SphereShield Package v4.9.9.1 Release Notes
Release date: Sep 21, 2022
System Main Components Versions:
Admin Portal 5.6.16.2 (new)
Infra 5.6.16.1 (new)
Ethical Wall Engine 5.6.0.2 (new)
Maintenance Service 6.3.0 (new)
ADSync Adapter 1.3.0
Service Agent 1.6.2
Bastion 2.0.6.2 (new)
Teams Protector 1.5.0.0 (new)
Internal Services API 1.2.4 (new)
CASB Adapter 3.3.6 (new)
CASB MS Office Application 1.3.5.6 (new)
CASB SharePoint Application 1.0.3.3 (new)
CASB Webex Teams Application 1.2.0.1 (new)
CASB Messaging BL 1.2.3.2 (new)
CASB Common 1.2.6.1 (new)
Infra 5.6.16.1 (new)
DLP Interface 1.5.1
Teams Bot 4.0.3.5
Asana Provider 1.0.1-rc1
Compliance App 1.0.2 (new)
Installer 1.7.5.5
Known Issues & Limitations
Channel Management
Applies to previous versions as well
Private Channel operations periodically need to be repeated, due to an open issue with Microsoft’s Graph API
Teams Protector
Applies to previous versions as well
Incoming Screen Sharing from external users is sometimes not filtered
When exclusively in Proxy mode (without the Adapter) and external users are blocked from sending messages to internal users, this is sometimes not accurately audited
Teams for Webex Webhooks
Webex has dropped support for Webhooks for Call Memberships
Call Membership Webhooks are not supported
Messaging Webhooks supports files. Message Blocking is still supported through polling.
Admin Portal
The Maintenance Service may only be restarted via Windows, not in the Sphereshield Admin Portal
Main Changes
Microsoft Teams Compliance
Fix for blocking external messages in Proxy mode
Fixed the ability to block incoming communication from external users. Sphereshield now blocks messages from an external user to an internal user.
PAC file, certificate and Bastion XML must be updated to support Web Socket functionality for incoming messages. See here: https://agatsoftware.atlassian.net/wiki/spaces/SKYP/pages/2725937410/Special+Releases+-+Extra+Instructions#1.4.0.0---Websocket-Notifications
This version or higher is required to filter incoming messages
Webex
Support for Webex Meeting Webhooks
Ability to block Webex audio and video meetings, recording meetings, eDiscovery for Meetings, etc
Microsoft Teams Channel Management
Private channels: Support for handling Wiki tabs
Shared channels: Support for Shared Channels
Compliance App
The SphereShield Compliance App is an Azure App which provides capabilities for the CASB API Adapter to use the user Teams & Graph Token.
This can be used to update user messages for both the sender and recipient
Without the compliance app, the API is limited to deleting the message only on the recipient side
With the compliance app, Sphereshield can edit sender messages even if a chat has started externally
For more information, including setup and installation: SphereShield Compliance App Information
eDiscovery
Several improvements to eDiscovery
Added ability to archive eDiscovery sessions with a third party vendor
Added support for multiple files per message
Added support for edited messages
Ethical Wall
Added option to reinspect user’s AD groups and policies without restarting the CASB API Adapter and Bastion Proxy.
Components Release Notes
Admin Portal
Fixed link to download files from eDiscovery
Fixed export and restore Channel Management operations
Added a general disclaimer in Channel Management portal page
Channel Management: added a limit to 3 simultaneous actions
Changed Webex cloud service integration description
Added alert in eDiscovery settings page if SMTP is not set
Added Last Updated column to Channel Management auditing table
eDiscovery - Added support for edited messages in MS Teams
eDiscovery Archiving
New page: eDiscovery Archiving Integration Auditing
New setting: Enable eDiscovery archiving integration
New setting: email address for sending eDiscovery content
New setting eDiscovery Archiving frequency (min)
New setting: eDiscovery archiving Provider
New table: eDiscovery Archiving Integration Auditing
New setting: Archiving Email Max Size (MB)
New setting: Archiving Email Max messages
Channel Management: added icon for shared channel
Applied changes in eDiscovery message with multiple files
Changed eDiscovery dashboard icon
Channel Management failed operation message
Support for AWS SMTP Service (SES)
Service Usage Report - Added checkbox in advanced search in Cloud Sessions page "Show Only Unique Users Per Day"
If selected, only one row per user per day will appear in the table (the last row of that user for that day).Added dropdown to Activity Type in Ethical Wall Activity Auditing
Added Compliance App status to the internal users list
Added recording in Ethical Wall for API in Webex deployment
Updated eDiscovery tooltip in settings
Removed values from conversation type search in eDiscovery
Added search in eDiscovery by conversation scope
Added search in eDiscovery by session title
Webex portal settings - added “Groups to be inspected” and “External Webhook site URL” settings.
