Bug fixes 2023.1

DriveLock 2023.1 is a major version.

This chapter contains information about issues that are fixed with DriveLock version 2023.1. Our External Issue numbers (EI) serve as references, where applicable.

	Application Control
EI-2381	Application Behavior Control did not recognize or blocked renaming and moving of files

	Operating system management
	If the Local users management mode setting in the Operating system management node under Local users and groups was set to Authoritative, users on the agent were not removed correctly, even if they were previously deleted in the policy.
EI-2466	Outgoing firewall connections were previously always logged as incoming connections. This issue is now fixed. DriveLock events 747 and 748 are now generated for outgoing connections.
EI-2438	If you create or update multiple local users at the same time, they will no longer all receive the same password.

	BitLocker Management
	The "DlFdeCmd.exe cryptstatus" command did not show the correct status for unencrypted drives when the Drivelock PBA for Bitlocker was installed.
	After upgrading BitLocker Management with DL-PBA, several exceptions were thrown and reported to the NT event log. This behavior is now fixed.
	BitLocker Management prevented blocking USB flash drives with unapproved or missing BitLocker company IDs by removing corresponding Windows policy settings.

	Defender Management
EI-2372	The day of the week set in the wizard for setting up scheduled scans was evaluated incorrectly and also displayed incorrectly in the DriveLock Management Console (DMC) outside the wizard (e.g. Wednesday set, but evaluated as Thursday).
EI-2343	If a file fails to be restored from the Defender quarantine and the reason is that the original directory where the file was moved to the quarantine no longer exists, the DMC now displays a corresponding error message.
EI-2333	If no media is inserted in the drive, no scan of the drive is triggered and thus no error message about a failed scan is displayed.

	Device Control
	It is now possible to disable the usage policy for drives that are not yet ready for use (e.g. SD card reader without SD card).

Reference	Disk Protection
	If third-party file filter drivers have been installed with DriveLock PBA or Disk Protection, in some cases the DriveLock EFS (Embedded File System) has not been checked and repaired (EFS Sanity).
	Not all partitions were encrypted immediately one after the other. This issue is now fixed.
	Occasionally, a DriveLock Agent update would deregister a service from the DriveLock PBA.

Reference	DriveLock Agent
EI-2121	If the agent remote control was configured to use HTTP only, the self-service did not work.
EI-2465	If the 'Allow remote access in Windows Firewall' setting was disabled, previously configured firewall rules for remote connections to the DriveLock Agent were no longer deleted.
EI-2006	When uninstalling DriveLock Agent, the data for accessing BitLocker-encrypted drives was mistakenly deleted.

Reference	DriveLock Enterprise Service (DES)
EI-2461	When installing a new linked DES, an existing configuration is now correctly recognized.
EI-2402	Fixed an error where the agent status could not be processed by the server if GPOs were used for configuration.

Reference	DriveLock Management Console (DMC)
	No agent action was generated after requesting a recovery key for BitLocker Management in the DMC, so the user was not prompted for a new BitLocker password on the client.
EI-2305	You could start the wizard to create a new tenant, even if the wizard determined that you were not authorized to do so. Without this permission, the wizard cannot be started at all now.

Reference	DriveLock Operations Center (DOC)
EI-2475	When you enter the code to offline unlock a computer in DOC, it may be necessary to enter 25 characters, but depending on the configuration, 15 characters may be sufficient. The error message "invalid code" falsely appeared after manually entering the first 15 characters of the code that was actually 25 characters long. Now the message appears generally until the sufficient number of characters has been entered or if the 15 or 25 character long code is invalid.

Reference

DriveLock Operations Center (DOC)

EI-2475

When you enter the code to offline unlock a computer in DOC, it may be necessary to enter 25 characters, but depending on the configuration, 15 characters may be sufficient. The error message "invalid code" falsely appeared after manually entering the first 15 characters of the code that was actually 25 characters long. Now the message appears generally until the sufficient number of characters has been entered or if the 15 or 25 character long code is invalid.

Reference	File Protection (FFE)
EI-2392	Fixed a bug where access to the Barco Clickshare button was denied.
EI-2471	The BSOD error that occurred when the user's SID could not be retrieved for a request (e.g. due to virtualization and redirection) has been fixed.
EI-2386	Fixed the bug where encrypting Office 365 Cloud files caused a bluescreen error in the "old FFE format".
	Restoring from a system restore point did not work with FFE. This is fixed.
	ReFs is not supported by the "old FFE format".
	Access control for users with read access did not work in the previous version 22.2.x when using the new format. This issue is fixed now.

Reference	Groups / Permissions
EI-2462	If there were too many group memberships, a user was prevented from logging in via SAML. Now the effective group memberships are filtered by the group-based role assignments. This requires users to log in again when changing role assignments.

Reference	Licenses
EI-2157	Fixed the issue related to activating the license using a proxy server. It is no longer necessary to enter a user.

Reference	Security Awareness
EI-2439	Security awareness campaigns created in the policy with a specified language were not necessarily displayed on the agent with the same language.
EI-2403	In the case of a security awareness campaign of type Test, the parameters of the event 'Test failed' were filled with 0 for correct/wrong answers respectively.
	Sometimes the type of a security awareness campaign in the security awareness library was specified as "unknown".
EI-2313	.NET Framework 4.7.2 is no longer a requirement for the agent, only for Security Awareness.

Reference	Pre-boot authentication
EI-2245	When requesting recovery data for PBA emergency logon in the DOC, there was no alternative certificate to select, so recovery was not possible in some cases.