Windows Agent 15.0 (2023-06-15)
A
Written by Arick Disilva
Updated over a week ago

New Features

New Option to Adjust the Sensitivity of Credit Card Detection in Content Sharing Rules

Teramind's Content Sharing rules allow you to detect credit card numbers using the built-in Predefined Classified Data. However, the way the algorithm works, it detects text that aren't really credit card numbers but might follow similar patterns. For example, the algorithm might incorrectly detect specially formatted strings as credit card numbers. For example, it might detect this URL sting, 4.574%201.252.695%202 as a credit card number (e.g., 4574201252695202).

To avoid such false positives, we have added an option, CREDIT CARD DETECTION MODE on the Content tab of the Content Sharing rules. This option will let you to select a sensitivity level of the algorithm when detecting credit cards. The option will be displayed whenever you select Predefined Classified Data > Financial Data and then any credit card detection option under the SELECT SENSITIVE DATA TO DETECT field:

The option supports three detection modes:

  • Loose: This is how the algorithm works currently, and is the default mode. In this mode, Teramind will detect most text patterns without any restrictions on the delimiters/separators. For example:

4* 4*4*4-44&4% %4-44%44- 4&444
ABcdef44*444*444 444_444&44Xyz
abcdef4%4*4%4#4*4!!4##4_ 4#44_4%4%4&44Xyz
  • Medium: In this mode, Teramind will check sequences with the same delimiter/separator only. Any spaces will be ignored and several consecutive delimiters will be included in the detection. For example:

4%444%%44%44%4444%44%44ABcdef4 %%4444%444%4444%%444%4Xyzabcdef4_4444_44_44_4_4_4_4444Xyz
  • Strict: Only standalone credit card expressions will be included. Delimiters must be the same per expression and one of NONE/SPACES/HYPENS delimiters will be allowed. Several consecutive delimiters will not be allowed. For example:

444444444444444444-44-4444-444-4-44-4444 44 4444 444 4 44 44ABcde 4444444444444444 Xyz

Ability to Use Your Own Proxy Certificate (On-Premise)

By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate.

It's now possible for you to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate:

For more information, please check out this article: How to use your own proxy certificate (On-Premise).

Improvements

Limiting Alerts for Idle Rules

Previously, when you created a Agent Schedule > Idle rule, after the initial alert, the rule would generate and record alerts based on the USER ALERTS THRESHOLD (SECONDS) and the LOG ALERTS THRESHOLD (SECONDS) settings on the Settings > Alerts screen:

However, if used incorrectly, these settings might have caused some issues. For example, if you set the above settings to 1 second, and created a rule like this:

- and the user remained idle for 15 minutes, they would get (15-10)*60=300 warnings! Though accurate, this wasn't a desirable outcome.

We made changes to the Idle rule's alert behavior so that it will generate a single alert - when the rule is violated. This means, the rule will trigger when the user becomes idle for the duration specified in the rule's threshold (DEFINE THE TIME RANGE field). In the above case, the user will get a warning at the 10 minute mark. If the user continues to stay idle, they will not receive any more warnings.

However, if the user becomes active and then goes to idling again, the rule will reset and issue a warning after another 10 minutes.

Bug Fixes

File Rule to Block Network File/Folder Creation Would Produce Unexpected Results

Due to a bug, when using a Files-based rule like the one below, it wouldn't block the file operation, instead it would create some empty folders:

This happened because of some changes introduced in Windows in recent updates. It would seems to affect the BLOCK rule action for any file operation that would create a file or folder on a network-shared drive/folder. For example, Create, Rename, Copy etc.

The bug is fixed now so that the Block action will work as expected without creating any empty folders.

Record Video Rule Action Not working for Content-Sharing Rules

Due to a bug, a Content Sharing rule like the one below wouldn't work. The rule wouldn't trigger the RECORD VIDEO action, nor will any rule violation alerts be displayed on the BI Reports > Behavior Alerts or the Behavior > Alerts reports:

The bug is fixed now so that the Record Video action will record the screen and an alert will be generated on the alert reports.

Switch User's Task Rule Action Not Working for Some Activities

The SET USER'S ACTIVE TASK action allows you to automatically switch user's active task based on what app or website the user is using. However, due to a bug, a rule like the one would sometimes fail to switch the task for some website activities:

This can happen especially if the user stayed on a website without interacting with the site.

The bug is fixed now so that the task would switch as expected.

LinkedIn Posts and Comments Not Captured

Due to the recent changes to LinkedIn's messaging framework, posts, comments and/or attachments on LinkedIn might not be captured as expected. As a result, activities like Post, Edit Post, Comment, Edit Comment etc. might not be displayed or would have missing information (such as no attachments information) on the BI Reports > Social Media / Monitoring > Social Media reports.

The bug is fixed now.

Quick Web Proxy Certificate Not Injected for Certain Sites

By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. However, the certificate injection might not work for some websites using the newest HTTPS/3 (QUIC) protocol (for example, https://edition.cnn.com/):

The bug is fixed now so that the Quick Web Proxy certificate will be injected for HTTPS/3-based websites.

The Agent Would Crash During a Microsoft Teams Video Call

In some rare situation, the Agent would crash during a video call in MS Teams, usually within a few minutes of starting the video conference. The bug is fixed now.

Did this answer your question?