What's new in version 2024.1?

The bug fixes in version 2024.1 can be found in in the release notes.

The bug fixes in our current patch version can be found here.

Please note that some issues may cause a change in product behavior when you install the update. Before updating, make sure to check your settings to see if your existing environment is affected. The issues are labeled with the following icon

Below you will find our latest Improvements and changes.

The major version 2024.1 has the following new features for you:

Editing policies in the DOC

• An increasing amount of functionality is being moved from the DriveLock Management Console (DMC) to the Drivelock Operations Center (DOC). This includes being able to edit not just one policy, but several policies directly from the DOC. Policies can also be limited to certain features ( for example, only to Application Control). When you edit rules in the DOC, you can select the policy you want to save the rules in.

Settings for server and tenant management in DOC

• The settings for servers and tenants, plus some global settings, are now managed via the DOC.

New security awareness functions and display options

• Improved display of campaign assessments with the option to switch between a card and list view, plus new filter options, e.g. display of progress and campaign participants

• New widgets on the security awareness dashboard, e.g. display of the campaign status, number of currently running campaigns or display of the history of the last campaigns.

• New option for creating security awareness reports

macOS Agent

• The Package Installer (*.pkg format) can now be used for software distribution.

• Encrypted containers can now be created under macOS with the Mobile Encryption Application (MEA). Only FAT and exFAT can be used as the file system format.

Container encryption / Mobile Encryption Application (MEA)

• The MEA now supports exFAT formatted containers for read and write access on all supported operating systems (Windows, macOS and Linux)

Unlock request now available in the DOC

• A new context menu command on the DriveLock Agent now makes it easy to unlock locked devices and drives. These unlock requests can be processed immediately in the DOC and the unblocked devices/drives can be added to a corresponding policy.

Centrally managed folders in the DOC

• You can now use the File Protection functionality to create and edit centrally managed folders and add and create File Protection users in the DOC.

New start dashboard, new widgets and extended view options in the DOC

• When the DOC is opened for the first time, only a single "HOME" dashboard is now created automatically. All other dashboards must be added manually. There is also a range of new widgets that provide an even better overview.

• When displaying the assessments of security awareness campaigns and centrally managed folders, you can switch between a list and card view. Cards offer a better overview in some cases.

IGEL app for Linux

• The DriveLock Agent for IGEL OS 12 will be available for download from version 2024.1 in the IGEL App Portal.

Telemetry data

• DriveLock collects usage data (telemetry data) and sends it to a central database in order to optimize the system. As of this version, this behavior is automatically activated. It can be deactivated manually as required.

Improvements and changes

AD inventory

• It is now possible to automate the collection of AD inventory data.

Updating the application inventory is no longer possible

• The manual update of the application inventory is no longer possible and has been removed from the DMC context menu of DriveLock or the DriveLock Enterprise Service.

Application Control

• The setting Predictive whitelisting based on digital signatures is now disabled by default. This results in different behavior of old and new agents if the setting is not explicitly specified.

Reports in the DOC

• New option to remove data masking in reports allows plain text display of masked data.

• A new role permission allows taking over reports from other user accounts.

Device Control

• COM and LPT ports (serial and parallel interfaces) are no longer blocked by default from this version onwards.

  Please note that this is a change in behavior. If you wish to retain the previous behavior after the update, configure the corresponding settings manually (preferably before the update).

• Custom device classes can now be configured in the DOC; these can also be used to control device classes that are not supported by DriveLock 'out-of-the-box'. For example, COM and LPT ports can be blocked as devices very easily by creating a custom class for them. (Reference EI-2643)

• Device collections can now be created containing devices of several device classes. However, you can only use them with agents of version 24.1 or higher.

The device scanner functionality is no longer available

• It is no longer possible to use the device scanner database. The corresponding menu command has been removed from the user interface. When creating a whitelist rule, you can no longer access the device scanner database. (Reference EI-2725)

DriveLock Agent

• The default behavior for updating the DriveLock Agent has been changed so that the agent is now only updated automatically if this is explicitly set in the policy.

Settings for the DriveLock Enterprise Service (DES)

• Of the settings for the DES, only the option to transfer license files to the DES remains in the DMC.

• The option to enable or disable debug tracing has been removed from the server context menu of the DMC and is now available in the DOC.

Events

• To be able to match the policy IDs better, the policy ID is now preceded by "<tenant>#" so that the result is unequal when filtering the policy ID parameter in the events by comparing it with the policy ID. You can either change the operator in the filter definition from "=" to "contains" or change the comparison string to "<tenant>#<policy ID>".

• From now on, there is a separate event for the usage policy if it is based on the usage of a device and not a drive. The new events have the event IDs 777 and 778. The previous events 252 and 253 are now only generated for drives.

• New events will now be triggered when portable devices are blocked or allowed. These have the event IDs 775 and 776. The previous event IDs 129 and 130 are now only generated for other (non-portable) devices.

File Protection

• Decrypting a folder encrypted with "old format" which is executed on an agent with "new format" is now prevented.

• Company certificates are no longer used with centrally managed folders.

Drive and device activities in the DOC

• A history of the corresponding activities of drives and devices is now displayed in the Detail view in the DOC.

macOS Mobile Encryption Application (MEA)

• DriveLock MEA for macOS has been improved in various areas (e.g. drag & drop functionality in the user interface, keychain integration).

Navigation view in the DOC

• The navigation view must now be activated manually on the Events tab in the Security Controls.

Policies

• Starting with version 2024.1, an agent configuration with a fixed policy can no longer be used if the agent has an older version. In this mode (agent configuration option 'Ignore policy assignments, use fixed policy'), an agent is configured to use only a single fixed policy. This approach is outdated; we recommend not to use it. Instead, we suggest assigning policies in combination with DriveLock groups, as this allows for a much more powerful and flexible configuration.

• When exporting the policy configuration that uses the new policy format, the export now uses the new export format by default. The new export format is supported since version 2023.2.

Improved vulnerability scan

• The performance of the vulnerability scan has been significantly improved.