SphereShield Package v4.9.9.1 Release Notes

Owned by Agat Support
Last updated: Oct 03, 2022 by Avi J. Levin (Unlicensed)
6 min read

Release date: Sep 21, 2022

System Main Components Versions:

  • Admin Portal 5.6.16.2 (new)

    • Infra 5.6.16.1 (new)

  • Ethical Wall Engine 5.6.0.2 (new)

  • Maintenance Service 6.3.0 (new)

  • ADSync Adapter 1.3.0

  • Service Agent 1.6.2

  • Bastion 2.0.6.2 (new)

    • Teams Protector 1.5.0.0 (new)

    • Internal Services API 1.2.4 (new)

  • CASB Adapter 3.3.6 (new)

    • CASB MS Office Application 1.3.5.6 (new)

    • CASB SharePoint Application 1.0.3.3 (new)

    • CASB Webex Teams Application 1.2.0.1 (new)

    • CASB Messaging BL 1.2.3.2 (new)

    • CASB Common 1.2.6.1 (new)

    • Infra 5.6.16.1 (new)

  • DLP Interface 1.5.1

  • Teams Bot 4.0.3.5

  • Asana Provider 1.0.1-rc1

  • Compliance App 1.0.2 (new)

  • Installer 1.7.5.5

Known Issues & Limitations

Channel Management

Applies to previous versions as well

  • Private Channel operations periodically need to be repeated, due to an open issue with Microsoft’s Graph API

Teams Protector

Applies to previous versions as well

  • Incoming Screen Sharing from external users is sometimes not filtered

  • When exclusively in Proxy mode (without the Adapter) and external users are blocked from sending messages to internal users, this is sometimes not accurately audited

Teams for Webex Webhooks

Webex has dropped support for Webhooks for Call Memberships

  • Call Membership Webhooks are not supported

  • Messaging Webhooks supports files. Message Blocking is still supported through polling.

Admin Portal

  • The Maintenance Service may only be restarted via Windows, not in the Sphereshield Admin Portal

Main Changes

Microsoft Teams Compliance

Fix for blocking external messages in Proxy mode

Webex

Support for Webex Meeting Webhooks

  • Ability to block Webex audio and video meetings, recording meetings, eDiscovery for Meetings, etc

Microsoft Teams Channel Management

  • Private channels: Support for handling Wiki tabs

  • Shared channels: Support for Shared Channels

Compliance App

  • The SphereShield Compliance App is an Azure App which provides capabilities for the CASB API Adapter to use the user Teams & Graph Token.

    • This can be used to update user messages for both the sender and recipient

    • Without the compliance app, the API is limited to deleting the message only on the recipient side

    • With the compliance app, Sphereshield can edit sender messages even if a chat has started externally

    • For more information, including setup and installation: https://agatsoftware.atlassian.net/wiki/spaces/SFTKB/pages/2745368591

eDiscovery

Several improvements to eDiscovery

  • Added ability to archive eDiscovery sessions with a third party vendor

  • Added support for multiple files per message

  • Added support for edited messages

Ethical Wall

  • Added option to reinspect user’s AD groups and policies without restarting the CASB API Adapter and Bastion Proxy.

Components Release Notes

Admin Portal

  • Fixed link to download files from eDiscovery

  • Fixed export and restore Channel Management operations

  • Added a general disclaimer in Channel Management portal page

  • Channel Management: added a limit to 3 simultaneous actions

  • Changed Webex cloud service integration description

  • Added alert in eDiscovery settings page if SMTP is not set

  • Added Last Updated column to Channel Management auditing table

  • eDiscovery - Added support for edited messages in MS Teams

  • eDiscovery Archiving

    • New page: eDiscovery Archiving Integration Auditing

    • New setting: Enable eDiscovery archiving integration

    • New setting: email address for sending eDiscovery content

    • New setting eDiscovery Archiving frequency (min)

    • New setting: eDiscovery archiving Provider

    • New table: eDiscovery Archiving Integration Auditing

    • New setting: Archiving Email Max Size (MB)

    • New setting: Archiving Email Max messages

  • Channel Management: added icon for shared channel

  • Applied changes in eDiscovery message with multiple files

  • Changed eDiscovery dashboard icon

  • Channel Management failed operation message

  • Support for AWS SMTP Service (SES)

  • Service Usage Report - Added checkbox in advanced search in Cloud Sessions page "Show Only Unique Users Per Day"
    If selected, only one row per user per day will appear in the table (the last row of that user for that day).

