Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Release notes for version 70 of Netskope. Affected Products: Netskope Affected Operating Systems: WindowsMaciOSAndroid
Not applicable.
This update of Netskope contains New Features and Enhancements, Hotfix Updates, Fixed Issues, and Known Issues. For more information, click the appropriate topic. Note: For release notes of other versions of Netskope, reference Netskope Release Notes. New Features and Enhancements CategoryFeatureDetailed Description and BenefitsApp ConnectorAmazon VPC App Connector EnhancementYou can now create VPC using the VPC wizard.App ConnectorAOL Mail EnhancementActivities: Send, Upload, Download, Create, Rename, Edit, Delete, Move Platform: Browser DLP Supported: Send, Upload, DownloadApp ConnectorMicrosoft Dynamics 365 Talent Onboard AppActivities: Upload, Download, Create, Delete, Post Platform: Browser DLP Supported: YesApp ConnectorGoogle Calendar New UI SupportActivities: Create, Edit, View All, Upload, Download, Share Platform: Browser DLP Supported: Upload, DownloadApp ConnectorMicrosoft Forms ConnectorActivities: Upload, Download, Create, Edit, Delete, Move, Post Platform: Browser DLP Supported: YesApp ConnectorRoadmunkl SupportActivities: Upload, Download, Log in, Log out Platform: Browser DLP Supported: Upload, DownloadApp ConnectorSalesforce and ServiceNow EnhancementActivities: Rename, UnshareApp ConnectorWorkday Human Capital ManagementActivities: Download, Post, Log in, Create, Delete, Publish, Edit, View Platform: Browser DLP Supported: Upload, DownloadDLPIBAN False PositiveValidation added to more than 100 IBAN-related identifiers.DLPMexico Numero de seguridad social (NSS) SupportAdded support for Mexico's NSS, a local social security number.IaaSBillable Resources CSV report download optionIn this release, the Billable Resources scan popup displays a 'download CSV' option to download the Billable Resources scan report. The detailed export may not exactly match the summary results in the UI, due to differences in rounding calculations.IaaSInventory Page Copy EnhancementWith this release, you have the ability to copy a value when clicking the value. There will be a popup notification confirming the copied value.IaaSSeverity for all Rules EnhancementCSA Rule/Alert Severity Levels have been reviewed and revised to better reflect the impact of a violation on overall risk, as well as to take into account compliance standards context.IaaSDefault view (table + filters) for Pagination Table EnhancementsThe following UI improvements have been made: Default widths of columns will be based on the width types specified while configuring the pagination table.If columns have been resized, if a new column is added or removed, the resized columns maintain their width ratios. They do not snap back to default width. InlineRedirect to URL upon log outIf the O365 app is configured for 'idle-timeout' as part of an inline policy, then this new feature allows admins to configure an IdP log out URL where the user session is redirected upon the idle timeout expiration. This action logs out the user not only from O365 but also from the IdP. Note: Currently this functionality is available only for Forward proxy. IntrospectionWorkplace by Facebook integrationFacebook announced that they will move to a new "workplace.com" domain for Workplace in early 2019. As part of this move, all Workplace tenants will use this new domain. While this change is transparent to users of API Introspection for Workplace, Netskope has made all required backend changes and has completed testing and validation in preparation for the shutdown of the old "facebook.com" domain for Workplace.IntrospectionServiceNow integrationNetskope has completed testing and validation for the latest software release of ServiceNow, called 'New York.'IntrospectionSalesforce integrationPreviously, Netskope was not able to inspect private files for Salesforce users, unless those files were shared to an admin. This limitation is gone. You can now create a new permission set that allows introspection of these files. Details for creating this new permission set is published as part of the online help and Knowledge Hub product documentation.IntrospectionRetroscansThe retroscan v3 architecture is now enabled by default for all customer tenants for apps that support retroscans, excluding Salesforce and ServiceNow.Netskope for WebIn user notification, displays custom and predefined category namesFor the browser based notification, custom category names as well the predefined categories area displayed to the end user.Netskope for WebCategory additionA new Games Category was created to allow users to create specific policies to allow or block games. Examples include Board Games / Puzzles, Card Games, Video & Computer Games, and Roleplaying Games.Netskope for WebNetskope Proxy EnhancementWith this release, the browser displays an error message when a request is denied because of an SSL validation check failure. The information is also logged in HTTP transaction logs. Note: Contact Support to enable this feature in your tenant. Reference, How to Get Support for Netskope. Netskope for WebDLP on form POSTSupport for DLP on Formpost was enhanced to include the content type- multipart/ form-data. This is in addition to existing support for content-type x-www-form-urlencoded. Select DLP in the