Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Windows Patch Notes for CTE v7.7.0

Windows Patch Notes for CTE v7.7.0

search

Please Note:

printsuggest an edit

Windows Patch Notes for CTE v7.7.0

Patch Information
Release v7.7.0.104
Date 2025-02-21
Document version 1

copy link to clipboardResolved Issues

  • AGT-61694 [CS1583480]: Robocopy fails with "Invalid access to memory location" when accessing Windows share guarded with a local LDT policy

    A file that was open in the CTE driver was failing due to an extra flag set by Windows Server2012 R2, which is not compatible with existing checks in the code. This has been fixed.

    To avoid this issue, in the registry file:

    1. Navigate to: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmlfs\

    2. Create a new Parameter key.

    3. Navigate to: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmlfs\Parameters

    4. Create a DWORD, name it DisableFlagExclusiveFlag, set the value to 1.

  • AGT-61846: In a Windows Access Only node with LDT over CIFS, the LDT AccessOnly Node becomes inactive after agent is rebooted

    CipherTrust Manager failed to push the CIFS credentials to the LDT AccessOnly node on a policy change or key rotation. If no such policy change, or key rotation, occurs then LDT AccessOnly nodes are free to reboot.

  • AGT-62791 [CS1593263]: CTE nodes are crashing on the latest CTE version (7.6.0.132), causing issues with the LDT Communication Group, which cannot recover

    LDT over CIFS locking code, on the secondary agent, was accessing and decrementing a reference count on a lock after a method it called decided to apply vm_free to that lock. Therefore, if another thread on the system had since allocated that same memory, then the reference count decrement corrupted their memory. The fix was to recognize that the lock was freed and therefore, there was no need to decrement the reference count.

  • AGT-62934 [CS1569355]: Failed to renew external client certs with error vmshare_update_rest_certs: rc = 403

    CTE has been improved to manage a CipherTrust Manager API change which introduced an incompatibility with certificate renewal when using external certificate authorities.

  • AGT-62998 [CS1596488]: SQL server crashes after encrypting the database

    There was a 32-bit DWORD overflow that was occurring after 4 billion IOs on any opened file, which could occur on long running SQL Server databases. Once the overflow hit, then system would crash. This has been fixed.

  • AGT-63090 [CS1594445]: Symlinks do not work when guarding with an LDT policy and running the CTE driver

    Symlinks, inside of a GuardPoint, linked to different volumes, were not working with an LDT policy. Such symlinks are not supported by LDT. The solution was to have the CTE driver bypass the symlinks entirely in that scenario.

  • AGT-63124 [CS1600001]: Rekey is skipping the ACL (Access Control List) files

    The issue occurred because the file data size was not aligned to the disk sector size. This issue caused LDT to intermittently fail on Windows Server 2016 and subsequent versions. The failure occurred because in some configurations, the Windows APIs failed to write files if the size was not aligned to the sector boundary. The solution was to make the file size grow to the required size when the amount of data is not aligned, and reduce the file size to the actual size.

copy link to clipboardKnown Issues

  • AGT-36370: The vorvmd.log reports an error message when guarding LDT over CIFS GuardPoint

    This error message displays when the CTE agent is in the process of authenticating the user. This error can be safely ignored.

  • AGT-39189 | AGT-55063: CTE failed to unguard after changing to incorrect CIFS credentials

    If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails because CTE agent is unable to access the CIFS share to update the credentials.

    Work-around

    To successfully guard/unguard a CIFS path, use valid credentials.

  • AGT-39190: File modified time does not change after rekey for excluded files

    This is a limitation with the current CTE agent. This is due to the Windows Redirected Drive Buffering Subsystem (rdbss) limitation.

  • AGT-48196: Microsoft DPM recovery creation failed when creating an incremental backup recovery point

    Work-around

    Perform a complete backup. Do not perform an incremental backup.

  • AGT-48580: gzip files in a directory can be mistakenly identified as ransomware by Ransomware Protection

    Some compression algorithms haves high entropy value and intermittently, zip or unzip activity that occurs on files that already themselves have high entropy, within a Ransomware Protection GuardPoint, is mistakenly identified as ransomware.

    Work-around

    Add the zip/gzip/winzip programs to the Ransomware Protection process exemption list in the CipherTrust Manager.

  • AGT-48862: Unguard process fails if CTE secfsd service is down

    secfsd service is a critical CTE service. If this service is down, certain CTE features may not work as intended.

    Work-around

    Manually restart the secfsd service in the service manager.

  • AGT-58577: Issues and limitations for Multifactor Authentication and Ransomware Protection co-existence

    Multifactor Authentication is not yet supported for a GuardPoint with Ransomware Protection with a CTE Agent.

  • AGT-61138: When applying a GuardPoint on the UNC (Universal Naming Convention) name instead of a Local drive, files display as cipher-text format when accessing using local drive

    User must apply GuardPoint on the local drive. If the user decides to apply the GuardPoint on the UNC path, user must use the UNC path to access the data. Do not view through the local Windows explorer path.

  • AGT-61679 [CS1581483]: The Apache service does not start when launched within a GuardPoint

    This issue is interoperability issue between CTE and Windows Defender.

    Work-around

    Create an exclusion rule for Windows Defender that will exclude the Apache2.4 directory.

On this page