Previously end-to-end encryption (E2EE) was only available as a custom feature. Now, we are making it a standard option for the On-Premise deployments.

The primary objective of E2EE is to enhance the data flow security, by combining envelope encryption with end-to-end encryption for all communications between the Agent and Server(s). If you want the most privacy for your data, you can consider E2EE.

When the E2EE is enabled, the Session Player, Monitoring > Screen Snapshots, BI Reports > Keystrokes, Monitoring > Keystrokes reports, etc. will mask the data. On the reports, you will see a Decrypt button which will allow you to view the data.

Here's an example of how the Session Player will work when E2EE is enabled on a computer:

Clicking the Decrypt button will ask you for the encryption passphrase:

If the passphrase is correct, you will see the unencrypted video:

We are introducing Geolocation monitoring in this release.

With this feature, you will be able to track where employees are working from. This might be useful if you have a remote, dispersed team or have field workers and contractors who work on different job sites.

The GEOLOCATION option can be enabled from the Monitoring Settings:

You can view the users' geolocation activities from the BI Reports > Geolocation report:

In addition to the common BI data points (e.g., date/time, employee, etc.), these special data points are available on the report: Country, City, 1st Level Division, 2nd Level Division, Offline, Time, Latitude, Longitude and Error Radius.

You will be able to use all the features available to a BI report such as customization, advanced filters, search, export, etc.

We have added a new All Events report under BI Reports. The report will show all the events (e.g., Web/App Activity, Alerts, File Transfers, Emails, Sessions, Print, Keystrokes, etc.) for all users/computers. You will be able to use all the analytics tools features available to all the BI reports:

This report will help you get a holistic view of the activities happening in the organization or do a thorough audit of user activities in a single report.

Previously, if you had an Active Directory integration set up, you could use LDAP Groups and LDAP Attributes on the BI Reports as Filters:

Now, we are adding a new feature so that you can use LDAP Attributes as data points on the BI reports. You will be able to use LDAP attributes as columns on a Grid widget or as dimensions on a Chart widget:

We have added support for monitoring file uploads and downloads through the https://wetransfer.com site. You should now be able to monitor the activity on the Monitoring > File Transfers or BI Reports > Web File Events reports:

You will also be able to create Files-based behavior rules like the one below and view the alerts on the BI Reports > Behavior Alerts report:

Teramind's Content Sharing rules allow you to detect credit card numbers using the built-in Predefined Classified Data. However, the way the algorithm works, it might incorrectly detect specially formatted strings as credit card numbers. For example, it might detect this URL sting, 4.574%201.252.695%202 as a credit card number (e.g., 4574201252695202).

To avoid such false positives, we have added an option, CREDIT CARD DETECTION MODE on the Content tab of the Content Sharing rules. This option will let you select a sensitivity level of the algorithm when detecting credit cards. The option will be displayed whenever you select Predefined Classified Data > Financial Data and then any credit card detection option under the SELECT SENSITIVE DATA TO DETECT field:​

The option supports three detection modes:

We are proactively adding support for the new Outlook desktop client that's currently being rolled out by Microsoft as a preview version through their Insider channels:

At the moment, the following new Outlook versions are supported:

You should be able to track incoming/outgoing emails, capture attachments, and apply behavior rules to these new versions of Outlook in addition to the existing versions.

We have added two new options to the IM monitoring settings:

The options work similarly to the options available under the Emails monitoring settings. Here's how each option works:

Previously, if you chose the CONFIRMATION METHOD FOR DASHBOARD CHANGES option (Under Settings > Security) to LDAP Password and you were using a self-signed certificate, you might have seen an error, "Invalid confirmation password" when confirming any sensitive Dashboard changes:

To mitigate such issues, we have added a new option LDAP CERTIFICATE VERIFICATION TYPE to the Settings > Active Directory. This will allow you to choose how you want to validate the LDAP certificate and if wanted to upload your self-signed certificate:

Here are a few notes:

Previously, if you tried to upload an SSL certificate protected with a private key (Settings > Security > SSL), you would get an invalid certificate error.

