Request a demo

   Enterprise Recon 2.15.0

Download ER 2.15.0 User Guide (PDF)

ER 2.15.0 Release Notes

The Release Notes provide information about new features, platforms, data types, enhancements, bug fixes and all the changes that have gone into Enterprise Recon 2.15.0.

For a quick view of the changes since the last Enterprise Recon release, see Summary of Changes.

Contents:

  1. Highlights

  2. Important Notes
  3. Enterprise Recon 2.15.0 Changelog
  4. Features That Require Agent Upgrades

New and Improved Features

Enhanced Optical Character Recognition Discovery

NEW Enterprise Recon 2.15.0 introduces powerful upgrades to Optical Character Recognition (OCR) feature, enabling organizations to uncover sensitive data trapped within images with greater precision and flexibility. Upgrades include:

  • Performance-driven OCR modes. Users can choose between two OCR processing modes (i.e., balanced or high accuracy) to match their specific needs.
  • Pre-installed language support. English (default), Turkish, Chinese (Simplified & Traditional), Arabic, Korean, Japanese, Portuguese, and Spanish languages are pre-installed and ready for use upon upgrade to ER 2.15.0. User may install additional languages manually, if needed.
  • Agentless scan support. OCR feature is supported in agentless scans across supported OSes (AIX, FreeBSD, Solaris, Windows, Linux, and macOS).
  • Advanced image handling. OCR feature comes with image rotation support in 90-degree increments (90°, 180°, and 270°), allowing sensitive data in misaligned or rotated images to be captured.

The updated OCR feature replaces the previous OCR settings found under individual Data Type Profiles in earlier versions of ER2. To ensure immediate continuity for existing users, any existing scheduled or recurring scans with OCR enabled will retain their “Enabled” status post-upgrade. Impacted scans will automatically default to the “Balanced” mode using the default English language-trained model.

For more information, see Start a Scan - Advanced Options.

New Platform Integrations

Scan and Remediate macOS Tahoe

NEW With Enterprise Recon 2.15.0, you can now scan macOS 26 Tahoe desktop and workstations.

The newly added macOS Target platform support scanning (local scan, agentless scan, and remote scan via SSH), remediation, access control actions, and reporting features.

An Agent Upgrade is required to scan macOS Tahoe 26 Targets.

New and Improved Data Types

Secure Indian PAN & GSTIN (PII)

NEW Organizations operating in or with the Indian market frequently encounter the Indian Permanent Account Numbers (Indian PAN) and Indian Goods and Services Tax Identification Number (Indian GSTIN) data in high volumes. The PAN is a 10-digit identifier for tax and financial duties, while the GSTIN is a 15-digit digital identity for GST-registered businesses. Because GSTINs contain a business’s PAN, these two sensitive data often appear together in logs, financial statements, and digital systems.

In ER 2.15.0, the new Indian Permanent Account Number data type can detect and remediate unsecured Indian PANs, while the new Indian Goods and Services Tax Identification Number data type can detect and remediate unsecured Indian GSTIN.

Expand Driver License Number Support

NEW Enterprise Recon 2.15.0 also brings extended coverage for driver’s license numbers with the addition of the New Zealand Driver License Number data type. This new data type can detect unsecured New Zealand driver’s license numbers issued by the Waka Kotahi NZ Transport Agency.

Enhance Existing Data Types

The following data types have also been updated in Enterprise Recon 2.15.0:

  • The Spanish Social Security Number data type can now detect Spanish SSN with running numbers beginning with “0”. Selecting “Robust Search” or “Relaxed Search” for the scan is now supported.
  • The Croatian OIB data type can now detect Personal Identification Numbers that begin with “0”.
  • The Indonesian NIK data type has an enhanced “Robust Search” for detecting Indonesian National Identification Number.
  • Diners Club cardholder data type now specifically identifies 14-digit PANs for Diners Club supported BIN ranges.

Early Access

The Early Access stage allows Ground Labs to collect a round of usability and performance feedback before a feature is made generally available.

If you would like to request access to any of the Early Access features, please get in touch with the Ground Labs Support Team for assistance.

Early Access Features

  • Apache Hive - Enables sensitive data discovery on Apache Hive (and Cloudera Hive) database Targets.