Added settings to delete communication from eDiscovery after a configurable amount of time
Added settings to configure Compliance App in Cloud Services Integration page
Fixed eDiscovery icons
Fixed eDiscovery description
Fixed Logs and Settings explanation
Added option to show media records in eDiscovery
Maintenance Service (MNTS)
Added Archiving Integration option to eDiscovery
Added process to remove old rows from the USERS_REFRESH_CACHE table
Internal Services API (ISA)
Implemented use of Ethical Wall Engine 5.6.0.2
Ethical Wall Policy Engine
Fixed fetching Active Directory groups
Bastion
Fixed a bug where adding trouter.teams.microsoft.com to bastion.xml hosts and passthrough as well to the PAC file, the client had connectivity problems (shows “reconnecting…”).
Teams Protector
Update for code injection to support new MS Teams clients being rolled out. Update required to continue monitoring which users have been added or removed from meetings.
Fix for backend CDN server.
Profile based cache now supports UPN based rules too.
Hourly cache reset now clears legacy EW policy cache too.
Option to change log setting on the fly by sending an http request (if relevant contact Support).
Health check no longer checks internet connectivity via forward proxy.
PAC file, certificate and Bastion XML must be updated to support Web Socket functionality for incoming messages. See here: https://agatsoftware.atlassian.net/wiki/spaces/SKYP/pages/2725937410/Special+Releases+-+Extra+Instructions#1.4.0.0---Websocket-Notifications
This version or higher is required to filter incoming messages.
Web Socket functionality for filtering incoming messages.
Fix for bug introduced in 1.3.0.0 where conversation participants weren’t always recognized correctly, causing actions to be permitted when they should have been blocked.
Fix for P2P auditing message where sender was sometimes specified as recipient.
Fix for P2P auditing message where policy for profile was previously cached.
CASB API Adapter
Created a setting in the Adapter config to set how often to delete cloud content.
Changed name of blocked space governance policy.
Added setting WriteWarningInLogWhenLastEventOlderThan in Adapter Config.
Change "FetchFromAPIBackupEnabled" to true by default for Webex messaging.
MS Office Application
Added support for Wiki tabs in private channels.
Added support for shared channels.
Added notification to ask the user to add a Wiki tab to a public channel in Channel Management.
Added more details in auditing about the size of a channel.
Fixed a misleading and incorrect pop-up message.
Fixed grammar in Channel Management logs
Added support for large files download
Added process to always add compliance user as an owner to private channel.
Increased retry from 5 to 15 when checking if wiki exists.
Improved Channel Management auditing.
Limited archiving operations to one at a time, and no more than 3 processes at a time in general in Channel Management.
Fixed instances when "Please try again later" message appears.
SharePoint Application
Added support for CASB Common 1.2.6.1
Webex Teams (Spark) Application
Added support for meeting participants control (Ethical Wall for joining participants to PMR and schedule meetings).
Support recording control (Ethical Wall on recording in meeting, to enable this: set Enable Webex Recording Control to Yes in Ethical Wall settings via the Portal)
Added support for Webex Meetings in eDiscovery (Audit meeting data in eDiscovery includes meeting chats).
Added support for Groups to be inspected for Webex
Added support for edited messages in eDiscovery.
Added support for inline file checking with Ethical Wall and DLP checking simultaneously.
CASB Messaging Business Logic (MessagingBL)
Merged with version 1.2.2.2.
Added support for multiple files in same message.
Added another condition while checking for recording.
When sending "ApproveAttachment" to file in terms of Webex, fixed sending the variable correctly.
Integrated Ethical Wall and DLP while checking real time files in Webex.
Added inspection of Ethical Wall file sharing on personal SharePoint sites (OneDrive).
Added support to identify recording type when inspecting call in Webex.
Added support to Users Refresh Cache process.
Added support to Reinspect user.