From this version, we have added support for third-party signed, encrypted certificates. Now, if you try to upload a protected certificate, you will be asked to enter the PASSPHARASE. If the passphrase is incorrect or not provided, you will see an error message, "Certificates upload failed: Private certificate is encrypted, please provide passphrase and try again.":

If the passphrase is correct, the server will decode the certificate (once you press the VALIDATE KEYS button), convert it to a regular RSA private key and you will be able to see the keys and values:

By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. This certificate is signed by our root certificate Quick Web Proxy, which acts as the Certificate Authority (CA) for the domain’s certificate.

It's now possible for you to use your own root CA certificate instead of Teramind's default Quick Web Proxy certificate:

For more information, please check out this article: How to use your own proxy certificate (On-Premise).

In some situations, you might have a locally incorporated CA, and sign your certificates by it. In order for this to work, you might need to install Root CA and Sub CA certificates on each of your web servers.

A third-party CA certification might not work in such a situation. You might need to do so on Teramind's master node.

To make it easier for you, we have added support to add your own SSL certificate (trusted CA root certificate) bundle to your master node through the Nginx configuration. You should be able to add the certificate to your teramind.config file by using this line of command:

Where, <certificate path> is the path to your certificate file. For example, /usr/local/test.crt:

Before this release, the Mac Agent only supported network monitoring for IPv4 addresses. As a result, you might have noticed missing activities on the Network Monitoring or Applications & Webpages reports. For the same reason, some of the Webpages or Networking-based behavior rules wouldn't work either.

From this version, we are adding support for filtering network activities over IPv6.

You should see the Teramind proxy certificate (Internet Widgits Pty Ltd) successfully injected into websites using IPv6 (previously, the certificate wouldn't be injected):

The IPv6 connections can be identified on the Network Monitoring reports:

All the websites and network-based behavior rules should work as usual.

The Agent can now decrypt HTTPS/TLS traffic. This will give you the ability to create Webpages-based behavior rules - warn users and block network connections. This capability is applicable to all apps and browsers that use HTTPS/TLS.

As part of the feature, a proxy certificate will be injected into the websites to monitor HTTPS/TLS traffic. This certificate is currently signed by our root certificate Internet Widgits Pty Ltd, which acts as the CA for the domain’s certificate:

Note: the CA details might change in a future release.

We are providing customers with the option to change the process name of the Hidden/Silent Agent.

By default, the Agent shows up as "System Monitoring" on the Mac's Activity Monitor, Accessibility Permission, Screen Recording Permission, etc.:

The ability to change the process name will allow you to obfuscate the Agent so that it will not be obvious to a regular user that the Agent is running.

Windows Agent has been able to do that since version 6.1. Now, we are bringing this feature to the Mac Agent. However, there's a slight difference.

On Windows, you can use an installation parameter (TMAGENTEXE) to change the process name yourself. However, macOS doesn't allow you to change a process name this way. Teramind will have to build you a custom Agent Installer to do that.

If you need to change the Agent's process name, please reach out to [email protected] or contact us over the Chat option from your Teramind Dashboard or our website. We will provide you with an Agent Installer with a custom process name of your choice.

Previously you might have noticed slow performance, freezing up of the browser, incomplete list of notifications, etc. when trying to load the Notifications report with many notifications. We fixed those issues.

We have also added the pagination feature at the bottom of the report to make it easier to navigate the report:

Previously you might have noticed slow performance when viewing the BI Reports > Behavior Alerts report. This could happen especially if there were many email-based rules/alerts.

We made improvements so that the report should load faster now.

Sometimes, users might change the name of a browser's application executable. There might be legitimate reasons for doing so. For example, you might be using a customized/enterprise version of a browser with a different app name. But a malicious user might also change the process name to bypass URL logging by tools like Teramind.

If you changed a browser like this, it would also change the Windows Process Name for it. For example, in the screenshot below, chrome.exe is changed to Teramind Chrome.exe:

Previously. the Agent relied on a browser's name to detect it. So, changes to its process name would cause the Agent to not recognize the browser and it would stop injecting the proxy certificate (Quick Web Proxy). As a result, it would mark the browser as a generic process/app and wouldn't capture detailed web activities such as the Full URL:

Behavior rules created to detect the browser name, URL, etc. might also fail for the same reason.

