Improvements and changes

New features

  • USB drive control for Mac operating systems

    DriveLock has added the macOS platform to its supported operating systems. This also allows externally connected USB drives to be locked or unlocked under macOS Catalina, Big Sur, Monterey and Ventura. The DriveLock Agent is available for computers equipped with Intel chips and also for Apple's ARM architecture.

    The macOS agent is available on request. Please contact your DriveLock sales partner.

  • Application Control in DOC

    It is now much easier to unlock applications from within the DOC by using application rules. The inventory view has also been enhanced, making it easier to see when certain applications were last used, for example, and on how many computers they are installed.

  • File Protection

    DriveLock introduces a new File & Folder Encryption format for operating systems Windows 10 and later. Please note the information in the Updating DriveLock components chapter. For new customers, this new encryption is the standard. However, customers who have already set up encrypted directories can continue to use the previous encryption with this version.

  • Masking of personal and computer-related data (data masking/pseudonymization)

    In the DOC, you can now pseudonymize/mask computer and user names as key personal data records so that it is no longer possible to draw direct conclusions about a specific person or their behavior.

    The key functions are:

    • Enabling and disabling data masking for a tenant's environment

    • Configuring permissions allowing to change data masking settings

    • Configuring authorized persons who are allowed to see data in plain text

    • Configuring the authorized persons who are allowed to approve a request for plain text display

    • Plain text display is possible on the basis of an assigned permission, after the request has been approved by another DOC user, or after any other person has entered a special approval code

    • Selecting specific events where data will be masked in all occasions or never.

  • Audit events

    Special audit events now indicate changes that affect or could affect the security of the environment. The DOC provides an additional filter for audit events, allowing all changes to safety-related settings to be fully tracked.

Improvements

Agent remote control

  • Agent remote control now only uses HTTPS as default.

Anonymous data

  • Anonymous data / data masking: In previous versions, computer and user names as a key attribute of personal data were masked by encrypting event information before it was transferred to the DriveLock Enterprise Service. These encrypted records were then available for decryption in the DriveLock Control Center after being loaded from the DES, provided the correct certificates were available. Going forward, DriveLock will no longer provide this encryption of events, but instead will integrate data masking completely into the DOC.

Database

  • In the database installation wizard, you are now able to optionally activate a data conversion after an update.

DriveLock Enterprise Service (DES)

  • Several stored procedures for deleting old data have been added to the database maintenance. Please adjust the database maintenance steps you configured manually. For information on this topic, please refer to our "Database Guide" among the technical articles on DriveLock Online Help. (Reference EI-2222)

DriveLock Operations Center (DOC)

  • Certificates can now be stored and used in the DOC to generate offline unlock response codes.

  • A new standard dashboard with agent rollout information is available

  • The DriveLock DOC Companion can now be deployed and installed as a separate installation package. This facilitates rollout in larger system environments and release processes.

  • Logging on to the DOC is now also possible via the integrated Windows logon (Active Directory user) - eliminating the need for an additional user login process.

  • The DOC now displays the current online status in the computer views. This gives the administrator additional information on whether a computer can currently be contacted for online unlocking or remote agent connection.

  • This version also includes further usability improvements in the DOC and has incorporated customer feedback:

    • List column widths are now maintained in most grid views when manually adjusted

    • Users can now specify their preferred view when calling a menu item for the first time

    • When deleting computers from the DOC, existing recovery information is now still stored in the database unless explicitly deleted

    • In addition to the existing installation methods, a download link is now also available for cloud environments, which can be distributed within the company via e-mail, for example.

DriveLock PBA

  • BIOS Pre-Boot Authentication: As of version 2022.2, BIOS PBA is no longer supported and removed from the product scope. This makes DriveLock 2021.2 the last version with an update to DriveLock legacy BIOS pre-boot authentication.

    When you install a version 2022.2 agent, the system checks whether there is an active legacy BIOS PBA on the system. If this is the case, the agent will no longer be updated or installed.

  • The DriveLock PBA can now be deactivated until the first Windows login by a user, who will then be synchronized into the PBA accounts (auto-logon mode).

DriveLock Policy Editor

  • Stringlist properties within DriveLock policies can now also be created in additive mode, meaning that a stringlist from an assigned policy does not overwrite the values of the same property from another assigned property, but only adds to them. It is possible to import/export multiple lines via copy & paste.

Events

  • An administrator can now configure which events are to be ignored when forwarding events centrally from the DES to a syslog service or via SMTP. This allows unwanted events to be filtered out in the target system In addition, individual events from the DES can now be forwarded to any SYSLOG destination.

  • The stored procedures for deleting old events have been modified. For details, see the DriveLock Database Guide in the Technical Articles section of DriveLock Online Help.

  • The agent now reports third party events that occurred while the agent was not running.

  • In the Policy Editor, the EDR node has been renamed to Events and Alerts.

Firewall management

  • Firewall rules may now be easily read from an existing system via agent remote control and applied to a policy. (Reference EI-1765)

  • Firewall rules may now include any setting options that can also be modified via Powershell commands.

  • The Firewall Management component can now be completely disabled even if a license is present on a DriveLock Agent.

Group management

  • The Groups node has been completely removed from the DriveLock Management Console (DMC). Groups can now be fully managed or created in the DOC. (Reference EI-2178)

  • When you add group members, you can now also add a comment, like the number of an internal support ticket. This allows administrators to document the reason for making the change.

  • Now, you can create dynamic groups based on additional information, such as hardware product ID or computer vendor and other AD properties.

Installation

  • This version reduces the size of the DriveLock Agent installation file by more than 20%, allowing for faster and more efficient software distribution.

  • In addition to the existing installation methods, a download link is now also available for cloud environments, which can be distributed within the company via e-mail, for example.

Licenses

  • Trial licenses are now only available through your DriveLock sales partner and are no longer automatically shipped with the product. (Reference EI-2123)

  • EDR or Risk & Compliance functionality no longer needs to be licensed separately as of 2022.2.

  • Application Control licenses are now listed as one single combined entry rather than listed separately.

  • User licenses have been added to the license display in the DOC.

Network

  • The option to select custom network connections in the DriveLock Agent UI and in the network connection tray icon has been removed.

Security Awareness

  • Security Awareness packages with version 22.2 are only delivered to current agents with version 22.2 and newer to ensure compatibility.

  • There is a new version of Security Awareness campaigns.