New Features
On-Premise: Support for End-to-End Encryption (E2EE)
Previously end-to-end encryption (E2EE) was only available as a custom feature. Now, we are making it a standard option for the On-Premise deployments.
The primary objective of E2EE is to enhance the data flow security, by combining envelope encryption with end-to-end encryption for all communications between the Agent and Server(s). If you want the most privacy for your data, you can consider E2EE.
For more information about E2EE, please check out this article: What is End-to-End (E2EE) Encryption and how to use it.
When the E2EE is enabled, the Session Player, Monitoring > Screen Snapshots, BI Reports > Keystrokes, Monitoring > Keystrokes reports, etc. will mask the data. On the reports, you will see a Decrypt button which will allow you to view the data.
Here's an example of how the Session Player will work when E2EE is enabled on a computer:
Clicking the Decrypt button will ask you for the encryption passphrase:
If the passphrase is correct, you will see the unencrypted video:
For more information about E2EE, please check out this article: What is End-to-End (E2EE) Encryption and how to use it.
BI Reports/Monitoring: Geolocation Tracking
We are introducing Geolocation monitoring in this release.
With this feature, you will be able to track where employees are working from. This might be useful if you have a remote, dispersed team or have field workers and contractors who work on different job sites.
For more information about Geolocation, please check out this article: What is Geolocation tracking and how to use it.
Geolocation Monitoring Settings
The GEOLOCATION option can be enabled from the Monitoring Settings:
Geolocation BI Report
You can view the users' geolocation activities from the BI Reports > Geolocation report:
In addition to the common BI data points (e.g., date/time, employee, etc.), these special data points are available on the report: Country, City, 1st Level Division, 2nd Level Division, Offline, Time, Latitude, Longitude and Error Radius.
You will be able to use all the features available to a BI report such as customization, advanced filters, search, export, etc.
BI Reports: New All Events Report
We have added a new All Events report under BI Reports. The report will show all the events (e.g., Web/App Activity, Alerts, File Transfers, Emails, Sessions, Print, Keystrokes, etc.) for all users/computers. You will be able to use all the analytics tools features available to all the BI reports:
This report will help you get a holistic view of the activities happening in the organization or do a thorough audit of user activities in a single report.
BI Reports/Active Directory: Support for LDAP Attribute Data Points on All BI Reports
Previously, if you had an Active Directory integration set up, you could use LDAP Groups and LDAP Attributes on the BI Reports as Filters:
Now, we are adding a new feature so that you can use LDAP Attributes as data points on the BI reports. You will be able to use LDAP attributes as columns on a Grid widget or as dimensions on a Chart widget:
BI/Monitoring Reports/Behavior Rules: Support for Monitoring WeTransfer
We have added support for monitoring file uploads and downloads through the https://wetransfer.com
site. You should now be able to monitor the activity on the Monitoring > File Transfers or BI Reports > Web File Events reports:
You will also be able to create Files-based behavior rules like the one below and view the alerts on the BI Reports > Behavior Alerts report:
Behavior Rules: New Option to Adjust the Sensitivity of Credit Card Detection in Content Sharing Rules
Teramind's Content Sharing rules allow you to detect credit card numbers using the built-in Predefined Classified Data. However, the way the algorithm works, it might incorrectly detect specially formatted strings as credit card numbers. For example, it might detect this URL sting, 4.574%201.252.695%202
as a credit card number (e.g., 4574201252695202
).
To avoid such false positives, we have added an option, CREDIT CARD DETECTION MODE on the Content tab of the Content Sharing rules. This option will let you select a sensitivity level of the algorithm when detecting credit cards. The option will be displayed whenever you select Predefined Classified Data > Financial Data and then any credit card detection option under the SELECT SENSITIVE DATA TO DETECT field:
The option supports three detection modes:
Loose: This is how the algorithm works currently, and is the default mode. In this mode, Teramind will detect most text patterns without any restrictions on the delimiters/separators. For example:
4* 4*4*4-44&4% %4-44%44- 4&444 ABcdef44*444*444 444_444&44Xyz abcdef4%4*4%4#4*4!!4##4_ 4#44_4%4%4&44Xyz
Medium: In this mode, Teramind will check sequences with the same delimiter/separator only. Any spaces will be ignored and several consecutive delimiters will be included in the detection. For example:
4%444%%44%44%4444%44%44ABcdef4 %%4444%444%4444%%444%4Xyzabcdef4_4444_44_44_4_4_4_4444Xyz
Strict: Only standalone credit card expressions will be included. Delimiters must be the same per expression and one of NONE/SPACES/HYPENS delimiters will be allowed. Several consecutive delimiters will not be allowed. For example:
444444444444444444-44-4444-444-4-44-4444 44 4444 444 4 44 44ABcde 4444444444444444 Xyz
Monitoring: Support for the New Microsoft Outlook Client
We are proactively adding support for the new Outlook desktop client that's currently being rolled out by Microsoft as a preview version through their Insider channels:
At the moment, the following new Outlook versions are supported:
Beta Channel: 1.2023.516.100
Current Channel: 1.2023.516.100 (Production)
You should be able to track incoming/outgoing emails, capture attachments, and apply behavior rules to these new versions of Outlook in addition to the existing versions.
Note that since this is a preview product, our support for it might change in the future.
Monitoring Settings: New Options to Ignore Older IM Events
We have added two new options to the IM monitoring settings:
The options work similarly to the options available under the Emails monitoring settings. Here's how each option works:
IGNORE EVENTS OLDER THAN (DAYS): option allows you to cut off capturing IM conversations older than certain days. Users might browse older messages on the IM client. With this option, you can instruct the Agent not to capture those messages reducing noise in your monitoring reports.