We are introducing a better method to detect browsers so that changes like the above wouldn't affect the Agent's ability to identify a browser properly. It will now use several data points such as Browser Name, Digital Certificate Signature, Original Filename, Product Name, File Description, etc. to verify the browser.

Previously, if activities had any small time gaps (i.e., a few seconds), the report would automatically eliminate them to display a compact report. However, this would result n a slightly-lower data resolution and could possibly miss some events (e.g., a user switching between two apps very fast). We have made some improvements so that these gaps will no longer be eliminated.

Previously, when you created an Agent Schedule > Idle rule, after the initial alert, the rule would generate and record alerts based on the USER ALERTS THRESHOLD (SECONDS) and the LOG ALERTS THRESHOLD (SECONDS) settings on the Settings > Alerts screen:

However, if used incorrectly, these settings might have caused some issues. For example, if you set the above settings to 1 second, and created a rule like this:

- and then the user remained idle for 15 minutes, they would get (15-10)*60=300 warnings! Though accurate, this wasn't a desirable outcome.

We made changes to the Idle rule's alert behavior so that it will generate a single alert - when the rule is violated. This means, the rule will trigger when the user becomes idle for the duration specified in the rule's threshold (DEFINE THE TIME RANGE field). In the above case, the user will get a warning at the 10-minute mark. If the user continues to stay idle, they will not receive any more warnings.

However, if the user becomes active and then goes to idling again, the rule will reset and issue a warning after another 10 minutes.

Previously, you might see an error message, "Invalid arguments: csf_token_error" when trying to upload a CSV file greater than 1GB from the Employees > Import employees screen:

We have now limited the file size to 64MB. This should be enough to support over 100,000 employees while keeping the system robust. Also, if you now try to upload a file greater than 64MB, you will see an error message, "Invalid file".

Previously, if you uploaded a file from the Configure > Shared Lists screen, the system would add any valid lines and silently discard any invalid ones. If the file didn't contain any valid lines, nothing would be added. This might create confusion as the Dashboard wouldn't show any messages or errors.

Now, the Dashboard will show an error if it encounters any invalid lines in the uploaded file and which items caused the error:

It will also completely discard the upload and will not add any entries to the Shared List even if the file contained some valid lines.

Before, the Agent relied on a successful proxy certificate injection to be able to detect password fields on websites. As a result, the MONITOR KEYSTROKES FOR PASSWORD FIELDS option (on the Monitoring Settings > Websites window) would only work if the SSL and TRACK NETWORK CONNECTIONS options were enabled (on the Monitoring Settings > Network window). In essence, the options were tied together:

Now, it's able to detect such password fields without relying on the proxy certificate/Network settings.

This feature might be useful when you already have a solution that injects a certificate or does network traffic monitoring and you don’t want to mix it with our network filtering.

Notes/Limitations:

'defaultuser' or 'Other user' profiles are usually created when you use Windows for the first time but they can also be created during a Windows update or for some other reasons.

On the Teramind Dashboard, if you had the CREATE NEW USERS ON FIRST CONNECTION option enabled under the Settings > Agent defaults screen, these default users would be added to Teramind as new employees automatically. They would look something like: defaultuser0, defaultuser2, defaultuser100001, etc.:

If you had the ENABLE MONITORING FOR NEW AGENTS BY DEFAULT option enabled, monitoring for these new users would also be enabled tying up your Teramind licenses and sometimes causing over-license issues:

We have added support for ignoring Windows' default user profiles by default* so that they will no longer be added to Teramind even if the CREATE NEW USERS ON FIRST CONNECTION option is enabled.

We are adding an option, MAXIMUM EMAIL BODY LENGTH under the Access to exported data section on the Settings > Security screen:

This will limit how many characters will be exported to a PDF/CSV report from the email body when using the Export option from reports like BI Report > Emails. The default value is 2000 characters.

The option will help keep your reports compact while also preventing broken reports, browser hang-ups, etc. due to large email bodies.

We have made some changes so that you will now see messages and confirmation dialogue when performing certain actions on the Time Tracking > Time Records, Time Tracking > Time Cards and Monitoring > Screen Snapshots reports. For example, when adding time, deleting snapshots, or making other changes:

Before this improvement, some system events such as screen lock/unlock, screensaver activation, fast switching, etc. would show up on the activities reports such as Monitoring > Web Pages & Applications and BI Reports > Applications & Websites. The duration of these processes would usually be for a few seconds:

We made improvements so that these events will no longer be displayed on the reports making the dashboard cleaner and streamlined.

