Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Windows Patch Notes for CTE v7.7.0

Windows Patch Notes for CTE v7.7.0

search

Please Note:

Windows Patch Notes for CTE v7.7.0

Patch Information
Release v7.7.0.111
Date 2025-06-03
Document version 1

New Features and Enhancements

  • Added support for UNC paths in process sets.

New OS Support

  • CipherTrust Transparent Encryption now supports Windows 2025.

Resolved Issues

  • AGT-62753 [CS1588680]: Not able to restore file level data to encrypted folder using NetBackup

    AFFECTED VERSIONS: 7.6.0.87 — 7.7.0.111

    The issue occurred because the CTE metadata in the file was not properly copied to the restore folder. The solution is to copy the metadata file correctly during restore. This has been fixed.

  • AGT-63133 [CS1595125]: After installing and enabling 3 GuardPoints on Windows 2022 with SQL 2022 Always on installed (passive mode), the machine becomes unresponsive

    AFFECTED VERSIONS: 7.6.0.87 — 7.7.0.111

    This issue occurred because the CTE filter driver was enabling caching on the SQL server, which it should never do. This has been fixed.

  • AGT-64246 [CS1606706]: Long delay (up to 5mins) to open files over the network with CTE driver

    AFFECTED VERSIONS: 7.7.0.111

    When a directory is accessed remotely, Microsoft SMB issued file open requests for every individual file in that directory. This caused the CTE driver to open every file and read the file metadata, which was time-consuming. The solution is to check the desired access for the requested file, and if the open request is only for file attributes and not for file data, then the CTE driver will now skip the opening and reading of the file metadata.

  • AGT-64513: System crash observed while running voradmin ldt stats command over CIFS

    AFFECTED VERSIONS: 7.7.0.111

    The CTE filter driver was processing files that were marked as passthrough, and therefore, should not have been processed. This has been fixed.

  • AGT-64751 [CS1615045]: Creating a Ransomware Protection GuardPoint on the OS volume, when in Monitor mode, causes an internal web application to stop working

    AFFECTED VERSIONS: 7.7.0.111

    In Monitor mode, Ransomware Protection was blocking I/O activity from processes that were marked as malicious, even though processes in monitor mode should not be blocked. This has been fixed.

  • AGT-66258: CIFS node LDT rekey status shows as Incomplete due to skipping LDT for the pre-created files

    AFFECTED VERSIONS: 7.7.0.111

    LDT should not skip the pre-created files in the GuardPoint directory before guarding. This issue occurred because when the primary node sent the file selection message to the secondary node during rekey, the secondary node then tried to open that file but didn't have proper permissions. This caused specific files to be marked as incomplete. This has been fixed.

  • AGT-66259: LDT receives error when checking the GuardPoint group status after primary node crashes

    AFFECTED VERSIONS: 7.7.0.111

    This issue occurred in an LDT over NFS/CIFS setup. If a user ran voradmin ldt group check <guard path> to fetch GuardPoint details after a primary crash, a crash also occurred in secfsd. This crash occurred because the response from the primary node was not handled properly by the secondary node. When the voradmin command was executed on the secondary node to retrieve the GuardPoint group health status, it sent a request to the primary node. The primary then tried to fetch the data and return a response to the secondary node. However, when the primary was not in a guarded state, it returned a different response, which the secondary failed to process correctly, leading to an secfsd crash.

    The solution was to add checks into the code to validate the response from the primary node when it is not in a guarded state. If the voradmin command is executed on the secondary node after a primary node crashes, it now returns a timeout error. The command succeeds once failover to the new primary node completes.

Known Issues

  • AGT-36370: The vorvmd.log reports an error message, Not guarding path when guarding LDT over CIFS GuardPoint

    AFFECTED VERSIONS: N/A

    This error message displays when the CTE agent is in the process of authenticating the user. This error can be safely ignored.

  • AGT-39189 | AGT-55063: CTE failed to unguard after changing to incorrect CIFS credentials

    AFFECTED VERSIONS: All

    If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails because CTE agent is unable to access the CIFS share to update the credentials.

    Work-around

    To successfully guard/unguard a CIFS path, use valid credentials.

  • AGT-39190: File modified time does not change after rekey for excluded files

    AFFECTED VERSIONS: 7.7.0.87

    This is a limitation with the current CTE agent. This is due to the Windows Redirected Drive Buffering Subsystem (rdbss) limitation.

  • AGT-48196: Microsoft DPM recovery creation failed when creating an incremental backup recovery point

    AFFECTED VERSIONS: 7.5.0 — 7.7.0.87

    Work-around

    Perform a complete backup. Do not perform an incremental backup.

  • AGT-48580: The gzip files in a directory can be mistakenly identified as ransomware by Ransomware Protection

    AFFECTED VERSIONS: 7.5.0 — 7.7.0.87

    Some compression algorithms haves high entropy value and intermittently, zip or unzip activity that occurs on files that already themselves have high entropy, within a Ransomware Protection GuardPoint, is mistakenly identified as ransomware.

    Work-around

    Add the zip/gzip/winzip programs to the Ransomware Protection process exemption list in the CipherTrust Manager.

  • AGT-48862: Unguard process fails if CTE secfsd service is down

    AFFECTED VERSIONS: 7.5.0 — 7.7.0.87

    The secfsd service is a critical CTE service. If this service is down, certain CTE features may not work as intended.

    Work-around

    Manually restart the secfsd service in the service manager.

  • AGT-58577: Issues and limitations for Multifactor Authentication and Ransomware Protection co-existence

    AFFECTED VERSIONS: 7.7.0.87

    Multifactor Authentication is not yet supported for a GuardPoint with Ransomware Protection with a CTE Agent.

  • AGT-61138: When applying a GuardPoint on the UNC (Universal Naming Convention) name instead of a Local drive, files display as cipher-text format when accessing using local drive

    AFFECTED VERSIONS: 7.7.0.87

    User must apply GuardPoint on the local drive. If the user decides to apply the GuardPoint on the UNC path, user must use the UNC path to access the data. Do not view through the local Windows explorer path.

  • AGT-61679 [CS1581483]: The Apache service does not start when launched within a GuardPoint

    AFFECTED VERSIONS: 7.6.0.87 — 7.7.0.87

    This issue is interoperability issue between CTE and Windows Defender.

    Work-around

    Create an exclusion rule for Windows Defender that will exclude the Apache2.4 directory.

On this page