IGNORE EVENTS EVEN IF BEHAVIOR POLICIES MATCH: option allows you to determine if the rule engine should also ignore older messages. This will prevent the triggering of unexpected rule violations and false alerts by ignoring older messages.
Settings/Active Directory/Security: New Options for LDAP Certificates
Previously, if you chose the CONFIRMATION METHOD FOR DASHBOARD CHANGES option (Under Settings > Security) to LDAP Password and you were using a self-signed certificate, you might have seen an error, "Invalid confirmation password" when confirming any sensitive Dashboard changes:
To mitigate such issues, we have added a new option LDAP CERTIFICATE VERIFICATION TYPE to the Settings > Active Directory. This will allow you to choose how you want to validate the LDAP certificate and if wanted to upload your self-signed certificate:
Here are a few notes:
The LDAP CERTIFICATE VERIFICATION TYPE option will only be shown if you choose tls or ldaps from the ENCRYPTION option.
The valid options for the LDAP CERTIFICATE VERIFICATION TYPE are:
Accept valid - only valid certificates are accepted
Accept any - accept valid/invalid certificates
Accept specified or valid - accept valid or self-signed certificates
If you choose the Accept specified or valid option, a new option, LDAP CERTIFICATE will be displayed. By clicking the Select file button, you will be able to upload your own CA certificate.
Settings/Security: Support for Encrypted Third-Party SSL Certificates
Previously, if you tried to upload an SSL certificate protected with a private key (Settings > Security > SSL), you would get an invalid certificate error.
From this version, we have added support for third-party signed, encrypted certificates. Now, if you try to upload a protected certificate, you will be asked to enter the PASSPHARASE. If the passphrase is incorrect or not provided, you will see an error message, "Certificates upload failed: Private certificate is encrypted, please provide passphrase and try again.":
If the passphrase is correct, the server will decode the certificate (once you press the VALIDATE KEYS button), convert it to a regular RSA private key and you will be able to see the keys and values:
Agent/Server: Ability to Use Your Own Proxy Certificate (On-Premise)
By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate.
It's now possible for you to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate:
For more information, please check out this article: How to use your own proxy certificate (On-Premise).
Other/Server: Ability to Add SSL Certificate Chain Though the Nginx Configuration (On-Premise)
In some situations, you might have a locally incorporated CA, and sign your certificates by it. In order for this to work, you might need to install Root CA and Sub CA certificates on each of your web servers.
A third-party CA certification might not work in such a situation. You might need to do so on Teramind's master node.
To make it easier for you, we have added support to add your own SSL certificate (trusted CA root certificate) bundle to your master node through the Nginx configuration. You should be able to add the certificate to your teramind.config
file by using this line of command:
ssl_trusted_certificate = <certificate path>
Where, <certificate path>
is the path to your certificate file. For example, /usr/local/test.crt
:
[Mac] Network: Support for IPv6
Before this release, the Mac Agent only supported network monitoring for IPv4 addresses. As a result, you might have noticed missing activities on the Network Monitoring or Applications & Webpages reports. For the same reason, some of the Webpages or Networking-based behavior rules wouldn't work either.
From this version, we are adding support for filtering network activities over IPv6.
You should see the Teramind proxy certificate (Internet Widgits Pty Ltd) successfully injected into websites using IPv6 (previously, the certificate wouldn't be injected):
The IPv6 connections can be identified on the Network Monitoring reports:
All the websites and network-based behavior rules should work as usual.
[Mac] Monitoring/Behavior Rules: Support for Tracking Secure Connections on All Popular Browsers
The Agent can now decrypt HTTPS/TLS traffic. This will give you the ability to create Webpages-based behavior rules - warn users and block network connections. This capability is applicable to all apps and browsers that use HTTPS/TLS.
As part of the feature, a proxy certificate will be injected into the websites to monitor HTTPS/TLS traffic. This certificate is currently signed by our root certificate Internet Widgits Pty Ltd, which acts as the CA for the domain’s certificate:
Note: the CA details might change in a future release.
[Mac] Agent: Option to Change the Process Name of the Hidden Agent
We are providing customers with the option to change the process name of the Hidden/Silent Agent.
By default, the Agent shows up as "System Monitoring" on the Mac's Activity Monitor, Accessibility Permission, Screen Recording Permission, etc.:
The ability to change the process name will allow you to obfuscate the Agent so that it will not be obvious to a regular user that the Agent is running.
Windows Agent has been able to do that since version 6.1. Now, we are bringing this feature to the Mac Agent. However, there's a slight difference.
On Windows, you can use an installation parameter (TMAGENTEXE) to change the process name yourself. However, macOS doesn't allow you to change a process name this way. Teramind will have to build you a custom Agent Installer to do that.
If you need to change the Agent's process name, please reach out to [email protected] or contact us over the Chat option from your Teramind Dashboard or our website. We will provide you with an Agent Installer with a custom process name of your choice.
Improvements
Notifications: Support for Faster Loading and Pagination
Previously you might have noticed slow performance, freezing up of the browser, incomplete list of notifications, etc. when trying to load the Notifications report with many notifications. We fixed those issues.
We have also added the pagination feature at the bottom of the report to make it easier to navigate the report:
BI Reports: Faster Loading of Behavior Alerts Report
Previously you might have noticed slow performance when viewing the BI Reports > Behavior Alerts report. This could happen especially if there were many email-based rules/alerts.
We made improvements so that the report should load faster now.
BI/Monitoring Reports/Agent: Detect Browser Process Name Change, Custom Browsers and Prevent the Bypass of URL Logging
Sometimes, users might change the name of a browser's application executable. There might be legitimate reasons for doing so. For example, you might be using a customized/enterprise version of a browser with a different app name. But a malicious user might also change the process name to bypass URL logging by tools like Teramind.