Important Notes

CRITICAL: One Way Upgrade to Enterprise Recon 2.15.0

Certain data sets, storage formats and components for the Master Server have been updated in Enterprise Recon 2.15.0. Therefore once the Master Server is updated from Enterprise Recon 2.14.0 (and below) to ER 2.15.0, the datastore is not backward compatible and downgrading ER 2.15.0 to an earlier version is not supported.
Please contact the Ground Labs Support Team for assistance with upgrading the Master Server.

CRITICAL: End of Support for CentOS 7 Master Server

Master Server installations with CentOS 7 as the base operating system are no longer supported in Enterprise Recon 2.15.0. Consequently, upgrading a CentOS 7-based Master Server to version 2.15.0 through an online update is no longer possible.

If you have existing installations of CentOS 7-based Master Server, create a backup of your Master Server datastore and datastore configuration file, and migrate to Enterprise Recon on the new operating systems to continue receiving support for new features and product updates.

See How To Install the Master Server Appliance (from ISO) or How To Install the Master Server on RHEL 8 and 9 (from RPM).

End-of-Support Platforms and Features in Enterprise Recon 2.15.0

The following platforms and/or features have reached end of support in Enterprise Recon:

  • macOS Workstation Targets
    • macOS 13 Ventura
  • Database Targets
    • Microsoft SQL Server 2012
    • PostgreSQL 15 and older

Upcoming End-of-Support Platforms and Features

The following platforms and/or features will reach end of support and be removed in a future Enterprise Recon release:

Changelog

The Changelog is a complete list of all the changes in Enterprise Recon 2.15.0.

What’s New?

  • New Data Types
    • NEW Indian Permanent Account Number
    • NEW Indian Goods and Services Tax Identification Number
    • NEW New Zealand Driver License Number

Enhancements

  • Improved Features:

    • Enforced more stringent password complexity requirements for ER2 master server logins via the Enterprise Recon Web UI and API to increase application security. Upon the first login via the Enterprise Recon Web UI following the ER 2.15.0 upgrade, impacted users are prompted to update their password.
    • Minor UI enhancements.

Bug Fixes

  • Improved the reliability of the remediation workflow for OneDrive and SharePoint Online Graph API targets. This fix prevents common synchronization errors when masking the impacted cloud Targets.
  • In certain scenarios, the Web UI would generate a failure and restart when accessing the username > My Account page.
  • Active Directory-imported ER2 user accounts could not save changes to their user account details nor enable two-factor authentication (2FA) if the value of the “Full Name” field contains non-Latin characters and/or UTF-8 symbols and space. This fix adds support for user account full names with UTF-8 symbols and international characters sets such as in Arabic/Persian, Chinese, Cyrillic, Extended Latin, Hindi, Japanese, Korean, and Vietnamese
  • Scanning folders that contained special characters in the folder name would result in the “Invalid Value” error for Google Drive Targets.
  • In certain scenarios, scanning SharePoint Online Graph API Targets authenticated using client certificates would sometimes result in the “Authentication did not succeed” error for some locations and be logged as inaccessible locations.
  • In certain scenarios, scanning Oracle Database Targets would result in errors where (i) some tables containing BLOB or CLOB data could not be scanned successfully and would be logged as inaccessible locations, (ii) some tables that could not be scanned were also not logged as inaccessible locations, or (iii) some tables with primary keys were intermittently skipped during the scan process.
  • File contents within ZIP (.zip) archives were incorrectly reported as “hidden” on the Investigate page if the archives used the ZIP64 format extension. This fix improves handling of the ZIP64 format.
  • The resulting tombstone file after performing quarantine remedial action via API contained the system default content instead of the configured custom content.
  • Shared Drives and personal drives target locations in Google Workspace Targets were not properly excluded from scans even though the “Exclude location by suffix” and/or “Exclude locations by expression” global filters were applied.
  • Cardholder data containing non-breaking spaces or en/em dash separators were not properly detected.

Features That Require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in Enterprise Recon 2.15.0:

  • You can now scan macOS Tahoe 26 Targets. Requires macOS Agents.

For a table of all features that require an Agent upgrade, see Agent Upgrade.

Ensuring we are delivering the best technology for our customers is a core value at Ground Labs. If you are interested in future early builds of Enterprise Recon with forthcoming features, please email your interest to product@groundlabs.com.