Due to a bug, you might have received an Error 500 (Internal Server Error) when starting a task from Time Tracking > Tracker:

The API call GET /tm-api/v1/time-tracker/status would also return the Status Code 500.

The bug is fixed now.

Due to a bug, if you deleted a time entry from the Time Tracking > Time Cards or the Monitoring > Screen Snapshots screen, it wouldn't remove the time entry:

The bug is fixed now.

Due to a bug, the report settings on the Time Tracking > Time Cards report wouldn't get applied. For example, if you hid some columns, they would still be shown on the report:

The bug is fixed now.

Due to a bug, The Duration field wouldn't automatically update when you changed time in the Start and End fields on the Time Tracking > Time Cards report (New time record and Edit time record windows):

The bug is fixed now.

Usually, an employee with the right access control policy (e.g., a Privileged User/Department Manager) should only see tasks for employees allowed under their supervision (Targets). However, due to a bug, the Tasks filter on the various Time Tracking reports (e.g., Task Cost, Time Cards, etc.) would show all tasks:

The bug is fixed now.

Usually, a Privileged User with the right access control policy (e.g., View time records) should be able to see the Time Tracking > Time Records report for the Target Users under their supervision. However, due to a bug, the Privileged User is unable to view the Time Records for the Target Users if they tracked time through the web clock-in (Time Tracking > Tracker) option. The bug is fixed now.

Due to a bug, auto-exported PDF reports (DAILY EXPORT) from the Time Tracking > Time Cards screen wouldn't render the PDF properly. The columns on the report wouldn't adjust to fit the page size:

The bug is fixed now so that the columns will be adjusted/resized to display properly on the report.

Due to a bug, you might see too many duplicate entries on the Time Tracking > Time Records report, often showing tasks with very short durations (<1m):

This could happen especially if you had an active rule that used the SET USER'S ACTIVE TASK action and the Settings > Alerts > RULE TASK SELECTION ACTION TIMEOUT (SECONDS) was set to 0:

The bug is fixed now so that no such duplicate entries will be shown.

Also, we are setting the default value for RULE TASK SELECTION ACTION TIMEOUT (SECONDS) to 300 seconds to avoid too many record entries and behavior alerts.

Due to a bug in the recent Dashboard changes, the Context Menu (right-click menu) on BI Reports wouldn't be displayed. Instead, the browser's context menu is shown:

The bug is fixed now.

Due to a bug in the recent Dashboard changes, if you grouped items (e.g., Group by Tasks) on a Grid widget, the timestamps would show strange time formats or different times:

The bug is fixed now.

Usually, if you use the Full page charts option under the Export menu on any BI Reports, the resulting file name should include the Grid widget's name and the PDF should also have a subtitle with the widget's name. However, due to a bug, this would be missing:

The bug is fixed now.

Due to a bug, sorting on the Timestamp column of Grid widgets wouldn't get applied to schedule export reports (BI Reports > Select Any BI report > Export > Schedule export):

The bug is fixed now.

Due to the recent changes to LinkedIn's messaging framework, posts, comments, and/or attachments on LinkedIn might not be captured as expected. As a result, activities like Post, Edit Post, Comment, Edit Comment, etc. might not be displayed or would have missing information (such as no attachments information) on the BI Reports > Social Media / Monitoring > Social Media reports.

The bug is fixed now.

Due to a bug, in some rare situations (e.g., if you have attached remote storage such as AWS S3), you might see an error, "File not found" when trying to download any attachments from the BI Reports > Emails or the Monitoring > Emails report:

The bug is fixed now.

Due to a bug in the recent Dashboard changes, the Participants column on the Monitoring > Online Meetings report would sometimes show strange characters, empty values, or incorrect names:

The bug is fixed now.

Due to a bug, you might see an extra column, Category in the exported file from the Monitoring > Web Pages & Applications report:

The bug is fixed now.

Note: if you want to view/export applications and websites by category, please use the BI Reports > Applications & Websites instead.