If you changed a browser like this, it would also change the Windows Process Name for it. For example, in the screenshot below, chrome.exe is changed to Teramind Chrome.exe:
Previously. the Agent relied on a browser's name to detect it. So, changes to its process name would cause the Agent to not recognize the browser and it would stop injecting the proxy certificate (Quick Web Proxy). As a result, it would mark the browser as a generic process/app and wouldn't capture detailed web activities such as the Full URL:
Behavior rules created to detect the browser name, URL, etc. might also fail for the same reason.
We are introducing a better method to detect browsers so that changes like the above wouldn't affect the Agent's ability to identify a browser properly. It will now use several data points such as Browser Name, Digital Certificate Signature, Original Filename, Product Name, File Description, etc. to verify the browser.
BI/Monitoring Reports: Eliminating Time Gaps Between Activities
Previously, if activities had any small time gaps (i.e., a few seconds), the report would automatically eliminate them to display a compact report. However, this would result n a slightly-lower data resolution and could possibly miss some events (e.g., a user switching between two apps very fast). We have made some improvements so that these gaps will no longer be eliminated.
Behavior Rules/Settings: Limiting Alerts for Idle Rules
Previously, when you created an Agent Schedule > Idle rule, after the initial alert, the rule would generate and record alerts based on the USER ALERTS THRESHOLD (SECONDS) and the LOG ALERTS THRESHOLD (SECONDS) settings on the Settings > Alerts screen:
However, if used incorrectly, these settings might have caused some issues. For example, if you set the above settings to 1 second, and created a rule like this:
- and then the user remained idle for 15 minutes, they would get (15-10)*60=300 warnings! Though accurate, this wasn't a desirable outcome.
We made changes to the Idle rule's alert behavior so that it will generate a single alert - when the rule is violated. This means, the rule will trigger when the user becomes idle for the duration specified in the rule's threshold (DEFINE THE TIME RANGE field). In the above case, the user will get a warning at the 10-minute mark. If the user continues to stay idle, they will not receive any more warnings.
However, if the user becomes active and then goes to idling again, the rule will reset and issue a warning after another 10 minutes.
Employees: Better Error Handling of Invalid/Large CSV Files
Previously, you might see an error message, "Invalid arguments: csf_token_error" when trying to upload a CSV file greater than 1GB from the Employees > Import employees screen:
We have now limited the file size to 64MB. This should be enough to support over 100,000 employees while keeping the system robust. Also, if you now try to upload a file greater than 64MB, you will see an error message, "Invalid file".
Configure: Better Handling of Uploaded Shared Lists
Previously, if you uploaded a file from the Configure > Shared Lists screen, the system would add any valid lines and silently discard any invalid ones. If the file didn't contain any valid lines, nothing would be added. This might create confusion as the Dashboard wouldn't show any messages or errors.
Now, the Dashboard will show an error if it encounters any invalid lines in the uploaded file and which items caused the error:
It will also completely discard the upload and will not add any entries to the Shared List even if the file contained some valid lines.
Monitoring Settings: Ability to Detect Password Fields Without Using the Proxy Certificate
Before, the Agent relied on a successful proxy certificate injection to be able to detect password fields on websites. As a result, the MONITOR KEYSTROKES FOR PASSWORD FIELDS option (on the Monitoring Settings > Websites window) would only work if the SSL and TRACK NETWORK CONNECTIONS options were enabled (on the Monitoring Settings > Network window). In essence, the options were tied together:
Now, it's able to detect such password fields without relying on the proxy certificate/Network settings.
This feature might be useful when you already have a solution that injects a certificate or does network traffic monitoring and you don’t want to mix it with our network filtering.
Notes/Limitations:
The feature should work for most websites except for the ones that use Java-based widgets.
Password field detection will only work if it's masked (e.g., the text field doesn't show the typed password, instead it shows special symbols like * or •) or if the name property of the field contains 'pass'. Otherwise, the Agent will capture all the keystrokes entered in the password field even if the MONITOR KEYSTROKES FOR PASSWORD FIELDS option is disabled.
Settings/Agent Defaults: Support for Ignoring Default User Profiles (Hidden/Silent Agent)
'defaultuser' or 'Other user' profiles are usually created when you use Windows for the first time but they can also be created during a Windows update or for some other reasons.
On the Teramind Dashboard, if you had the CREATE NEW USERS ON FIRST CONNECTION option enabled under the Settings > Agent defaults screen, these default users would be added to Teramind as new employees automatically. They would look something like: defaultuser0, defaultuser2, defaultuser100001, etc.:
If you had the ENABLE MONITORING FOR NEW AGENTS BY DEFAULT option enabled, monitoring for these new users would also be enabled tying up your Teramind licenses and sometimes causing over-license issues:
We have added support for ignoring Windows' default user profiles by default* so that they will no longer be added to Teramind even if the CREATE NEW USERS ON FIRST CONNECTION option is enabled.
If, for some reason, you want to monitor these default profiles, a special setting can be used to re-enable the feature. Please contact [email protected] to learn how to do it.
Settings/Export: Option to Limit Email Body Length in Exported Reports
We are adding an option, MAXIMUM EMAIL BODY LENGTH under the Access to exported data section on the Settings > Security screen:
This will limit how many characters will be exported to a PDF/CSV report from the email body when using the Export option from reports like BI Report > Emails. The default value is 2000 characters.
The option will help keep your reports compact while also preventing broken reports, browser hang-ups, etc. due to large email bodies.