policy to leverage this capability.Traffic SteeringSkopeIT Events for tunneled and then bypassed trafficIn order to get additional visibility, administrators can now select if you want to log traffic that is tunneled through Netskope, but bypassed (Ex: Android traffic). This setting can be found in the Steering Configuration.Traffic SteeringNew App for DNS over HTTPSAs an initial solution to not lose visibility due to the usage of DNS over HTTPS, a new App has been created for domains used by various browser providers. The list can be seen in the App details page. The app can be leveraged in a policy so as to block DNS over HTTPS traffic.Traffic SteeringNetskope Client: Ability to perform Speed TestIf allowed administratively from the Client Configuration, users that see the Advanced Debug menu can now also perform a speed test to the Netskope data center they are connected to. Users can select whether it is an upload or download test, and be able to specify a file size for the test, as well. This capability is also supported from the nsdiag command.Traffic SteeringNetskope Client: IdPbased Provisioning Prompt user for enrollmentAfter the Client has been installed in the IdP provisioning mode, the Client enrollment window will now be presented to the user automatically (without the user having to click "Enroll"). This window will always be on top, and cannot be dismissed.Traffic SteeringNetskope Client: Command line flag to prompt for email addressAdministrators can now install the Netskope Client for IdP-based provisioning mode without prompting the user for their email address twice. However, if you must prompt the user twice because the email address is different from the IdP username, then you can prompt the user for their email address using the following Command-Line flag: Set requestEmail=1 during the installation.Traffic SteeringNetskope Private AccessIn preparation for Netskope Private Access upcoming GA, a new entry for *.newedge.io was added to the default Exceptions in the Steering Configuration.Web UIAuth Proxy UI Change: Replace Centrify with IdaptiveAs of January 1, 2019, Centrify has spun out its IDaaS business and named it Idaptive. Centrify is replaced with Idaptive in the following places in the UI: Settings > Active Platform > Reverse Proxy > Office365 AuthClick Centrify > Edit Centrify Web UIPrinting ImprovementsPrinting from the UI using Chrome, Safari, Firefox, Opera, IE11, and Edge browsers has been enhanced.Web UISkopeIT events when we tunnel+bypass any trafficWe now create SkopeIT events for traffic that is being tunneled+bypassed.Web UINew _id fieldWith this release, we have added the _id field for the events and alerts Rest APIs. This field provides a unique ID for each event/alert.Web UIAudit Log enhancementsAudit logs are enhanced and now capture when report schedules are created, changed, or deleted. For example, audit logs now contain details on the admin who scheduled the report, all recipients of the report, and schedule of the report. Hotfix Updates This section provides descriptions for hotfix updates that released after the version 69 release. CategoryIssue NumberIssue DescriptionAnomaly Detection74271The Private IP lookup shows the source country as Iran.App Connector84885For the Create activity for G Suite, define the scenarios of account creation which are detected with this activity.App Connector74233A file containing malware was not detected when using BoxDrive.App Info DB Contents87015Custom Cert Pinned exception disappeared from the steering rule without manually deleting.Client87368Unable to access specific domains with Direct Access enabled.Client87270Inconsistent IP to Username mapping in IPsec events.Client86583Proceed action on User-Alert is not working as expected.Client86516There are issues with Direct Access from some locations.Client85752Client tunneling domains in the Exception list when using Explicit Proxy.DAPII75779Custom app is shown in events but is not managed in the custom steering configuration.DLP88323Email Notification always shows 'Web Proxy / Anonymizers' at the header.DLP85451DLP scans are not working properly.DLP84629DLP violation for files in a retroscan not working as expected.DLP77729DLP Incident not accurately highlighting SIN and DOB is not identified in the Forensics page.DLP75624PII data on Outlook display showing false positives.DLP74976*SSN files downloaded from a specific domain is not triggering against a predefined DLP profile.DLP74451DLP profile UI is timing out.DLP84695 / 54360DLP file scan is not matching the .pages extension.Email Notification86314Ability to edit the Note section in email notifications.Email Notification86313Email notifications do not have the correct user.IaaS82004Add heartbeat every five minutes with the alert count for the previous five minutes.IaaS77390Compute / Users is not populating for an Azure instance.IaaS77282Certain DSL functions ('like' and 'in') cannot operate on simple lists.Inline Policies86497Share and Upload activities for the wetransfer app is blocked though there is no Inline policy in place.Inline Policies84645Policies not working as expected when two specific users make an upload to Box.Introspection76480OD/SP Webhoook Subscription is not working properly.iOS VPN86517Users from NZ, SG, Aus, Istanbul were unable to connect through the Netskope VPN for iOS.Netskope GRE85080Upload