:

  • The app activities will still be captured on reports like the BI Reports > Applications & Websites, Monitoring > Web Pages & Applications, etc.

  • Network/web file activities (e.g., web upload/download) will still be processed. If you don't want to capture the network activities, you can turn off the NETWORK DRIVER option.

Example

As an example, if you send an email attachment with Gmail on Chrome, by default, you will see two file transfer actions, one for when Chrome accesses the local file for preparing the upload (Access) and the second one is when it uploads the file (Web upload):

3-file driver and network enabled.png

Now, if you specify "chrome.exe" in the EXCLUDE PROCESSES FROM FILE DRIVER field, you will no longer see the Access action. However, you will still see the Web upload action:

2-file driver enabled.png

Bug Fixes

Agent not Updating when Pressing the Update Button

Due to a bug, the Agent(s) wouldn't update when you pressed the UPDATE AVAILABLE! CLICK TO APPLY NOW button on the Settings > Autoupdate screen. It would change to the "AUTOMATIC UPDATE IS SET FOR VERSION XX.XX.XXXX" but then nothing else would happen and the Agent(s) wouldn't get updated:

The bug is fixed now.

IM Activity Rules with an Exclude Condition not Working Sometimes

Due to a bug, sometimes an IM Activity rule like the one below might not trigger if 1) you left the CONDITION field empty and 2) have any values in the EXCLUDE field:

The bug is fixed now.

Clipboard Rules not Working Properly

Due to a bug in how the Agent works with Windows Clipboard history, a rule like the one below wouldn't work or would produce unexpected results:

In the above example, if the Clipboard history was disabled and you attempted to paste any number that looked like a credit card number into the Calculator app, it would be blocked. No warning message would be displayed, even though no Block action was specified in the rule. However, if Clipboard history was enabled, it would be impossible to paste the sensitive data in any application. There would be other unexpected behaviors like these.

All these bugs are fixed now.

Did this answer your question?