Other/UI: Better Messages for Time Tracking and Screen Snapshots Reports
We have made some changes so that you will now see messages and confirmation dialogue when performing certain actions on the Time Tracking > Time Records, Time Tracking > Time Cards and Monitoring > Screen Snapshots reports. For example, when adding time, deleting snapshots, or making other changes:
[Mac] BI/Monitoring Reports: Cleaner Applications & Websites Reports
Before this improvement, some system events such as screen lock/unlock, screensaver activation, fast switching, etc. would show up on the activities reports such as Monitoring > Web Pages & Applications and BI Reports > Applications & Websites. The duration of these processes would usually be for a few seconds:
We made improvements so that these events will no longer be displayed on the reports making the dashboard cleaner and streamlined.
Bug Fixes
Time Tracking: Internal Server Error When Starting a Task
Due to a bug, you might have received an Error 500 (Internal Server Error) when starting a task from Time Tracking > Tracker:
The API call GET /tm-api/v1/time-tracker/status
would also return the Status Code 500.
The bug is fixed now.
Time Tracking/Monitoring: Deleting Time on Time Cards/Screen Snapshots Wouldn't Work
Due to a bug, if you deleted a time entry from the Time Tracking > Time Cards or the Monitoring > Screen Snapshots screen, it wouldn't remove the time entry:
The bug is fixed now.
Time Tracking: Time Cards Reporting Settings Had No Effect
Due to a bug, the report settings on the Time Tracking > Time Cards report wouldn't get applied. For example, if you hid some columns, they would still be shown on the report:
The bug is fixed now.
Time Tracking: Duration Field Not Updated Automatically When Changing Time on the Time Cards Report
Due to a bug, The Duration field wouldn't automatically update when you changed time in the Start and End fields on the Time Tracking > Time Cards report (New time record and Edit time record windows):
The bug is fixed now.
Time Tracking/Access Control: Tasks Filter Wouldn't Follow Access Control Policy and Show All Tasks
Usually, an employee with the right access control policy (e.g., a Privileged User/Department Manager) should only see tasks for employees allowed under their supervision (Targets). However, due to a bug, the Tasks filter on the various Time Tracking reports (e.g., Task Cost, Time Cards, etc.) would show all tasks:
The bug is fixed now.
Time Tracking/Access Control: Privileged User Not Able to View Target Users' Time Records
Usually, a Privileged User with the right access control policy (e.g., View time records) should be able to see the Time Tracking > Time Records report for the Target Users under their supervision. However, due to a bug, the Privileged User is unable to view the Time Records for the Target Users if they tracked time through the web clock-in (Time Tracking > Tracker) option. The bug is fixed now.
Time Tracking: Auto-Exported Time Cards PDF Reports Wouldn't Render Properly
Due to a bug, auto-exported PDF reports (DAILY EXPORT) from the Time Tracking > Time Cards screen wouldn't render the PDF properly. The columns on the report wouldn't adjust to fit the page size:
The bug is fixed now so that the columns will be adjusted/resized to display properly on the report.
Time Tracking/Behavior Rules: Too Many Duplicate Entries on the Time Records Report
Due to a bug, you might see too many duplicate entries on the Time Tracking > Time Records report, often showing tasks with very short durations (<1m):
This could happen especially if you had an active rule that used the SET USER'S ACTIVE TASK action and the Settings > Alerts > RULE TASK SELECTION ACTION TIMEOUT (SECONDS) was set to 0:
The bug is fixed now so that no such duplicate entries will be shown.
Also, we are setting the default value for RULE TASK SELECTION ACTION TIMEOUT (SECONDS) to 300 seconds to avoid too many record entries and behavior alerts.
BI Reports: Context Menu Wouldn't Display When A Single Cell Was Selected
Due to a bug in the recent Dashboard changes, the Context Menu (right-click menu) on BI Reports wouldn't be displayed. Instead, the browser's context menu is shown:
The bug is fixed now.
BI Reports: Strange/Different Time Formats Displayed for Grouped Items
Due to a bug in the recent Dashboard changes, if you grouped items (e.g., Group by Tasks) on a Grid widget, the timestamps would show strange time formats or different times:
The bug is fixed now.
BI Reports: Missing Widget Name on the Exported Report
Usually, if you use the Full page charts option under the Export menu on any BI Reports, the resulting file name should include the Grid widget's name and the PDF should also have a subtitle with the widget's name. However, due to a bug, this would be missing:
The bug is fixed now.
BI Reports: Sorting Not Applied to the Schedule Export Reports
Due to a bug, sorting on the Timestamp column of Grid widgets wouldn't get applied to schedule export reports (BI Reports > Select Any BI report > Export > Schedule export):
The bug is fixed now.
BI/Monitoring Reports: LinkedIn Posts and Comments Not Captured
Due to the recent changes to LinkedIn's messaging framework, posts, comments, and/or attachments on LinkedIn might not be captured as expected. As a result, activities like Post, Edit Post, Comment, Edit Comment, etc. might not be displayed or would have missing information (such as no attachments information) on the BI Reports > Social Media / Monitoring > Social Media reports.
The bug is fixed now.
BI/Monitoring Reports: Unable to Download Email Attachments
Due to a bug, in some rare situations (e.g., if you have attached remote storage such as AWS S3), you might see an error, "File not found" when trying to download any attachments from the BI Reports > Emails or the Monitoring > Emails report:
The bug is fixed now.
Monitoring: Incorrect Participants Shown on Online Meetings Report
Due to a bug in the recent Dashboard changes, the Participants column on the Monitoring > Online Meetings report would sometimes show strange characters, empty values, or incorrect names:
The bug is fixed now.