  • Added dropdown to Activity Type in Ethical Wall Activity Auditing

  • Added Compliance App status to the internal users list

     

  • Added recording in Ethical Wall for API in Webex deployment

  • Updated eDiscovery tooltip in settings

  • Removed values from conversation type search in eDiscovery

  • Added search in eDiscovery by conversation scope

  • Added search in eDiscovery by session title

  • Webex portal settings - added “Groups to be inspected” and “External Webhook site URL” settings.

  • Added settings to delete communication from eDiscovery after a configurable amount of time

  • Added settings to configure Compliance App in Cloud Services Integration page

  • Fixed eDiscovery icons

  • Fixed eDiscovery description

  • Fixed Logs and Settings explanation

  • Added option to show media records in eDiscovery

Maintenance Service (MNTS)

  • Added Archiving Integration option to eDiscovery

  • Added process to remove old rows from the USERS_REFRESH_CACHE table

Internal Services API (ISA)

  • Implemented use of Ethical Wall Engine 5.6.0.2

Ethical Wall Policy Engine

  • Fixed fetching Active Directory groups

Bastion

  • Fixed a bug where adding trouter.teams.microsoft.com to bastion.xml hosts and passthrough as well to the PAC file, the client had connectivity problems (shows “reconnecting…”).

Teams Protector

  • Update for code injection to support new MS Teams clients being rolled out. Update required to continue monitoring which users have been added or removed from meetings.

  • Fix for backend CDN server.

  • Profile based cache now supports UPN based rules too.

  • Hourly cache reset now clears legacy EW policy cache too.

  • Option to change log setting on the fly by sending an http request (if relevant contact Support).

  • Health check no longer checks internet connectivity via forward proxy.

  • PAC file, certificate and Bastion XML must be updated to support Web Socket functionality for incoming messages. See here: https://agatsoftware.atlassian.net/wiki/spaces/SKYP/pages/2725937410/Special+Releases+-+Extra+Instructions#1.4.0.0---Websocket-Notifications

  • This version or higher is required to filter incoming messages.

  • Web Socket functionality for filtering incoming messages.

  • Fix for bug introduced in 1.3.0.0 where conversation participants weren’t always recognized correctly, causing actions to be permitted when they should have been blocked.

  • Fix for P2P auditing message where sender was sometimes specified as recipient.

  • Fix for P2P auditing message where policy for profile was previously cached.

CASB API Adapter

  • Created a setting in the Adapter config to set how often to delete cloud content.

  • Changed name of blocked space governance policy.

  • Added setting WriteWarningInLogWhenLastEventOlderThan in Adapter Config.

  • Change "FetchFromAPIBackupEnabled" to true by default for Webex messaging.

MS Office Application

  • Added support for Wiki tabs in private channels.

  • Added support for shared channels.

  • Added notification to ask the user to add a Wiki tab to a public channel in Channel Management.

  • Added more details in auditing about the size of a channel.

  • Fixed a misleading and incorrect pop-up message.

  • Fixed grammar in Channel Management logs

  • Added support for large files download

  • Added process to always add compliance user as an owner to private channel.

  • Increased retry from 5 to 15 when checking if wiki exists.

  • Improved Channel Management auditing.

  • Limited archiving operations to one at a time, and no more than 3 processes at a time in general in Channel Management.

  • Fixed instances when "Please try again later" message appears.

SharePoint Application

  • Added support for CASB Common 1.2.6.1

Webex Teams (Spark) Application

  • Added support for meeting participants control (Ethical Wall for joining participants to PMR and schedule meetings).

  • Support recording control (Ethical Wall on recording in meeting, to enable this: set Enable Webex Recording Control to Yes in Ethical Wall settings via the Portal)

  • Added support for Webex Meetings in eDiscovery (Audit meeting data in eDiscovery includes meeting chats).

  • Added support for Groups to be inspected for Webex

  • Added support for edited messages in eDiscovery.

  • Added support for inline file checking with Ethical Wall and DLP checking simultaneously.

CASB Messaging Business Logic (MessagingBL)

  • Merged with version 1.2.2.2.

  • Added support for multiple files in same message.

  • Added another condition while checking for recording.

  • When sending "ApproveAttachment" to file in terms of Webex, fixed sending the variable correctly.

  • Integrated Ethical Wall and DLP while checking real time files in Webex.

  • Added inspection of Ethical Wall file sharing on personal SharePoint sites (OneDrive).

  • Added support to identify recording type when inspecting call in Webex.

  • Added support to Users Refresh Cache process.

  • Added support to Reinspect user.