Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release Notes

Release Note for CTE v7.6.0 for Windows

search

Please Note:

Release Note for CTE v7.6.0 for Windows

Release Note Doc version Date
v7.6.0.87 2 2024-10-16

This release of CipherTrust Transparent Encryption for Windows adds new features, fixes known defects and addresses known vulnerabilities.

New Features and Enhancements

  • Windows/Linux Format Compatibility

    Previously, Windows and Linux LDT files used different architecture, so Windows and Linux nodes could not both access a share drive after LDT encrypted data on the share. Now, you can access the share from either Windows or Linux nodes.

    See Windows/Linux Compatibility for more information.

  • CTE now compatible with Microsoft Azure Entra ID

    CTE adds support for another Multifactor Authentication provider: Microsoft Azure Entra ID.

    See Authentication for CTE GuardPoints for more information.

  • Disable Ransomware Protection from CipherTrust Manager

    Disable mode disables Ransomware Protection for all GuardPoints on the clients linked with this profile. As a result, it has nothing to log.

    See Disabling Ransomware Protection for more information.

  • Ransomware Protection Enhanced

    CipherTrust Transparent Encryption Ransomware Protection can now protect systems against attacks from remote processes.

  • Remote Authentication for Multifactor Authentication

    You can configure remote authentication for Multifactor Authentication. This allows a user to log into Multifactor Authentication through a machine other than a CTE client. This allows you to enable authentication from remote endpoints accessing CIFS shares, exported by a CTE agent.

    See Remote Authentication for Multifactor Authentication for more information.

Resolved Issues

  • AGT-46989: Compressed files obtained LDT metadata attributes; encryption key info, file corruption and system crashes occurred

    This issue occurred because the compressed files contained LDT metadata attributes and encryption key info. This caused file corruption and system crashes. The solution is to not allow metadata in compressed files. Compressed files should never be rekeyed.

  • AGT-47111: Agent is not responding to host_rwp_enable as sent from CipherTrust Manager

    To disable Ransomware Protection, all Ransomware Protection GuardPoints must be disabled, or unguarded, on the agent, or disabled from the client profile in CipherTrust Manager in Ransomware Protection mode. Re-registering from the agent, while NOT selecting Ransomware Protection during re-registration, does not disable existing Ransomware Protection GuardPoints on that agent.

  • AGT-48580: Compressing files in a directory with gzip can cause gzip compression of gzipped files

    To avoid complications, or denial of zip or unzip activity, that occur with Ransomware Protection guarding a volume, add that zip program to the Ransomware Protection process exemption list in the CipherTrust Manager client profile. This includes gzip and winzip.

  • AGT-48862: Stopping secfsd service does not unguard a CIFS GuardPoint

    This was only required when upgrading CipherTrust Transparent Encryption from v7.4 to v7.5 and post 7.5.0. To upgrade, you need to manually disable the GuardPoints, on the nodes to be upgraded, in the CipherTrust Manager UI.

    See Upgrading CTE agents in an LDT Communication Group from 7.4.0 to 7.5.0 and post 7.5.0

  • AGT-55127: After CSV cluster nodes switch CTE driver from vmfiltr to vmlfs, Microsoft CSV cluster disk status shows incorrect indirect state

    After CTE agent was installed and Microsoft Cluster Shared Volumes switched the CTE driver from vmfiltr to vmlfs,the CSV cluster disk status shows Redirect. The solution was to update the agent code and installer to add our drivers to SharedVolumeCompatibleFilters group for a Cluster.

    Warning

    1. Upgrade/Install CTE agent to any version post v7.5.0.104 while in the vmlfs driver state on all the cluster nodes.

    2. Reboot one system and ensure that the system boots up completely before rebooting the next system.

  • AGT-57673 [CS1542868]: SQL changing to recovery state, on each server reboot, after migration from DSM to CipherTrust Manager

    When the CTE agent initially contacts CipherTrust Manager, it may fail due to a getaddrinfo error, which may be caused by the Windows DNS service not being ready. The solution was to change CTE to detect this failure type when connecting to CipherTrust Manager, and to retry connecting for a few seconds, before moving on to the next CipherTrust Manager in the cluster. This now matches the agent behavior when the same error condition occurs when connecting to a DSM.

Known Issues

  • AGT-36370: The vorvmd.log reports an error message when guarding LDT over CIFS GuardPoint

    CTE agent needs CIFS credentials to apply a GuardPoint on a CIFS share. This error message displays when the CTE agent is in the process of authenticating the user. This error can be safely ignored.

  • AGT-39189 | AGT-55063: CTE failed to unguard after changing to incorrect CIFS credentials

    If a user has a CIFS guarded path, and tries to access it with invalid credentials, the unguard request fails. After this, if the user switches to valid credentials, the unguard request still fails.

    Work-around

    To successfully guard/unguard a CIFS path, use valid credentials.

  • AGT-48196: Microsoft DPM reports recovery creation failed when creating a recovery point after synchronizing data

    Work-around

    Perform a complete backup. Do not perform an incremental backup. The incremental backup does not work properly with LDT.

  • AGT-48580: Ransomware Protection gzip files in a directory can be mistakenly identified as ransomware

    Intermittently, zip or unzip activity that occurs within a Ransomware Protection GuardPoint is identified as ransomware.

    Work-around

    Add the zip/gzip/winzip programs to the Ransomware Protection process exemption list in the CipherTrust Manager client profile.

  • AGT-48862: Stopping secfsd service does not unguard CIFS GuardPoint

    Secfsd service is a critical service needed to perform Guard/Unguard operations. If this service is not running, CTE agent fails to unguard the CIFS GuardPoints.

    Work-around

    Manually disable the GuardPoint in CipherTrust Manager.

  • AGT-58577: Issues and limitations for Multifactor Authentication and Ransomware Protection co-existence

    • When Multifactor Authentication is configured and used in a Client Profile (OIDC or EntraID), Ransomware Protection fails to setup on the host.

    • When attempting to change the Multifactor Authentication profile to the default client profile, that also fails.

    • When an OIDC connection is associated with a client profile, CipherTrust Manager reports an error while creating a Ransomware Protection GuardPoint.

    Note

    Multifactor Authentication is not yet supported for a GuardPoint with Ransomware Protection with a CTE Agent. You can associate Multifactor Authentication with a CTE GuardPoint with no Ransomware Protection, and that should work normally.

    Work-around

    1. Remove the OIDC connection from the client profile.

    2. Create another Ransomware Protection GuardPoint and re-associate the OIDC connection to the client profile after guarding succeeds.

  • AGT-61138: Guard a system UNC by Standard policy, files are shown as cipher-text format from local Windows explorer

    Work-around

    Only view the files using the UNC from the local system (\\192.168.1.1\secrets). Do not use Windows Explorer (e:\secrets).

End of Life

Because CipherTrust Transparent Encryption no longer supports Windows Server 2012, or Windows Server 2012R2, CipherTrust Transparent Encryption will no longer install on those operating systems.

On this page