Monitoring: Extra Column Included in Exported Reports
Due to a bug, you might see an extra column, Category in the exported file from the Monitoring > Web Pages & Applications report:
The bug is fixed now.
Note: if you want to view/export applications and websites by category, please use the BI Reports > Applications & Websites instead.
Behavior Rules: Rule to Detect Content Upload to Google Drive Wouldn't Work for Large Files
Due to a bug, a Content Sharing rule based on the Upload condition to Google Drive wouldn't trigger for files greater than 1 MB. Here's an example of such a rule:
The bug is fixed now so files up to 100 MB should be detected.
Behavior Rules: LDAP Attributes Filter Wouldn't Work on the Alerts Report
Due to a bug, if you applied the LDAP Attributes filter on the Behavior > Alerts report, the report would hang up while continuing to display the "Loading data..." message. The bug is fixed now:
Behavior Rules: File Rule to Block Network File/Folder Creation Would Produce Unexpected Results
Due to a bug, when using a Files-based rule like the one below, it wouldn't block the file operation, instead, it would create some empty folders:
This happened because of some changes introduced in Windows in recent updates. It would seem to affect the BLOCK rule action for any file operation that would create a file or folder on a network-shared drive/folder. For example, Create, Rename, Copy, etc.
The bug is fixed now so the Block action will work as expected without creating any empty folders.
Behavior Rules/Shared Lists: OCR Rules Wouldn't Work When Used with Regular Expressions-Based Shared Lists
Due to a bug, an OCR rule that used a regular expressions-based Shared List (i.e., using the Match list condition) wouldn't work:
The bug is fixed now so that the rule should work and trigger the alert as expected:
Behavior Rules: Application Name Criterion in OCR Rules Wouldn't Work Sometimes
Due to a bug, some OCR rules that used the Application Name criterion wouldn't get triggered because the rules were looking for an exact match (case sensitive). For example:
In the above example, the rule wouldn't work because it couldn't find the application/process named Teams.exe
. The rule would have worked if the user used teams.exe
. (the correct process for Microsoft Teams).
The bug is fixed now so that the Application Name criterion will be case insensitive from now on. You can now use names like, "Teams.exe", "teams.exe", "TEAMS.EXE", etc.
Behavior Rules: OCR Rules with Regular Expressions Would Fail to Detect Some Text
Regular expressions are usually evaluated as case insensitive. However, due to a bug, regular expressions in an OCR rule would become case-sensitive. As a result, it would fail to detect certain text. For example, the rule below would fail to detect the word, "Asbestos":
The bug is fixed now.
Behavior Rules: Imported Policies/Rules Would Fail to Activate
If you tried to activate (turn on) an imported behavior policy or rule, it might fail to activate and return a 500 error code with the message, "Error occurred". This could happen if the behavior policy or rule didn't have any target Users assigned to it. The bug ix fixed now. If a policy or rule doesn't have any users assigned, the system will assign Everyone to the policy/rule:
Behavior Rules: Record Video Rule Action Not working for Content-Sharing Rules
Due to a bug, a Content Sharing rule like the one below wouldn't work. The rule wouldn't trigger the RECORD VIDEO action, nor will any rule violation alerts be displayed on the BI Reports > Behavior Alerts or the Behavior > Alerts reports:
The bug is fixed now so that the Record Video action will record the screen and an alert will be generated on the alert reports.
Behavior Rules: Switch User's Task Rule Action Not Working for Some Activities
The SET USER'S ACTIVE TASK action allows you to automatically switch a user's active task based on what app or website the user is using. However, due to a bug, a rule like the one would sometimes fail to switch the task for some website activities:
This can happen especially if the user stayed on a website without interacting with the site.
The bug is fixed now so the task would switch as expected.
Productivity/Alerts: LDAP Filter Not Working on the Time Worked and Alerts Reports
If you have an Active Directory integration set up, you can apply LDAP attributes to filter the Productivity >Time Worked and Behavior > Alerts reports. However, due to a bug, the filter wouldn't be applied:
The bug is fixed now.
Session Player: Unable to Edit the Time Counter
Some users had reported that the Time Counter displayed on the Session Player was no longer editable. This was due to a bug introduced in some recent changes to the Dashboard:
The bug is fixed now so that you will be able to enter time into the Time Counter to jump to a specific time/position on the Session Player timeline.
Session Player: Changing the Date Would Show Previous Day's Recordings
Some users had reported that when you changed the Date (near the bottom-right corner) on the Session Player, the date would jump to the previous day. For example, if you set it to 2023-08-17, it would jump to 2023-08-16:
The bug is fixed now.
Session Player: Error When Exporting Videos
Some users might have experienced an error when exporting a video from the Session Player. The message would say something like, "Limit for report emails per day exceeded, current count is 1000, was trying to increase by 1, maximum count is 1000" and the export would fail:
The bug is fixed now.
Employees: Departments Filter Not Working for Some Users
Due to a bug in one of the recent dashboard updates, the Departments filter wouldn't work on the Employees screen. The bug is fixed now:
Employees: Active Policies Button Not Displayed for Some Users
Due to a bug in one of the recent dashboard updates, the ACTIVE POLICIES button would disappear on some users' Employees > Employee's Page screen. The bug is fixed now:
Employees/Access Level: Operational Admin Unable to Change User's Position
Due to a bug in one of the recent dashboard updates, an Operational Administrator couldn't change the Position of an employee from the Employees > Employee's Page > Edit Profile screen even though that account access level is allowed to make such changes:
The admin would be able to make the change but the APPLY CHANGES button wouldn't save the settings.
The bug is fixed now.