bytes drops drastically in a speed test when connected to Netskope GRE.Provisioner Platform88780Users are added but cannot install client due to the API call returning error.Provisioner Platform88190Users seeing the wrong steering configuration based on group.Provisioner Platform85263The iOS Twitter app is not excepted/bypassed even though it is listed in CertPinned apps.Query Service83687The Devices page Event Time Query is not working as expected.Query Service80391'N/A' is appearing instead of the application name.Query Service57061App with CCL is unknown, and CCI is 50.Reverse Proxy86483The calendar is not showing appointments on a shared calendar for a user going through reverse proxy.Web UI87312Incorrect app domain is added while creating Custom Cert pinned app for Windows.Web UI87274When the Enhanced Cert-pinned apps feature is enabled, creating a custom cert-pinned app adds random domains.Web UI86413Unable to view specific OUs in the dropdown filter.Web UI86375The Box Classification option is not showing up in Take Action.Web UI77259Not able to change the DLP status on multiple detect events.Web UI65074The Introspection Policy name is missing in the audit logs. Fixed Issues CategoryIssue NumberIssue DescriptionApp Connector90470The system is not detecting the upload activity for Microsoft Live Outlook.com.App Connector90109Operating system and Browser values display as Windows for Upload and Download activities.App Connector89547Incorrect / Incomplete domains list.App Connector89315Upload and Send events are not detected properly.App Connector88584The iOS app is not working after entering credentials.App Connector88184User Alert log in attempt does not work properly.App Connector88116Block notification was shown, but file was uploaded.App Connector88068Instance ID always marked as 'Personal' for Box.App Connector87925Instance ID not detected for some downloads.App Connector87907No events generated for a tenant.App Connector87788File uploads directly into cards is detected as Create activity in Trello.App Connector87352Incorrect URL classification.App Connector87086The Google Gmail app is not detecting user activity to trigger a block policy.App Connector85932LinkedIn app post activity breaks the chat when sending DLP PDD data.App Connector85774When using the Slack app, users intermittently observed the from_user and instance-id values updating incorrectly.App Connector85515DLP and activities support for the Roadmunk app.App Connector83204Switching between multiple accounts, from_user and instance-id values updating incorrectly.App Connector83025Auth proxy fails as the Samsung Galaxy 8 device is recognized as a Linux device.App Connector82726A user's instance ID is extracted incorrectly for Box and is therefore blocked.App Connector77144The Microsoft Teams app events are not showing in the Application / Page events.App Connector80566Add CrowdStrike to the default Cert pinned app list.App Connector76350No SkopeIT events for upload activity for Google calendar.App Connector48751Google calendar Windows browser issues.App Info and DB Contents89655Filesize for download activities is now enabled.App Info and DB Contents88911Domain addition for smaller PDFs.Auth Proxy90175Encountering an error while setting up reverse proxy for Office365.Auth Proxy86507Certain tenants are seeing a 504 timeout error.Client89379Chrome OS: Device is not registered to Settings > Active Platform > Devices.Client88878Unable to use Diddler and the client simultaneously, all access to steered sites is blocked.Client87532If a user is on the corporate network, Skype screen share does not work.Client72978If a user is on the corporate network, Skype screen share does not work.DAPII48998The policy is not triggered when saving / uploading and downloading the Word document in OneDrive.DLP90433IBAN showing false positives.DLP85978DLP supported file types needed for documentation.DLP82183DLP action is incorrectly recorded as 'None.'DLP75441Unable to upload files using DLP-PDD.IaaS91063With this fix, admins can export all Raw Findings page data when the table is not sorted by Status. When the table is sorted by Status, the 100K row cap still applies. This 100K row cap issue is fixed in the upcoming release.IaaS89812The compliance report is showing incorrect data.IaaS89034Pagination does not work properly for Settings > Introspection > Cloud Infrastructure.IaaS87109Increase the limit for maximum number of Iaas instances that can be created.Introspection73953Migrate current Workplace APIs to the new 'workplace.com' domain.Introspection88167Workplace APIs are upgraded to version 2.12 or above.Introspection89236User not listed after moving to multi geo instance.Introspection90768The inline quarantine flow is not working as expected for the Box custom DLP policy.Introspection89234Subsite is not listed in the Introspection policy page.Introspection87954Handle deletion and renaming of repos for GitHub.Introspection86980Filter Exposure 'Anyone at Enterprise' UI is not working properly.Introspection85563The DLP profile is triggered even after a policy change.Introspection85375Deletion of a repository is not working properly.Introspection79622The DLP policy triggering on contents of the Forensic folder.Introspection78020Forensics detail cannot be retrieved.Introspection77426Renaming of a repository is not handled properly.Introspection65665Source