Suspend Monitoring IPs/Domains Not In List Option Not Working Properly
The SUSPEND MONITORING WHEN BROWSING TO IPS/DOMAINS NOT IN LIST field (on the Monitoring Settings > Websites window) allows you to enter either IPs or domains you want to monitor (and suspend monitor of all other domains/IPs). Any sites the user visits that are not included in the domain/IP list should be blacked out on the Session Player and video recording.
However, due to a bug, if you specified only domains (e.g., wikipedia.org) in the field, it would black out all websites. If you included an IP address in the field the option would work as expected:
The bug is fixed so that both domains and IP addresses should work now.
Agent Would Show "Network error" / Record "Address already in use..." Error in the Agent Log
Due to a bug, some users were unable to login to the Agent. On the Revealed/Visible Agent, they would see the "Network error" when trying to log in. On the other hand, Hidden/Silent Agent users would be shown as offline on the dashboard. Both Agent would display an error like the one below on the Agent Log:
[ServerConnector@0x563377810220] <error> operator() auth error: bind: Address already in use, auth step:25, ip:xxx.xxx.xxx.xxx
This was caused by a bug in the module that handles UDP port assignments. The bug is fixed now.
Ability to Detect Password Fields Without Using the Proxy Certificate
Before, the Agent relied on a successful proxy certificate injection to be able to detect password fields on websites. As a result, the MONITOR KEYSTROKES FOR PASSWORD FIELDS option (on the Monitoring Settings > Websites window) would only work if the SSL and TRACK NETWORK CONNECTIONS options were enabled (on the Monitoring Settings > Network window). In essence, the options were tied together:
Now, it's able to detect such password fields without relying on the proxy certificate/Network settings.
This feature might be useful when you already have a solution that injects a certificate or does network traffic monitoring and you don’t want to mix it with our network filtering.
The feature should work for most websites except for the ones that use Java-based widgets.
Password field detection will only work if it's masked (e.g., the text field doesn't show the typed password, instead it shows special symbols like * or •) or if the name property of the field contains 'pass'. Otherwise, the Agent will capture all the keystrokes entered in the password field even if the MONITOR KEYSTROKES FOR PASSWORD FIELDS option is disabled.