Employees: Invalid Dates on the Exported Reports
Due to a bug, exported PDF/CSV reports from the Employees screen would show "Invalid Date" if the employee didn't have any date in the First Login Time and Last Login From columns:
The bug is fixed now.
Employee/Access Control: Unable to Restore or Enable Monitoring for Deleted Employees
Due to a bug, if an employee had any access permissions (Configure > Access Control), you would get an error, "Unknown error" when trying to restore the employee or turn on their monitoring option:
The bug is fixed now.
Employees: Admins Unable to Configure Their Own Monitoring Settings
Due to a bug in one of the recent Dashboard updates, an administrator (Administrator, Operations Administrator, etc.) couldn't change their monitoring status (i.e., Employees > Employee's page). If they clicked the Monitor this user button, it would reset instantly.
Due to the same bug, the admin couldn't change some other settings on their profile (Employees > Employee's page > EDIT INFO). For example, User can clock in and out using Web interface.
The bug is fixed now.
User Menu/My Profile: Employees Could Change Their Personal Information Even When the Feature Was Disabled
Due to a bug, a regular employee (ACCESS LEVEL: Employee) could still change some of their personal information (first/last name, email address, and phone number) even when the Disable self edit option was enabled on their ACCOUNT INFO settings:
The bug is fixed now.
Computers: Restoring a Deleted Computer Would Also Enable Its Monitoring
If you restored a deleted computer from its Computer's Details screen, the computer would be restored but it would also turn on the Monitor computer option:
The bug is fixed now so that the monitoring option will not change when you restore a computer.
Configure: Operational Admin Unable to Edit Departments
Due to a bug in one of the recent dashboard updates, an Operational Administrator couldn't edit departments. The EDIT and DELETE buttons would be missing from the Configure > Departments > Department Page screen even though that account access level is allowed to make such changes:
The bug is fixed now.
Configure/Settings: Time Mismatch on Schedules Screen When Time Zone Changed
Due to a bug, if you changed the TIMEZONE on the Settings > Localization screen, the Configure > Schedules screen would display incorrect dates (e.g., days on the Schedule screen would be 1 day behind the actual system date):
The bug is fixed now.
Monitoring Settings: Suspend Monitoring IPs/Domains Option Not Working Properly
The SUSPEND MONITORING WHEN BROWSING TO IPS/DOMAINS NOT IN LIST field (on the Monitoring Settings > Websites window) allows you to enter either IPs or domains you want to monitor (and suspend monitor for other domains/IPs). Any sites the user visits that are not included in the domain/IP list should be blacked out on the Session Player and video recording.
However, due to a bug, if you specified only domains (e.g., wikipedia.org) in the field, it would black out all websites. If you included an IP address in the field the option would work as expected:
The bug is fixed so both domains and IP addresses should work now.
System/Session Player: Video Export Failures
In some rare situations, the video export would fail. On the System > Video Export report, the Status column would show, "Failed":
The bug is fixed now.
Settings: Active Directory Tab Displayed for All Deployments
Due to a bug in one of the recent dashboard updates, the Active Directory tab on the Settings screen would be displayed for all deployments. The bug is fixed now so that the tab will be displayed for all On-Premise deployments and for only for Cloud deployments where the feature is enabled:
Settings: Server Management Tab Not Displayed for Some Users (On-Premise)
Due to a bug in one of the recent dashboard updates, the Server Management tab on the Settings screen would disappear for some users. The bug is fixed now:
Settings/Server: Duplicate Nodes Shown in a Multi-Node Deployment (On-Premise)
Due to a bug, you might see duplicate nodes (nodes with the same IP address) under Settings > Server Management > Nodes in a multi-node deployment:
This could happen server IPs were modified due to redeployment or reconfiguration of a node or some other factors. The fix will now allow the platform to identify such changes and adjust for them.
Settings/Active Directory: Fetching Settings Would Fail (Cloud)
Due to a misconfiguration, you might encounter failures when using the FETCH ATTRIBUTES option on the Settings > Active Directory screen. The import would run into an endless loop (you will see the loading icon spinning) and you might also see an error message, "Error: LDAP error: Can't contact LDAP server. An unexpected TLS packet was received.":
The bug is fixed now.
Settings/Security: Email Digest Icons Would Have Black Boxes When the Hostname Changed
Due to a bug in one of the recent Dashboard updates, the Daily Digest email would show black boxes under some icons if you changed the Hostname under the Settings > Security screen:
The bug is fixed now.
Settings/Storage: Incorrect Message Shown for NFS Volumes in a Multi-Node Deployment (On-Premise)
An incorrect message would be displayed if you added extra nodes (e.g., App servers, BI servers, etc.) and didn't add an NFS recording volume. The message would read, "Recording volume is full, recording stopped. You need to add the NFS server." even though you had enough free space:
The message is fixed so that it will now correctly identify the issue, "Recording is stopped. You need to add NFS server.".
Settings/SMTP: Scheduled Report Exports Not Being Delivered (On-Premise)
Due to a bug, you might have faced an issue where emails of exported reports (i.e., scheduled export) wouldn't get delivered even though the SMTP testing showed no error:
This could happen due to a bug in the SMTP certificate validation method especially if a self-signed certificate is used. The bug is fixed now.
Settings/OCR: OCR Notification Wouldn't Work
Due to a bug, the system wouldn't send OCR notification emails even when the SESSION MINING DELAY exceeded the MINING DELAY THRESHOLD. The bug is fixed now:
Settings/Update: Failed Server Update
Due to a bug, when updating the server, the page would try to refresh at the 100% progress mark. An error could be seen on the browser's console log, "Failed to load resource: the server responded with a status of 401 (Unauthorized) ":
The bug is fixed now.