Due to a bug, a Content Sharing rule based on the Upload condition to Google Drive wouldn't trigger for files greater than 1 MB. Here's an example of such a rule:

The bug is fixed now so files up to 100 MB should be detected.

Due to a bug, if you applied the LDAP Attributes filter on the Behavior > Alerts report, the report would hang up while continuing to display the "Loading data..." message. The bug is fixed now:

Due to a bug, when using a Files-based rule like the one below, it wouldn't block the file operation, instead, it would create some empty folders:

This happened because of some changes introduced in Windows in recent updates. It would seem to affect the BLOCK rule action for any file operation that would create a file or folder on a network-shared drive/folder. For example, Create, Rename, Copy, etc.

The bug is fixed now so the Block action will work as expected without creating any empty folders.

Due to a bug, an OCR rule that used a regular expressions-based Shared List (i.e., using the Match list condition) wouldn't work:

The bug is fixed now so that the rule should work and trigger the alert as expected:

Due to a bug, some OCR rules that used the Application Name criterion wouldn't get triggered because the rules were looking for an exact match (case sensitive). For example:

In the above example, the rule wouldn't work because it couldn't find the application/process named Teams.exe. The rule would have worked if the user used teams.exe. (the correct process for Microsoft Teams).

The bug is fixed now so that the Application Name criterion will be case insensitive from now on. You can now use names like, "Teams.exe", "teams.exe", "TEAMS.EXE", etc.

Regular expressions are usually evaluated as case insensitive. However, due to a bug, regular expressions in an OCR rule would become case-sensitive. As a result, it would fail to detect certain text. For example, the rule below would fail to detect the word, "Asbestos":

The bug is fixed now.

If you tried to activate (turn on) an imported behavior policy or rule, it might fail to activate and return a 500 error code with the message, "Error occurred". This could happen if the behavior policy or rule didn't have any target Users assigned to it. The bug ix fixed now. If a policy or rule doesn't have any users assigned, the system will assign Everyone to the policy/rule:

Due to a bug, a Content Sharing rule like the one below wouldn't work. The rule wouldn't trigger the RECORD VIDEO action, nor will any rule violation alerts be displayed on the BI Reports > Behavior Alerts or the Behavior > Alerts reports:

The bug is fixed now so that the Record Video action will record the screen and an alert will be generated on the alert reports.

The SET USER'S ACTIVE TASK action allows you to automatically switch a user's active task based on what app or website the user is using. However, due to a bug, a rule like the one would sometimes fail to switch the task for some website activities:

This can happen especially if the user stayed on a website without interacting with the site.

The bug is fixed now so the task would switch as expected.

If you have an Active Directory integration set up, you can apply LDAP attributes to filter the Productivity >Time Worked and Behavior > Alerts reports. However, due to a bug, the filter wouldn't be applied:

The bug is fixed now.

Some users had reported that the Time Counter displayed on the Session Player was no longer editable. This was due to a bug introduced in some recent changes to the Dashboard:

The bug is fixed now so that you will be able to enter time into the Time Counter to jump to a specific time/position on the Session Player timeline.

Some users had reported that when you changed the Date (near the bottom-right corner) on the Session Player, the date would jump to the previous day. For example, if you set it to 2023-08-17, it would jump to 2023-08-16:

The bug is fixed now.

Some users might have experienced an error when exporting a video from the Session Player. The message would say something like, "Limit for report emails per day exceeded, current count is 1000, was trying to increase by 1, maximum count is 1000" and the export would fail:

The bug is fixed now.

Due to a bug in one of the recent dashboard updates, the Departments filter wouldn't work on the Employees screen. The bug is fixed now:

Due to a bug in one of the recent dashboard updates, the ACTIVE POLICIES button would disappear on some users' Employees > Employee's Page screen. The bug is fixed now:

Due to a bug in one of the recent dashboard updates, an Operational Administrator couldn't change the Position of an employee from the Employees > Employee's Page > Edit Profile screen even though that account access level is allowed to make such changes:

The admin would be able to make the change but the APPLY CHANGES button wouldn't save the settings.

The bug is fixed now.

Due to a bug, exported PDF/CSV reports from the Employees screen would show "Invalid Date" if the employee didn't have any date in the First Login Time and Last Login From columns:

The bug is fixed now.