IP details are missing for a few events in SkopeIT > Application Events.Netskope Proxy88489Added common public root certificates to the Netskope proxy.Netskope Proxy87306Users are unable to access a specific domain when the Netskope client is enabled.Netskope Proxy79515A previously accessible website is now inaccessible when the client is enabled.Netskope for Web89929URLs with categories that are derived from the URL filter do not hit the policy action.Netskope for Web86967A URL with no referrer but with valid app detect domain still comes out as 'Uncategorized' as one of the categories.Netskope for Web86722Custom categories inclusions/exclusions do not work properly.Provisioner Platform90116The client is disabled due to certificate errors.Provisioner Platform88976The Client is not receiving the proper steering configuration.Provisioner Platform88848Reports still being sent from a user who has been removed and the report is not visible to the admin to remove.Provisioner Platform87683The client on-boarding invite fails.Provisioner Platform82407Config failed to download.Reverse Proxy87737Reverse proxy is not working correctly with Outlook.Reverse Proxy78811The reverse proxy native O365 app traffic is not blocked on Android devices.User Justification87891Client User Alert notification pops up after the file download completes.User Manager86848Specific users are not showing up in the UI for a tenant.Web UI90631Settings > Introspection > Cloud Infrastructure's Next button is not working.Web UI89956The steering configuration does not show the list of managed applications.Web UI87851Unable to remove category from the Exception configuration.Web UI87023Modal backdrop does not hide when a user cancels creating a new email notification template in inline policies.Web UI86955Make ASYNC 'filemeta' queries available in the Incidents > DLP UI.Web UI86898The configured cert pinned exception is not pushed to the client.Web UI86181Malware incidents that are created from threat intel matches are not working correctly.App Connector83954Users are logging in to the Amazon console and trying to create a VPC, and it is blocked. However, creating it from the wizard, it does not get blocked.App Connector77845Inconsistent behavior for DLP and User alerts.App Connector68407AWS log in activities are not being detected in SkopeIT.Auth Proxy72934ChromeBook full bypass when the Certcheker is enabled.Client68975Cisco AnyConnect is disconnecting intermittently when the Netskope client is enabled.Client68435When the Netskope client is enabled, certain tenants are having issues.Client Services79181A user is seeing an "Email Invitation Expired" message during SAML client enforcement flow, when the Netskope client is installed but disabled.DLP79534Enhancement for DLP user behavior.DLP79526Enhancement for object risk level.DLP79415DLP forensics capture option to store in AWS S3.DLP79310DLP sampling or entire file scan option.IaaS91655, 91779On the Accounts page and Regions pages, the Compute column includes only asset_type="Compute Instance". All other places, Compute would include both "Compute Instance" and "Function".IaaS89904Storage scan support for Azure files.IaaS89626Capture 'Justification' when remediating compliance findings.IaaS87724Capture 'Justification' when muting compliance findings.IaaS83999Provide a script to create a custom role for Azure.IaaS79991Need to control by account and by bucket.IaaS79768Data fetcher support for Google suite (for CSA checks).IaaS78955The Account ID is missing for the wrapper rule results.IaaS77830The Account ID is missing for the wrapper rule results.IaaS71835Ability to test custom DSL in a selected AWS / Azure / GCP account.IaaS70778Support for external IDs per account for an AWS tenant. Known Issues CategoryIssue NumberIssue DescriptionIaaS66718The option for configuring regions must be enabled from the security scan policy.Introspection67359Netskope Introspection, at times, receives duplicate notifications for a DLP policy from Workplace by Facebook. This is a known issue on Facebook.Introspection41886Many audit events are showing up with location of blank or 'Unknown'. In some cases the user activities that are performed within the same timeframe also shows location for some events and 'Unknown' for others.Introspection88566Retro scan uses UID instead of domain which results in retroscan issues.Introspection84962Prevent duplicate DLP alerts when email metadata changes.Introspection74878File is not replaced for quarantine, action is not appearing in the logs.Introspection72236Enhancement for the Select All functionality for Introspection file actions.Netskope for Web84461Prohibited URL is allowed with Netskope for Web enabled using Google translate as a proxy.Query Service81069The Malware page shows different data for the Last 24 hours and Last 7 days fields.SAML Proxy70385Bypass Android and iOS devices with Google MDM through reverse proxy.TSS58450Encryption is not working properly for a tenant.User Justification67146User justification event does not show details about the policy.Web UI67438In the UI, users must be able to tell if the client invitation was sent. To contact support, reference Dell Data Security International Support Phone Numbers.Go to TechDirect to generate a technical support request online.For additional insights and resources, join the Dell Security Community Forum.