Deployment: Server Setup Would Fail to Create Buckets on Azure Government Cloud
Due to a bug, Teramind servers deployed on an Azure Government cloud account wouldn't be able to access an external Azure Blob storage container. It would report an error that buckets are inaccessible.
The bug is fixed now.
Agent: "Software is Preventing Firefox From Safely Connecting to This Site" Warning on Firefox
Sometimes, you might see a warning message, "Software is Preventing Firefox From Safely Connecting to This Site" when using Firefox:
This could happen if you recently used the "Refresh Firefox" troubleshooting feature on Firefox:
This would cause the removal of proxy certificates, including Teramind's Quick Web Proxy certificate making Firefox believe the site it was about to visit was unsecured.
The bug is fixed now so that when you use the Refresh feature, the certificate will be automatically reinjected and the warning will no longer be shown.
Agent: Quick Web Proxy Certificate Not Injected for Certain Sites
By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. However, the certificate injection might not work for some websites using the newest HTTPS/3 (QUIC) protocol (for example, https://edition.cnn.com/):
The bug is fixed now so that the Quick Web Proxy certificate will be injected for HTTPS/3-based websites.
Agent: The Agent Would Crash During a Microsoft Teams Video Call
In some rare situations, the Agent would crash during a video call in MS Teams, usually within a few minutes of starting the video conference. The bug is fixed now.
Agent: The Agent Would Stop Monitoring After Restoring the RDP Session Window
When using a remote desktop session (for example, Remote Desktop Connection on Windows), the monitoring should be suspended on the host machine when the RDP window is minimized on the client machine. The Agent should resumes monitoring when the RDP window is restored or maximized. This is expected behavior.
However, due to a bug, the monitoring wouldn't resume as expected. As a result, user activities and screen recordings wouldn't get captured on the remote host.
This would happen if the RECORD LOCKED SESSIONS option on the Monitoring Settings > Monitoring Profile > Screen is disabled:
The bug is fixed now.
Agent: Unable to Connect to Zoom
Due to a bug, you might see an error message, "Unable to establish secure connection to Zoom" or "Unable to connect to server" when trying to use Zoom:
This issue could occur if you uninstalled the Agent at some point and then reinstalled it, upgraded the Agent, or switched from one Agent to another. This might leave duplicate copies of the Quick Web Proxy certificate in the Windows Certificate Storage causing Zoom unable to verify the correct certificate.
The bug is fixed now.
Note that while this error can be caused by the Teramind Agent, there might be other issues that might prevent Zoom from establishing connections to its server. Especially, this has been a known error affecting some macOS users. If after updating the Agent doesn't fix your problem, please consult Zoom Support.
Agent: Protected Agent Could Be Removed Using Windows Installer (MSIEXEC)
Due to a bug, a Protected Agent could be removed by using the msiexec /x
command without using the protection password. This would affect versions 11.0 to 14.0.
The bug is fixed now so that a Protected Agent can only be removed with one of the approved methods mentioned here.
Agent: The Agent Would Show "Network error" / Record "Address already in use..." Error in the Agent Log
Due to a bug, some users were unable to log into the Agent. On the Revealed/Visible Agent, they would see the "Network error" when trying to log in. On the other hand, Hidden/Silent Agent users would be shown as offline on the dashboard. Both Agents would display an error like the one below on the Agent Log:
[ServerConnector@0x563377810220] <error> operator() auth error: bind: Address already in use, auth step:25, ip:xxx.xxx.xxx.xxx
This was caused by a bug in the module that handles UDP port assignments. The bug is fixed now.
Agent/Screen Snapshots/Productivity Reports: Incorrect Activity Level
Due to a bug in how the mouse and keyboard activities were tracked, the activity level on various reports would show incorrect calculations in some rare situations.
For example, suppose a user signed in for 10 minutes without doing anything, then “Started“ a task, and moved the mouse for 1-2 minutes. In this case, the Monitoring > Screen Snapshots report would show 100% activity:
The bug is fixed now.
Agent/Monitoring Settings: Network Connection Would Be Interrupted on Agent Restart or When Monitoring Settings Are Changed
Due to a bug, when you restarted the Agent, disabled the monitoring (e.g., from the Computers screen), or turned off the NETWORK DRIVER (Monitoring Settings > Monitoring Profile > Advanced), it might interrupt the network connection:
In most cases, the network would auto-recover in a few seconds, but you might lose connection to services that rely on continuous or real-time streams such as the remote desktop connection (RDP):
The bug is fixed now so that the network connection will not be interrupted when the Agent is restarted or the network driver is disabled.
Agent/Monitoring: Google Chat Would Show "Trying to connect to chat..." Error
Due to some recent changes in Google Chat, you might have seen an error message, "Trying to connect to chat. The latest conversations could not be loaded" when participating in a conversation. The message would pop up on the screen for a few seconds and then disappear automatically:
While this didn't seem to affect the chat conversations, we have proactively addressed the issue so that any potential loss of monitoring can be avoided.
API: Incorrect Error Code When Trying to Create a Behavior Policy with an Invalid Group ID
If you tried to create a behavior policy using the API command, POST
to https://##{{addr}}/tm-api/behavior-policy/
with an incorrect behavior_group_id
(e.g., the ID was deleted) the server would return a 500 error code (Internal Server Error):
The bug is fixed now so that in such situations you will receive a 400 error code (Not Found Error).
[Mac] BI/Monitoring Reports: HTTPS URLs on Google Chrome Captured as HTTP on the Applications & Websites Reports
Due to a bug, secure websites (HTTPS URLs) on Google Chrome would be displayed as HTTP URLs on the BI Reports > Applications & Websites and Monitoring > Web Pages & Applications reports:
The bug seems to affect macOS Ventura 13.3.1 but other versions might be affected too.