Due to a bug, if an employee had any access permissions (Configure > Access Control), you would get an error, "Unknown error" when trying to restore the employee or turn on their monitoring option:

The bug is fixed now.

Due to a bug in one of the recent Dashboard updates, an administrator (Administrator, Operations Administrator, etc.) couldn't change their monitoring status (i.e., Employees > Employee's page). If they clicked the Monitor this user button, it would reset instantly.

Due to the same bug, the admin couldn't change some other settings on their profile (Employees > Employee's page > EDIT INFO). For example, User can clock in and out using Web interface.

The bug is fixed now.

Due to a bug, a regular employee (ACCESS LEVEL: Employee) could still change some of their personal information (first/last name, email address, and phone number) even when the Disable self edit option was enabled on their ACCOUNT INFO settings:

The bug is fixed now.

If you restored a deleted computer from its Computer's Details screen, the computer would be restored but it would also turn on the Monitor computer option:

The bug is fixed now so that the monitoring option will not change when you restore a computer.

Due to a bug in one of the recent dashboard updates, an Operational Administrator couldn't edit departments. The EDIT and DELETE buttons would be missing from the Configure > Departments > Department Page screen even though that account access level is allowed to make such changes:

The bug is fixed now.

Due to a bug, if you changed the TIMEZONE on the Settings > Localization screen, the Configure > Schedules screen would display incorrect dates (e.g., days on the Schedule screen would be 1 day behind the actual system date):

The bug is fixed now.

The SUSPEND MONITORING WHEN BROWSING TO IPS/DOMAINS NOT IN LIST field (on the Monitoring Settings > Websites window) allows you to enter either IPs or domains you want to monitor (and suspend monitor for other domains/IPs). Any sites the user visits that are not included in the domain/IP list should be blacked out on the Session Player and video recording.

However, due to a bug, if you specified only domains (e.g., wikipedia.org) in the field, it would black out all websites. If you included an IP address in the field the option would work as expected:

The bug is fixed so both domains and IP addresses should work now.

In some rare situations, the video export would fail. On the System > Video Export report, the Status column would show, "Failed":

The bug is fixed now.

Due to a bug in one of the recent dashboard updates, the Active Directory tab on the Settings screen would be displayed for all deployments. The bug is fixed now so that the tab will be displayed for all On-Premise deployments and for only for Cloud deployments where the feature is enabled:

Due to a bug in one of the recent dashboard updates, the Server Management tab on the Settings screen would disappear for some users. The bug is fixed now:

Due to a bug, you might see duplicate nodes (nodes with the same IP address) under Settings > Server Management > Nodes in a multi-node deployment:

This could happen server IPs were modified due to redeployment or reconfiguration of a node or some other factors. The fix will now allow the platform to identify such changes and adjust for them.

Due to a misconfiguration, you might encounter failures when using the FETCH ATTRIBUTES option on the Settings > Active Directory screen. The import would run into an endless loop (you will see the loading icon spinning) and you might also see an error message, "Error: LDAP error: Can't contact LDAP server. An unexpected TLS packet was received.":

The bug is fixed now.

Due to a bug in one of the recent Dashboard updates, the Daily Digest email would show black boxes under some icons if you changed the Hostname under the Settings > Security screen:

The bug is fixed now.

An incorrect message would be displayed if you added extra nodes (e.g., App servers, BI servers, etc.) and didn't add an NFS recording volume. The message would read, "Recording volume is full, recording stopped. You need to add the NFS server." even though you had enough free space:

The message is fixed so that it will now correctly identify the issue, "Recording is stopped. You need to add NFS server.".

Due to a bug, you might have faced an issue where emails of exported reports (i.e., scheduled export) wouldn't get delivered even though the SMTP testing showed no error:

This could happen due to a bug in the SMTP certificate validation method especially if a self-signed certificate is used. The bug is fixed now.

Due to a bug, the system wouldn't send OCR notification emails even when the SESSION MINING DELAY exceeded the MINING DELAY THRESHOLD. The bug is fixed now:

Due to a bug, when updating the server, the page would try to refresh at the 100% progress mark. An error could be seen on the browser's console log, "Failed to load resource: the server responded with a status of 401 (Unauthorized) ":

The bug is fixed now.

