Enterprise Recon 2.0.27

ER 2.0.27 Release Notes

Highlights

Two-factor Authentication (2FA)

ER2 introduces Two-factor Authentication (2FA) as an added layer of security for users signing in to the Web Console. 2FA can be enforced for all users, or be enabled for individual user accounts

For more information, see the Two-factor Authentication (2FA) documentation.

Advanced Match Display Filter

ER2 has a new Advanced Display Filtering feature to provide multiple different views of where sensitive data was found across your organization after scans are complete. By enabling this to occur post-scan, ER2 now offers far greater flexibility for isolating unique sensitive data storage scenarios. This will be particularly useful when reviewing a large number of results.

With the Advanced Filter, you have the ability to isolate files that contain a specific combination of data types that may constitute personally identifiable information (PII). For example, you can define a rule against a large set of results to isolate locations that contain all of the following PII elements: (i) a name, (ii) a Visa or Amex or Mastercard, (iii) an address, and (iv) a date of birth.

For more information, see the Advanced Filters documentation.

New Data Types

A significant number of data types have been added in this release. These data types are focused on South Korean Banks, Norwegian identification numbers and demographic information pertaining to personally identifiable information (PII).

For more information, see the Changelog below.

Changelog

New Features

  • New Data Type: Date of Birth (under 18).
  • New Data Type: Religion.
  • New Data Type: Gender.
  • New Data Type: South Korean Shinhan Bank (신한은행) account number.
  • New Data Type: South Korean Gwangju Bank(광주은행) account number.
  • New Data Type: South Korean Jeju Bank (제주은행) account number.
  • New Data Type: South Korean Jeonbuk Bank (전북은행) account number.
  • New Data Type: Norwegian driver’s license number.
  • New Data Type: Norwegian passport number.
  • Added: Advanced Filter feature for ability to filter match locations with specific combinations of matched data types.
  • Added: You can now view the Scan History page of any Target or individual Target location within the live results display. Previously this information was exclusively viewable from reports.
  • Added: Ability to enable and enforce Two-factor Authentication for ER2 users when signing in on the Web Console.
  • Added: Ability to specify a specific partition to scan on IBM/Lotus Notes targets.

Enhancements

  • Improved Data Type: People's Republic of China national ID.
  • Improved Data Type: South Korean RRN and South Korean Foreigner Number.
  • Improved: Secure delete remediation has been updated from a 1 pass overwrite approach to support a 3 pass overwrite approach.
  • Improved: Updated SSH Library to support the diffie-hellman-group-exchange-sha256 key exchange algorithm along with HMAC-SHA-256 and HMAC-SHA-512 MAC hashes.
  • Improved: Ability to search across the entire Data Type repository when constructing a new Data Type Profile.
  • Improved: Ability to specify path when scanning Azure Queues and Tables.
  • Improved: Clearer messaging in scan notification emails.
  • Improved: IBM Notes scan results now displays the Note ID of each match location for improved cross referencing.
  • Improved: You can now use macOS Proxy Agents to scan IMAP/IMAPS mailboxes.
  • Improved: Scans stopped by users are now shown as "Scan stopped" instead of "Critical Error".
  • Improved: Clearer error message is displayed when Agent host has insufficient disk space for scan to start.
  • Improved: Minor UI updates.

Bug Fixes

  • Fixed: Issue where Agent failure occurs if too many concurrent scans are assigned to it.
  • Fixed: Issue where cardholder data in PowerPoint 2003 documents were not properly detected.
  • Fixed: Issue where some cardholder data type scenarios did not match if immediately followed by an expiry date using certain types of separators.
  • Fixed: Issue where an incorrect scan time is displayed in email notifications.
  • Fixed: Issue where scanning very large BOX accounts would cause a "HTTP 429" error.
  • Fixed: Issue where when upgrading an RPM-based Linux Agent, the terminal would warn that that the symbolic link for "/etc/init.d/er2-agent" exists.
  • Fixed: Issue where scanning Amazon S3 Buckets would stall or be stuck at "Processing Events" stage.
  • Fixed: Data masking limit issues when a file contains more than 10,000 matches.
  • Fixed: Issue where location exclusion filters containing the "+" character would cause a scanning engine failure.
  • Fixed: Issue where scanning certain types of PDFs with OCR enabled would generate an error.
  • Fixed: Issue where UI would generate a failure and restart when viewing blocked agents.
  • Fixed: Issue where scheduled monthly scans did not function properly if modified after the first scan.
  • Fixed: Issue where probing Google targets would take a long time.
  • Fixed: Issue where email notifications and alerts for recurring scans were not generated after the first scan completes.
  • Fixed: Issue where invalid custom data type expressions caused scans to fail. Validity of custom data types are now verified by default when they are created or updated.
  • Fixed: Issue where an invalid database path name can be added as a scan location, causing scans to fail with the error "No tables could be found in target database".
  • Fixed: Issue where files larger than 4GB generated scanning errors on Cloud targets.
  • Fixed: Issue where scanning of certain MySQL databases would stall.
  • Fixed: Issue with Stop Remediation button.
  • Fixed: Issue where child domains could not be added as Exchange Domain Targets.
  • Fixed: Issue where database scans would become stuck on a blob if the containing table uses composite keys.
  • Fixed: Issue where users could not select a different Proxy Agent for new OneDrive locations.
  • Fixed: Issue where dBase files generated by certain sources would be incorrectly recognized and decoded as a text file.
  • Fixed: Issue where marking an email address as a false positive and excluding it from future scans would not generate the correct pattern to exclude.
  • Fixed: Issue where negative numbers in spreadsheets would be incorrectly detected as a bank account data type.
  • Fixed: Issue where certain Office 2010 documents would not be scanned properly.
  • Fixed: Issue with Group Report feature enabling summarised information to be included for a user with permissions to only a specific Target in the same group.
  • Fixed: Issue where Greek characters were not being properly detected in certain types of PDFs.
  • Fixed: Issue where stopping in-progress remediation would cause the UI to continuously refresh for a period.
  • Fixed: Issue where scanning a PostgreSQL database containing blobs would cause high memory usage by the Agent.
  • Fixed: Issue where an Agent disconnecting in a particular situation would send an error message saying the datastore has failed.
  • Fixed: Issue where Exchange scans would stall when scanning a large number of mailboxes.

Features that require Agent Upgrades

Agents do not need to be upgraded along with the Master Server, unless you require the following features in ER 2.0.27:

  • Fix for issue where Agent failure occurs if too many concurrent scans are assigned to it.
  • Fix for issue where an incorrect scan time is displayed in email notifications.
  • Fix for issue where when upgrading an RPM-based Linux Agent, the terminal would warn that that the symbolic link for "/etc/init.d/er2-agent" exists.
  • Fix for issue where scanning a PostgreSQL database containing blobs would cause high memory usage by the Agent.
  • Fix for issue where incorrect error message is displayed when Agent host has insufficient disk space for scan to start.

For a table of all features that require an Agent upgrade, see Agent Upgrade.