The bug is fixed now so that HTTPS websites are captured properly on Google Chrome.
[Mac] Monitoring: Arrow Keys Captured Incorrectly by the Keystrokes Reports
Due to a bug, arrow keys would be displayed as <Fn+Right>
, <Fn+Left>
, etc. on the BI Reports > Keystrokes and Monitoring > Keystrokes reports despite the Fn
key not being pressed:
The bug seems to affect Agent version 1.236 but other versions might be affected too.
The bug is fixed now so that the Fn
key will not be displayed when the arrow keys are pressed.
[Mac] Agent/Monitoring: Firefox Would Warn About Invalid Certificate
The Agent installs a proxy certified under the name, Internet Widgits Pty Ltd when network monitoring is enabled. It allows the Agent to capture secure (HTTPS) connections. But due to a bug in how the proxy certificate is injected, Firefox would show a warning, "Secure Connection Failed" when visiting any websites/IPs:
The bug is fixed now.
[Mac] Agent: The Revealed Agent Would Capture User Activities Even When No Task Was Active
Sometimes The Revealed Agent would continue to record user activities even when no task was running by the user. It would happen right after the Agent starts up (before the user pressed the Start button) or after the Agent reconnects to the server due to a network interruption.
The bug is fixed now.
[Mac] Agent: Slow Network Performance After Updating the Agent
Due to a bug, the network performance would degrade after updating the Agent to version 1.241. The root cause of the issue was the Network Extension (NetApp). It wasn't updated properly due to version controls.
The bug is fixed now.
[Mac] Agent: Certificate Not Removed When Uninstalling the Agent
The Agent installs a proxy certified under the name, Internet Widgits Pty Ltd when network monitoring is enabled. The certificate should be removed when the Agent is uninstalled. However, due to a bug, the certificate would remain on the computer and can be seen on the Mac Keychain/Keychain Access:
The bug is fixed now so that the proxy certificated will be removed when the Agent is uninstalled.
[Mac] Agent: The Hidden Agent Wouldn't Resume Monitoring After Unlock or Wakeup
By default, the Agent pauses monitoring when the computer is locked or goes to sleep and automatically resumes when it's unlocked or wakes up from sleep.
However, due to a bug, monitoring wouldn't resume after the unlock or wakeup. As a result, activities wouldn't be recorded and you might see a blank screen if you tried to view the user's screen on the Session Player or the Live Montage widget on the Dashboard:
The bug is fixed now.
[Mac] Agent: The Agent Would Crash When Switching Between Users (Hidden Agent)
Due to a bug, the Hidden/Stealth Agent would crash if two or more users were using the Agent and one of them went offline. This could happen in the following scenario:
User 1 logs in,
The computer is then switched to User 2,
The Agent gets disconnected on User 2 due to network interruption or similar reasons,
The Agent reconnects and the User 2 session continues to work normally,
The computer is switched back to User 1,
The Agent crashes under User 1.
The bug would be caused due to a synchronization issue with the offline recording feature. It's now fixed so that user switching and offline mode wouldn't cause the Agent to crash anymore.
[Mac] Agent: Hidden Agent Would Crash When Pressing the Option+§ Keys
Due to a bug in the keyboard processor module, the Agent would crash if you pressed the Option+§ keys combination. The § (Silcrow or Section Sign) key is usually found on some special keyboard layouts such as the ones found in Sweden, Switzerland, some UK keyboards, etc.:
The bug seems to affect Agent versions 1.240, 1.241 and 1.242 on macOS Monterey (version 12).
The bug is fixed now.
[Mac] Agent: Multiple Bugs in Agent Version 1.240
Several bugs were identified in Mac Agent 1.240 and fixed in this version. The bugs were:
1. Multiple/Duplicate Alerts Triggered for Webpages Rules
Multiple alerts for a single web activity would be triggered when using a Webpages-based rule similar to the example below:
2. Webpages Rules Wouldn't Get Triggered on Big Sur
Webpages-based rules wouldn't get triggered on Big Sur 1.0.1.
3. Revealed Agent Would Reconnect When Starting a Task
When a task was started, the Agent would disconnect and try to reconnect:
This would happen due to a bug in the network monitoring extension (NetApp) and would usually occur only once after each reboot.
[Mac] Agent: Network Connection Wouldn't Work Over IPv6
Due to a bug in the network extension (NetApp) module, network connections would get blocked if IPv6 is used. You might see a browser error, ERR_EMPTY_RESPONSE (page not working) when trying to visit a website:
The bug would occur if networking monitoring was enabled on Agent version 1.242 on macOS10.15 or higher versions.
The bug was fixed on later versions of the Agent.
[Mac] Agent: Shared Lists Would Cause the Agent to Crash When Switching Users
If any Shared List was used, for example, in Monitoring Settings or Behavior Rules, the Agent would crash when switching between user accounts:
The bug seems to affect Agent version 1.242 but other versions might be affected too. It's fixed now.
[Mac] Agent: High CPU Usage for Certain Tasks When Network Extension Is Enabled
The Agent uses the network extension (NetApp) to monitor network activities. However, due to a bug, when running activities with high network usage such as uploading/downloading large files, the CPU usage for the NetApp (com.teramind.networkextension
) would jump. On the Activity Monitor, it would show 70%-120% CPU usage for an Intel-based Mac:
On M1-based Macs, the usage might not be as high but still significant (about 40%).
The bug seems to affect Agent versions 1.236 and 1.237 but other versions might be affected too.
The bug is fixed now so the CPU usage should be stable and within the acceptable range (about 20%).