Due to a bug, Teramind servers deployed on an Azure Government cloud account wouldn't be able to access an external Azure Blob storage container. It would report an error that buckets are inaccessible.

The bug is fixed now.

Sometimes, you might see a warning message, "Software is Preventing Firefox From Safely Connecting to This Site" when using Firefox:

This could happen if you recently used the "Refresh Firefox" troubleshooting feature on Firefox:

This would cause the removal of proxy certificates, including Teramind's Quick Web Proxy certificate making Firefox believe the site it was about to visit was unsecured.

The bug is fixed now so that when you use the Refresh feature, the certificate will be automatically reinjected and the warning will no longer be shown.

By default, Teramind injects a web proxy certificate into websites to monitor encrypted/HTTPS traffic. However, the certificate injection might not work for some websites using the newest HTTPS/3 (QUIC) protocol (for example, https://edition.cnn.com/):

The bug is fixed now so that the Quick Web Proxy certificate will be injected for HTTPS/3-based websites.

In some rare situations, the Agent would crash during a video call in MS Teams, usually within a few minutes of starting the video conference. The bug is fixed now.

When using a remote desktop session (for example, Remote Desktop Connection on Windows), the monitoring should be suspended on the host machine when the RDP window is minimized on the client machine. The Agent should resumes monitoring when the RDP window is restored or maximized. This is expected behavior.

However, due to a bug, the monitoring wouldn't resume as expected. As a result, user activities and screen recordings wouldn't get captured on the remote host.

This would happen if the RECORD LOCKED SESSIONS option on the Monitoring Settings > Monitoring Profile > Screen is disabled:

The bug is fixed now.

Due to a bug, you might see an error message, "Unable to establish secure connection to Zoom" or "Unable to connect to server" when trying to use Zoom:

This issue could occur if you uninstalled the Agent at some point and then reinstalled it, upgraded the Agent, or switched from one Agent to another. This might leave duplicate copies of the Quick Web Proxy certificate in the Windows Certificate Storage causing Zoom unable to verify the correct certificate.

The bug is fixed now.

Due to a bug, a Protected Agent could be removed by using the msiexec /x command without using the protection password. This would affect versions 11.0 to 14.0.

The bug is fixed now so that a Protected Agent can only be removed with one of the approved methods mentioned here.

Due to a bug, some users were unable to log into the Agent. On the Revealed/Visible Agent, they would see the "Network error" when trying to log in. On the other hand, Hidden/Silent Agent users would be shown as offline on the dashboard. Both Agents would display an error like the one below on the Agent Log:

This was caused by a bug in the module that handles UDP port assignments. The bug is fixed now.

Due to a bug in how the mouse and keyboard activities were tracked, the activity level on various reports would show incorrect calculations in some rare situations.

For example, suppose a user signed in for 10 minutes without doing anything, then “Started“ a task, and moved the mouse for 1-2 minutes. In this case, the Monitoring > Screen Snapshots report would show 100% activity:

The bug is fixed now.

Due to a bug, when you restarted the Agent, disabled the monitoring (e.g., from the Computers screen), or turned off the NETWORK DRIVER (Monitoring Settings > Monitoring Profile > Advanced), it might interrupt the network connection:

In most cases, the network would auto-recover in a few seconds, but you might lose connection to services that rely on continuous or real-time streams such as the remote desktop connection (RDP):

The bug is fixed now so that the network connection will not be interrupted when the Agent is restarted or the network driver is disabled.

Due to some recent changes in Google Chat, you might have seen an error message, "Trying to connect to chat. The latest conversations could not be loaded" when participating in a conversation. The message would pop up on the screen for a few seconds and then disappear automatically:

While this didn't seem to affect the chat conversations, we have proactively addressed the issue so that any potential loss of monitoring can be avoided.

If you tried to create a behavior policy using the API command, POST to https://##{{addr}}/tm-api/behavior-policy/ with an incorrect behavior_group_id (e.g., the ID was deleted) the server would return a 500 error code (Internal Server Error):

The bug is fixed now so that in such situations you will receive a 400 error code (Not Found Error).

