Release Note for CTE v7.5 for Windows

Release v7.5.0.78 of CipherTrust Transparent Encryption for Windows adds new features, fixes known defects and addresses known vulnerabilities.

New Features and Enhancements

The major improvements to CTE for Windows in this release are:

• Validate CipherTrust Manager at CTE client during registration for Windows

  To ensure that registration by the CTE agent is serviced only by the expected key manager, you can provide a copy of the root CA certificate that will be used to authenticate the TLS communications with the key manager, during the registration process.

  See Validating CM and CTE with a Local CA Certificate for more information.

• Ransomware: Use Cases

  See Using Ransomware Protection for more information.

• Ransomware Sensitivity

  See Setting Ransomware Protection Sensitivity for more information.

• Multiple IP on CIFs Shares

  See Configuring LDT for CIFS shares Mapped to Multiple IP addresses for more information.

• LDT AccessOnly Nodes

  • All CTE agents in an LDT Communication Group that contains CTE agents with AccessOnly nodes, must have CTE v7.4.0 or subsequent versions, installed. If you have agents with versions previous to CTE v7.4.0 in that LDT Communication Group, those agents must be upgraded.

Resolved Issues

• AGT-46292: Backup/Restore from AccessOnly node

  The issue was that When an LDT rekey is in-progress, AccessOnly nodes cannot access the files currently being rekeyed. While LDT is in progress, backup/restore from access-only nodes is not recommended. Backup/Restore must be performed from Primary or Secondary nodes in the LDT Communication Group. This is because while LDT is in progress, files under rekey may not be accessible from access-only nodes. This may cause the Backup/Restore process to fail as file access is denied.

• AGT-48234: Limitation for AccessOnly node feature

  All CTE agents in an LDT Communication Group that contains CTE agents with AccessOnly nodes, must have CTE v7.4.0 or a subsequent version, installed. If you have agents with versions previous to CTE v7.4.0 in that LDT Communication Group, those agents must be upgraded.

• AGT-48235: Cannot support agent node installed with vmfiltr driver sharing same CIFS drive with agent node installed with VMLFS agent driver

  All nodes sharing a CIFS drive must have homogenous system drivers installed. You cannot have some nodes installed with the vmlfs.sys driver and some installed with the vmfiltr.sys driver. That scenario is not supported.

• AGT-48239: Ransomware Protection driver requirement

  Ransomware Protection requires the vmlfs.sys driver. If you are using Ransomware Protection and you switch to the vmfiltr.sys driver, then you will disable Ransomware Protection.

• AGT-48450: Using Ransomware Protection with antivirus software

  Always add your anti-virus software to your exemption list (process set). Ransomware Protection intermittently flags anti-virus software as ransomware and blocks it.

Known Issues

• AGT-48196: Microsoft DPM reports recovery creation failed when creating a recovery point after synchronizing data

  Work-around:

  Perform a complete backup. Do not perform an incremental backup. The incremental backup does not work properly with LDT.

• AGT-48580: RWP: gzip files in a directory can be mistakenly identified as ransomware

  Intermittently, zip or unzip activity that occurs within a ransomware GuardPoint is identified as ransomware.

  Work-around:

  Add the zip/gzip/winzip programs to the Ransomware Protection process exemption list in the CipherTrust Manager client profile.

End of Life

• Microsoft ended support for Windows Server 2012 and Windows Server 2012R2 on October 10, 2023. Therefore, CipherTrust Transparent Encryption will no longer support Windows Server 2012, or Windows Server 2012R2, in CTE v7.5.0 and subsequent versions.