New Features
Monitoring Settings: Option to Disable the Password Manager of Known Browsers
Most modern browsers have a password manager that prompts you to save passwords from login forms on websites. While this is convenient, it's a security risk.
Teramind has introduced a new option, DISABLE BUILT-IN PASSWORD MANAGER OF KNOWN BROWSERS to disable built-in password managers in the browsers. You can access this option by clicking the ADVANCED button on the Monitoring Settings > monitoring profile screen:
Once enabled, it will disable the password-saving option on any supported browsers. The user will not be able to override the option. However, independent password managers such as LastPass will still work.
Note that, if the ALLOW APPLICATION RESTARTING option is enabled, Teramind will automatically restart any open browsers so that the DISABLE BUILT-IN PASSWORD MANAGER OF KNOWN BROWSERS setting can take effect automatically. Otherwise, you will have to manually restart the browsers.
Monitoring Settings: Option to Restart Applications when Monitoring Settings Change
A new option, ALLOW APPLICATION RESTARTING is added which can be accessed by clicking the ADVANCED button on the Monitoring Settings > monitoring profile screen:
It allows you to automatically restart any open browsers when DISABLE BUILT-IN PASSWORD MANAGER OF KNOWN BROWSERS setting has changed so that the setting can take effect automatically. Otherwise, you will have to manually restart the browsers.
It also allows you to restart the Mozilla Firefox and Tor browsers to inject the proxy certificate (required to monitor web traffic). Otherwise, you will have to manually restart the browsers.
Monitoring Settings: Options to Disable Wi-Fi and Bluetooth Access Separately
Previously, there was an option for you to enable/disable the Wi-Fi and Bluetooth access together. Now, you can control them separately. You can access these options by clicking the ADVANCED button on the Monitoring Settings > monitoring profile screen:
Improvements
Behavior Rules: Trigger Information for IM Rules
Previously, IM-based rules wouldn't have the proper trigger information for some specific activities. For example, when a rule like the one below was used, it wouldn't show what triggered the rule (file upload), creating confusion about false alerts:
With the trigger information, you will have more context on the rule's warning messages and the alert reports (e.g., Behavior > Alerts or BI Reports > Behavior Alerts):
Monitoring: Proper File Names Captured on Facebook Messenger
Previously, you might have seen a lot of irrelevant information in the file names for uploaded/downloaded files on Facebook Messenger. For example:
http://www.facebook.com/ajax/mercury/upload.php?__user=100027374661069&__a=u2i5U4e1Nxt3...
Now it will show, precise, clean file names, such as:
image_uploaded.svg
Monitoring: Better Processing of Regular Expression
We have optimized our RegEx engine so that it's now more secure and robust. This would improve processing of:
Websites monitoring
Activities rules based on websites
Content Sharing rules based on websites
Bug Fixes
Agent: BSOD Error when Updating to Agent Version 6.1
You might have experienced a Blue Screen of Death (BSOD) Error like the one below when trying to update your Agent to version 6.1:
Additionally, you might have noticed an Events 6008 (Unexpected Shut down)
entry in the diagnostics log.
The bug causing the error is fixed now.
Agent: File Driver Service Remains Stopped when Restarting the Agent
On Agent 7.0, if two (or more) users logged into the same computer at the same time, it would crash the Agent and you would see that the second user is reconnected every second on the Dashboard. The bug is fixed now.
Agent: The Agent would Crash if More Than One User Logged into the Same Computer
On Agent 7.0, if you stopped and then restarted the Agent, the file driver (tmfsdrv2) would remain stopped while all the other services keep running. The bug is fixed now.
Behavior Rules: Files-Based Rules wouldn't Trigger for LFS Format CDs/DVDs
Due to a bug, Files-based rules like the one below wouldn't trigger properly for activities on a CD/DVD-R/RW disk formatted in the flash/LFS file system:
The bug is fixed now.
Behavior Rules: Files-Based Rules wouldn't Trigger for Box Drive
Due to the recent Box updates, Files-based rules like the ones below wouldn't trigger for Box Drives (Box Sync would still work):
The bug is fixed now.
Behavior Rules: Webpages Rules with an EXCEPT Condition and Time-Based Criteria wouldn't Trigger Properly
Due to a bug, a Webpages-based rule like the one below which uses an EXCEPT/EXCLUDE condition and any of the Time Active, Time Idle, Total Time Active, Total Time Idle criteria wouldn't trigger:
In the above case, if you visited a site not on the exclude list (e.g., google.com), then after 10 minutes of inactivity, it should have triggered the rule. However, it wouldn't.
The bug is fixed now.
Monitoring: Console Commands Not Captured
After updating to Agent 7.0, you might not be able track any console commands (e.g., from the Command prompt, the PowerShell) and they wouldn't show up on the BI Reports > Console Commands or the Monitoring > Console Commands report. For example, here's a result from two ping
commands:
The bug is fixed now.
Monitoring: Print Job would Get Paused Sometimes when Printing from a Server
You might have noticed that the printer sometimes pauses unexpectedly when printing from a server to a printer. For example, when printing from a server/web portal that uses a local account on a workstation that connects to a printer. The bug is fixed now.
Monitoring: Quick Web Proxy Certificate Not Trusted on the Tor Browser
After updating to Agent 7.0, you might be unable to visit any websites on the Tor browser and see a message like the one below:
This was due to Tor not trusting the Quick Web Proxy that Teramind Agent injects into the browser for monitoring web traffic. The bug is fixed now.
Monitoring Settings: Network Driver Setting Would Cause the Agent to Crash
Due to a bug, when you turned off the NETWORK DRIVER option under the Monitoring Settings > Advanced screen, it would cause the Agent to disconnect and connect repeatedly:
The bug is fixed now.
Monitoring Settings: Modern Screen Grabbing would Cause the Agent to Crash
If you enabled the USE MODERN SCREEN GRABBING option on the Monitoring Settings > monitoring profile > Screen, it might crash or disconnect the Agent. Especially, if used with multiple monitors or virtual desktops.
The bug is fixed now.
Security: Various Fixes and Improvements
Various security enhancements and hardening to make the Agent more secure and stable.