Due to a bug, secure websites (HTTPS URLs) on Google Chrome would be displayed as HTTP URLs on the BI Reports > Applications & Websites and Monitoring > Web Pages & Applications reports:

The bug seems to affect macOS Ventura 13.3.1 but other versions might be affected too.

The bug is fixed now so that HTTPS websites are captured properly on Google Chrome.

Due to a bug, arrow keys would be displayed as <Fn+Right>, <Fn+Left>, etc. on the BI Reports > Keystrokes and Monitoring > Keystrokes reports despite the Fn key not being pressed:

The bug seems to affect Agent version 1.236 but other versions might be affected too.

The bug is fixed now so that the Fn key will not be displayed when the arrow keys are pressed.

The Agent installs a proxy certified under the name, Internet Widgits Pty Ltd when network monitoring is enabled. It allows the Agent to capture secure (HTTPS) connections. But due to a bug in how the proxy certificate is injected, Firefox would show a warning, "Secure Connection Failed" when visiting any websites/IPs:

The bug is fixed now.

Sometimes The Revealed Agent would continue to record user activities even when no task was running by the user. It would happen right after the Agent starts up (before the user pressed the Start button) or after the Agent reconnects to the server due to a network interruption.

The bug is fixed now.

Due to a bug, the network performance would degrade after updating the Agent to version 1.241. The root cause of the issue was the Network Extension (NetApp). It wasn't updated properly due to version controls.

The bug is fixed now.

The Agent installs a proxy certified under the name, Internet Widgits Pty Ltd when network monitoring is enabled. The certificate should be removed when the Agent is uninstalled. However, due to a bug, the certificate would remain on the computer and can be seen on the Mac Keychain/Keychain Access:

The bug is fixed now so that the proxy certificated will be removed when the Agent is uninstalled.

By default, the Agent pauses monitoring when the computer is locked or goes to sleep and automatically resumes when it's unlocked or wakes up from sleep.

However, due to a bug, monitoring wouldn't resume after the unlock or wakeup. As a result, activities wouldn't be recorded and you might see a blank screen if you tried to view the user's screen on the Session Player or the Live Montage widget on the Dashboard:

The bug is fixed now.

Due to a bug, the Hidden/Stealth Agent would crash if two or more users were using the Agent and one of them went offline. This could happen in the following scenario:

The bug would be caused due to a synchronization issue with the offline recording feature. It's now fixed so that user switching and offline mode wouldn't cause the Agent to crash anymore.

Due to a bug in the keyboard processor module, the Agent would crash if you pressed the Option+§ keys combination. The § (Silcrow or Section Sign) key is usually found on some special keyboard layouts such as the ones found in Sweden, Switzerland, some UK keyboards, etc.:

The bug seems to affect Agent versions 1.240, 1.241 and 1.242 on macOS Monterey (version 12).

The bug is fixed now.

Several bugs were identified in Mac Agent 1.240 and fixed in this version. The bugs were:

Multiple alerts for a single web activity would be triggered when using a Webpages-based rule similar to the example below:

Webpages-based rules wouldn't get triggered on Big Sur 1.0.1.

When a task was started, the Agent would disconnect and try to reconnect:

This would happen due to a bug in the network monitoring extension (NetApp) and would usually occur only once after each reboot.

Due to a bug in the network extension (NetApp) module, network connections would get blocked if IPv6 is used. You might see a browser error, ERR_EMPTY_RESPONSE (page not working) when trying to visit a website:

The bug would occur if networking monitoring was enabled on Agent version 1.242 on macOS10.15 or higher versions.

The bug was fixed on later versions of the Agent.

If any Shared List was used, for example, in Monitoring Settings or Behavior Rules, the Agent would crash when switching between user accounts:

The bug seems to affect Agent version 1.242 but other versions might be affected too. It's fixed now.

The Agent uses the network extension (NetApp) to monitor network activities. However, due to a bug, when running activities with high network usage such as uploading/downloading large files, the CPU usage for the NetApp (com.teramind.networkextension) would jump. On the Activity Monitor, it would show 70%-120% CPU usage for an Intel-based Mac:

On M1-based Macs, the usage might not be as high but still significant (about 40%).

The bug seems to affect Agent versions 1.236 and 1.237 but other versions might be affected too.

The bug is fixed now so the CPU usage should be stable and within the acceptable range (about 20%).